Welcome to the Timestamping developer portal !

Overview

If you want to prove the exact date and the data integrity of your important documents, Timestamping is the way to go!

Vaultinum provides an API that allows you to automate your timestamping process directly through your own application!
Thanks to Vaultinum certified timestamping service, you can rest assured to create unforgeable proofs with a legal value recognized throughout Europe, in accordance with eIDAS regulation.

The Timestamping API allows your platform to timestamp any kind of document by creating timestamp token from our timestamp authority service certified by Vaultinum. Taking the form of a digital seal, the timestamp token provides irrefutable proof of the existence of your document at a specific date and time, but also of its integrity since that date.

Our service is compliant with RFC 3161 and RFC 5813.

Timestamping REST API v1.0

Download OpenAPI specification | Terms of Service | Contact

The Timestamping API allows you to create timestamp tokens certified by Vaultinum. Thanks to its API, our Timestamping service can be easily integrated in your own application. The API is the fastest way to automate your timestamping process for all your needs.

This API can be called with an API key set in the HTTP request header. An account must be created beforehand in order to obtain the API key (see Getting Started section).

Features

Getting timestamp token from a hash using the RFC 3161 native protocol
Getting timestamp token from a hash
Getting timestamp token from multiple hashes (coming soon)

API integration

We provide an SDK to make it easy to timestamp on our platform: Vaultinum Timestamping SDK

The API accepts hashes of your document to be timestamped as RFC 3161 request files. To create these files, you can use one of the following libraries, depending on the language you are using.

NPM:

Python:

Java:

Bouncy Castle

Go:

digitorus/timestamp

Getting Started

In order to use the Timestamping API, you have to create an account on the Vaultinum Website.

If you ever feel lost, feel free to reach us through the contact form

Once you are logged into the Vaultinum portal, you can create API Keys in the Account settings menu. Make sure to copy the API keys you generate because you won't see them afterwards.

With your API key ready, you can call the timestamping service to create trusted timestamps. To do so, you can either use the "pure" RFC3161 API or the equivalent one based on JSON documents.

In the following commands, replace:

VAULTINUM_ENVIRONMENT_URL with the URL of the environment you want to use
YOUR_API_KEY with the API key you created earlier
YOUR_FILE_HASH with the hash of the file you want to timestamp, if you are using the JSON API

Using JSON documents

The JSON API is meant to simplify the creation of timestamp tokens. It is based on the RFC3161 protocol but uses JSON documents instead of binary files. At the very minimum, you can send the hash of the file you want to timestamp alongside with the algorithm used.

Example:


    
  curl -v -X POST https://VAULTINUM_ENVIRONMENT_URL/v1/timestamp/request \

  -H "Accept: application/json" \

  -H "Authorization: Bearer YOUR_API_KEY" \

  -H "Content-Type: application/json" \

  -d '{"hashedMessage": "YOUR_FILE_SHA512_HASH", "hashAlgorithm": "SHA512"}'

Parameters:

hashedMessage: (String) hash of the timestamped data.
hashAlgorithm: (String) hash algorithm used to produce the 'hashedMessage'. Both the common name and the OID dot notation are accepted.
certReq: (Boolean) flag indicating if the timestamp token should include the timestamp authority's certificate.

Response:


    {

  "status": 0,

  "hashedMessage": "YOUR_FILE_SHA512_HASH",

  "hashAlgorithm": "2.16.840.1.101.3.4.2.3",

  "serialNumber": "1b23d65d7b2cc8cca76795fc805de23888de53f",

  "timestamp": 1704067200000,

  "token": "BASE64_ENCODED_TOKEN"

  "tsaPolicyId": "1.3.6.1.4.1.60053.2.1.1.1.1"

  }

Using RFC3161 binary files

To use the service according to the RFC3161 specifications, you have to create files with OpenSSL or any RFC3161-compliant library. Once created, simply send a timestamp-query file to our service with the proper credentials and headers. If everything is ok, the returned response is a valid timestamp reply binary file that you can parse using openssl or a compliant library.

Example:


    
  # Create the request file 

  openssl ts -query -data data.txt -cert -no_nonce -sha512 -out request.tsq

  # Send the file using cURL

  curl https://VAULTINUM_ENVIRONMENT_URL/v1/timestamp/request \

  -X POST \

  -H "X-API-KEY: YOUR_API_KEY" \

  -H "Content-type: application/timestamp-query"

  --data-binary "@request.tsq" > reply.tsr

  # Check the content of the reply

  openssl ts -reply -in reply.tsr -text

  # Retrieve the bundled certificates from the trust chain

  curl -O http://ts-pub.vaultinum.com/cer/bundle.pem

  # Verify the timestamp token

  openssl ts -verify -data data.txt -in reply.tsr -CAfile bundle.pem 

  # Verification: OK

In depth certificate verification:

In the previous example, the openssl "-cert" option indicates the response includes the timestamp unit certificate.
You can omit this option and provide the certificate in the openssl verify command.


    
  # Retrieve the Vaultinum certificate trust chain
  curl -O http://ts-pub.vaultinum.com/cer/root-ca.cer

  curl -O http://ts-pub.vaultinum.com/cer/timestamp-ca.cer

  curl -O http://ts-pub.vaultinum.com/cer/tsu-01.cer

  # The certificates are published with DER format, convert them to PEM

  openssl x509 -in root-ca.cer -inform DER -outform PEM -out root-ca.pem

  openssl x509 -in timestamp-ca.cer -inform DER -outform PEM -out timestamp-ca.pem

  openssl x509 -in tsu-01.cer -inform DER -outform PEM -out tsu-01.pem

  # Create the bundle with the pem certificates

  cat root-ca.pem timestamp-ca.pem > bundle.pem

  # Verify the timestamp token

  openssl ts -verify -data data.txt -in reply.tsr -CAfile bundle.pem -untrusted tsu-01.pem

  # Verification: OK

The service accepts several policies and hash algorithms:

Policies:

1.3.6.1.4.1.60053.2.1.1.1.1 (Vaultinum timestamp policy identifier)

Hash algorithms (common name / OID dot notation):

SHA256 / 2.16.840.1.101.3.4.2.1
SHA384 / 1.2.840.10045.4.3.3
SHA512 / 2.16.840.1.101.3.4.2.3

Environments

Vaultinum provides a sandbox and a production environment.

The scope of the environment (sandbox or production) is set when creating a new API key.

Sandbox Environment

This environment is intended to test and validate any changes made to your application before it goes live in production.

This environment is dedicated to testings and cannot be used for any legal purpose.
This environment is not meant for benchmarking.

Base URL

https://ts-sandbox.vaultinum.com/

Production Environment eIDAS

This environment is an eIDAS-compliant environment that provides timestamp tokens with the ETSI qcStatement in the extension list (cf. ETSI EN 319 422