Cryptographic audit-trail API for regulated apps

Audit trails your database
can’t honestly provide.

Anchor a one-way fingerprint of every record at creation. Prove byte-for-byte — years later — to a regulator, court, or any third party.

Start free Read the docs
Polygon Hyperledger Fabric Hybrid (Dual)
0x7f3a... 0xb2c1... 0x9e4d...
Anchored
Anchoring Strategies

One API. Three chains. Your choice.

Pick the chain that fits your data. Switch later in Settings — no code changes.

Public (Polygon)

Cheap, fast, anyone can verify on Polygonscan. $0.000007 per record with Merkle batching. Best for B2C apps, AI-content provenance, and public attestations.

polygon-amoy polygon-mainnet
NEW

Private (Hyperledger Fabric)

Data stays in your permissioned network. Bring your own Fabric peers (BYO mode). X.509 identity, no gas fees. Best for banking, healthcare, defense, and regulated consortiums.

fabric-byo X.509
NEW

Hybrid (Both)

Same record anchored to Fabric AND Polygon in one batch. Internal compliance on private chain, portable proof on public chain. The killer feature for regulated workflows.

dual-anchor compliant

Custom

Any EVM RPC — Ethereum Mainnet, Sepolia, Besu, Quorum. Any Fabric channel + MSP combination. For advanced deployments with bespoke chain requirements.

any-evm any-fabric
Why Hybrid

Internal control. Public proof. Both at once.

Banks need internal compliance ledgers (private) but their auditors want independent public attestation. Pharma needs HIPAA data sovereignty but FDA inspectors want tamper-evidence anyone can verify.

Hybrid mode anchors the same record's Merkle root to your Fabric channel AND Polygon in a single batch. Both proofs verify to the same root. Compliance team sees the Fabric anchor. Regulators see the Polygon anchor. Same truth, two independent attestations.

  • Same SHA-256 hash on both chains
  • Independent verification via /v1/verify
  • Webhook delivers both proofs in one payload
  • Secondary chain auto-retries on failure
Your App
Anchora POST /v1/anchor
Fabric (private) Internal audit
Polygon (public) Public attestation
Same Merkle Root
Built for Regulated Industries

Where ‘trust us’ isn’t an acceptable answer.

Every industry below shares one job: someone outside your company — a regulator, a court, an auditor, an employer, a customer — will eventually ask you to prove what your records said on a specific date. Anchora makes that proof a one-line check.

Featured use case

Digital Credentials & Identity

Degree certificates, professional licenses, training records, KYC attestations. Anchor the credential hash on-chain so any employer, regulator, or verifier worldwide can confirm authenticity — without contacting your database, calling your API, or trusting your servers.

  • Public verification works without Anchora. Once anchored, the proof verifies on Polygon directly — no vendor lock-in.
  • Hash-only mode keeps student data on your servers. Compliant with GDPR, India's DPDP Act, and FERPA out of the box.
  • One API call per certificate. Issue, anchor, and emit a verification link in under a second of integration code.
See credentials use case Start anchoring credentials
Also fits:
Banking & Financial Services Healthcare & Pharma Supply Chain & Logistics Government & Public Records Legal & Compliance
Platform

Blockchain infrastructure for building trust-based apps

Stripe abstracts payments. Twilio abstracts communications. Anchora abstracts blockchain. Build any tamper-proof application.

Platform
Infrastructure
Developers Build
Stripe
Payment APIs
E-commerce, subscriptions
Twilio
Communication APIs
Messaging, 2FA systems
SendGrid
Email APIs
Marketing platforms
Anchora Anchora
Blockchain APIs
Any tamper-proof application
Use Cases

What developers build with Anchora

Any application that needs data integrity, immutability, or cryptographic proof

AI Content Authenticity

Prove human-written content is original. Anchor documents before AI can replicate them. Detect deepfakes by verifying originals on blockchain.

anchor() verify()

Messaging Verification

Anchor every message at send time. Recipients verify authenticity and detect tampering. Blockchain proof of "this is what they actually sent."

anchor() getProof()

Voting & Election Systems

Anchor each vote with hash-only mode for privacy. Voters get blockchain proof their vote was recorded. Auditable, immutable, tamper-proof results.

anchor() verify()

IoT Sensor Data

Anchor sensor readings in real-time. Batch 256 readings per transaction. Prove exact conditions for insurance claims, audits, and regulatory compliance.

anchor() getProof()
The Cost Math

How we get to $0.000007 per record.

We batch 256 records into a single on-chain transaction using a Merkle tree. Each record still gets its own independent proof — you pay once, anchor many, and audit-grade integrity costs less than a coffee for a million records.

Traditional Approach
1 Record = 1 Transaction
Cost per record $10.00
1,000 records = $10,000
Anchora Approach
256 Records = 1 Transaction
Cost per record $0.000007
1,000 records = < $0.01
99.9% cheaper

How Merkle Tree Batching Works

1
Your Records
Record 1
Record 2
Record 3
... up to 256
2
SHA-256 Hash
0x7f3a...
0xb2c1...
0x9e4d...
...
3
Build Merkle Tree
Root 0x9876...
0x1234...
0x5678...
H1
H2
H3
H4
4
Anchor to Polygon
Block #45,123,789
Merkle Root: 0x9876...
Records: 256
Cost: $0.01
Immutable

250x Cost Savings

Batch 256 records into 1 transaction. Pay once, anchor many.

Same Security

Each record has unique proof. Verify individually without revealing others.

30-Second Anchoring

Worker batches every 30 seconds. Fast finality on Polygon network.

Privacy Preserved

Only hashes stored. Your data never leaves your servers.

Live Demo

See it in action

Create immutable records, verify data integrity, and generate cryptographic proofs 

// Create immutable record
const data = {
  userId: 'user_123',
  action: 'certificate_issued',
  timestamp: Date.now()
};

const result = await vaas.anchor(data);
console.log(result);
// Verify data integrity
const verified = await vaas.verify(data, {
  hash: 'abc123...'
});

console.log(verified.success);
// Get Merkle proof
const proof = await vaas.getProof('abc123...');

console.log(proof.merkleProof);

Live Results

Status: Queued instantly · Anchored ~30s
Hash: abc123def456...
Block: 45,123,789
Verification: PASSED
Developer Experience

APIs that just work

RESTful endpoints, typed SDKs, and webhooks. Everything you need to ship fast.

Multiple Anchor Modes

Choose your security level: plain, encrypted, hash-only, or full secure mode with AES-256-GCM.

Full CRUD Operations

Create, read, update, delete with mutable/immutable field separation. Version history included.

Real-time Webhooks

Get notified on anchor.created, anchor.verified, and anchor.failed events instantly.

Privacy-First Search

Query records by hash without exposing data. Built for GDPR, HIPAA, and PCI-DSS compliance.

SDKs

Drop-in SDKs for your stack

Typed clients with autocomplete. Or use the REST API directly.

v2.4.0 · just shipped

JavaScript

npm install @anchora/sdk Live

REST API

Works with any language
Coming Soon

Python

pip install anchora-sdk
Coming Soon

Java

com.anchora:anchora-sdk
SDK examples on GitHub
Architecture

Three-layer security architecture

Encryption, hashing, and blockchain anchoring work together for complete data integrity

Encryption Layer

  • AES-256-GCM encryption
  • PBKDF2 key derivation
  • Zero-knowledge architecture

Hashing Layer

  • SHA-256 fingerprinting
  • Merkle tree proofs
  • Collision-resistant verification

Blockchain Layer

  • Ethereum & Polygon networks
  • Immutable timestamping
  • Sub-3 second finality

Compliance Ready

  • GDPR-aligned (hash-only + delete modes)
  • HIPAA-compatible architecture
  • SOC 2 controls — audit in progress
AI Provenance

AI outputs need cryptographic provenance.
Anchora is the infrastructure.

Every AI-generated image, document, model output, and training-data snapshot needs verifiable proof that it wasn't modified after generation. C2PA is becoming the standard. Anchora is the chain-anchoring layer underneath.

Why this matters now

  • C2PA standard is going mainstream. Adobe, Microsoft, OpenAI, and Sony are pushing C2PA into every AI tool — provenance metadata becomes mandatory for credibility.
  • Regulators are mandating it. EU AI Act, the US executive orders on AI, and forthcoming SEC guidance all reference content provenance. Anchored hashes are the verifiable substrate.
  • Deepfake disputes need court-admissible proof. A SHA-256 + Merkle proof + on-chain timestamp is exactly the evidence package lawyers and auditors are looking for.
Read the deep dive Start anchoring AI outputs
AI model output Image, doc, JSON, model weights
SHA-256 Hashed client-side or by Anchora
Anchora One API · multi-chain
On-chain proof Polygon · Fabric · Hybrid
Anyone verifies Court, regulator, end user
Operational Maturity

Built like infrastructure, not a side project

The boring details that matter when you're betting your compliance posture on us.

Dual-anchor retry

If the secondary chain fails (RPC blip, network), Anchora retries hourly up to 5 attempts. Primary anchor stands; record stays valid; secondary back-fills automatically.

Cert expiry monitoring

X.509 certs expire. We email project owners at 30 / 7 / 1 days before expiry. Re-importing a fresh cert takes 30 seconds in Settings — no anchoring downtime.

Encrypted-at-rest credentials

Fabric cert + private key encrypted with AES-256-GCM in MongoDB. Wallet private keys too. No plaintext anywhere, ever.

Atomic queue consume

Workers use Redis LPOP — no duplicate batches, no record corruption even at scale. Horizontally scalable. We test this with rapid-fire bursts; you don't have to.

Independent on-chain verification

Every /v1/verify response includes the on-chain Merkle root pulled live from the chain — not just "trust us, it was anchored." Catches DB tampering automatically.

Multi-chain webhooks

Webhooks carry chainType, networkId, and the full dualAnchor sub-object for Hybrid records. Backward-compatible with EVM-only receivers.

Available Now

Two ways to start anchoring this week

Public, Private (BYO Fabric), and Hybrid are live in production today. Managed Fabric is on the roadmap — pick one of the live modes now, migrate later when Managed ships.

Private — Hyperledger Fabric (BYO)

You run Fabric. We deploy the chaincode.

If you already operate a Hyperledger Fabric network — or have the team to set one up — you can start anchoring to it in under 30 minutes. Import your X.509 identity, we deploy anchora-anchor on your channel, you call the same /v1/anchor API. Zero gas fees. Data never leaves your network.

  • Full data sovereignty
  • No gas, no public chain dependency
  • Encrypted-at-rest cert + key storage
  • 30/7/1 day cert expiry alerts
Read the setup guide Book a setup call
Most popular for regulated workloads
Hybrid — Fabric + Polygon

Same record on private + public chain. One write.

Anchor the same Merkle root to your Fabric network AND Polygon in a single batch. Compliance teams verify against Fabric internally. Regulators and end users verify against Polygon externally. Same hash, two independent attestations — the cleanest answer when both audiences need proof.

  • Same Merkle root, two chains
  • Independent /v1/verify verdicts
  • Automatic retry if secondary fails
  • One webhook delivers both anchors
Read the Hybrid guide Talk to us

Don't have Fabric yet and don't want to run it? Join the Managed Fabric waitlist — we'll host the Fabric network for you when it ships.

Roadmap

Shipped, shipping, and coming next

No vapor. What's released, what we're building now, what's next.

Shipped

Multi-Chain Core

Public (Polygon) · Private (Hyperledger Fabric BYO) · Hybrid (both at once) · Custom (any EVM RPC, any Fabric profile). All four anchoring strategies in production.

Shipped

Operational Tooling

Cert expiry monitoring (30/7/1 day warnings), dual-anchor retry on secondary failure, multi-chain webhooks, encrypted-at-rest credentials, atomic queue consume.

Next Up

Managed Fabric

Anchora hosts the Fabric network for you — no Docker, no MSP setup, no peer infrastructure to manage. Subscription-based, instant provisioning.

Join the waitlist
Q3 2026

Consortium Mode

Multi-org shared Fabric networks. Each org keeps its identity; all share the ledger. Built for industry consortiums, supply-chain partnerships, and regulator-supervised networks.

Get notified
FAQ

Common questions

Quick answers for developers building on Anchora

Polygon (Amoy testnet + Mainnet) for public anchoring. Hyperledger Fabric for private permissioned anchoring (BYO mode — bring your own peers). Hybrid mode anchors to both simultaneously. Custom mode supports any EVM RPC (Ethereum, Sepolia, Besu, Quorum) or any Fabric channel.

Hybrid anchors the same Merkle root to BOTH your private Hyperledger Fabric network AND a public EVM chain (Polygon by default) in one batch. You get internal compliance ledger plus external regulator-verifiable proof from a single API call. Both anchors are independently verifiable via /v1/verify.

For EVM (Polygon): no. We auto-generate wallets, fund them, handle gas, and manage transactions for you. For Fabric BYO mode: you run your Fabric network and provide your X.509 cert + connection profile. Managed Fabric (Anchora-hosted) is on our roadmap.

/anchor/plain stores data as-is. /anchor/encrypted adds AES-256 encryption. /anchor/hash stores only the hash. Choose based on your privacy needs.

Three modes: soft delete (mark as deleted), hard delete (remove data, keep hash), complete delete (remove everything). Blockchain proof remains.

Yes. Mutable fields can be updated freely. Immutable fields create a new version with full history tracking. Both maintain verification integrity.

Anchora is built for GDPR, HIPAA, and PCI-DSS controls from day one — hash-only mode keeps regulated data on your servers, with soft, hard, and crypto-shred delete options. SOC 2 Type II audit is in progress; ISO 27001 is on the roadmap. Enterprise customers get dedicated compliance support and access to our control documentation.

Free tier includes 1,000 requests/month at 10 req/sec. Startup: 50,000 requests/month at 50 req/sec. Scale: 500,000 requests/month at 100 req/sec. Enterprise: unlimited with custom limits. All responses include rate limit headers for usage monitoring.

Subscribe to events like anchor.confirmed, anchor.failed, record.updated, and record.deleted. Failed deliveries retry with exponential backoff: 1 min, 5 min, 30 min, 2 hours, then 24 hours. HMAC-SHA256 signature verification is rolling out shortly — today, restrict your webhook receiver by source IP allowlist (available in your project settings).

About

Why we're building Anchora

Making blockchain-backed data integrity accessible to every developer

The Problem

Every industry needs to prove data hasn't been tampered with - medical records, academic credentials, legal documents, supply chains. But building on blockchain requires managing wallets, gas fees, smart contracts, and node infrastructure. It's complex, expensive, and slow.

Our Mission

Anchora abstracts all blockchain complexity into simple REST APIs. Developers call our endpoints; we handle wallets, gas, Merkle trees, and chain submission — whether that's Polygon (public), Hyperledger Fabric (private), or both at once (Hybrid). Your data stays on your servers; only SHA-256 hashes go to chain.

Our Approach

We batch up to 256 records into a single blockchain transaction using Merkle trees, achieving 99%+ cost reduction. Each record still gets its own Merkle proof for independent verification. Architected around GDPR, HIPAA, and SOC 2 controls from day one — with SOC 2 Type II certification in progress.

Live Stats

Trusted by developers, verified on blockchain

Real-time numbers from the Anchora platform — updated every page load

Records Anchored
Blockchain Batches
Success Rate
Get Started

Ready to build tamper-proof applications?

Get your API key and ship your first immutable record. Free tier includes 1,000 API calls per month.

Get Started View Documentation
No credit card required
1,000 free API calls
Production ready