Skip to main content

Verification Certificates

Every verification performed through VeriflowAPI generates a signed certificate. Certificates provide a tamper-proof audit trail that proves a verification was performed at a specific point in time using specific data sources.

What is a verification certificate?

A verification certificate is a cryptographically signed record containing:
  • The verification ID
  • The provider details verified
  • The data sources checked
  • The result of the verification
  • A precise timestamp
  • A SHA256 hash signature
Certificates are useful for regulatory audits, compliance documentation, and legal defensibility. If you are ever asked to prove that you verified a provider’s credentials before onboarding, a VeriflowAPI certificate provides that proof.

Certificate fields

Every verification response includes two certificate-related fields:
FieldDescription
verification_idUnique identifier for this verification. Use this to retrieve the full certificate.
certificate_hashSHA256 hash of the signed certificate. Use this to verify the certificate has not been tampered with.

Retrieve a certificate

GET https://api.veriflowapi.com/v1/certificate/{verification_id}

Response

{
  "verification_id": "vrf_a1b2c3d4e5",
  "issued_at": "2026-02-20T10:30:00Z",
  "provider": {
    "name": "Dr. Sarah Chen",
    "npi": "1234567890",
    "license_number": "CA-A-98234",
    "state": "California"
  },
  "result": {
    "verified": true,
    "status": "active",
    "expiry_date": "2027-06-30",
    "disciplinary_flags": false,
    "oig_excluded": false
  },
  "sources_checked": ["NPPES", "OIG", "CA Medical Board"],
  "certificate_hash": "sha256_9f8e7d6c5b4a3b2c1d...",
  "signature": "vrf_sig_a1b2c3d4e5f6g7h8..."
}

Download PDF certificate

GET https://api.veriflowapi.com/v1/certificate/{verification_id}/pdf
Returns a PDF version of the certificate suitable for storage in compliance documentation systems or sharing with auditors. The PDF includes:
  • VeriflowAPI letterhead
  • All verification details
  • QR code linking to the online verification record
  • Digital signature

Certificate retention

VeriflowAPI retains all verification certificates for a minimum of 7 years from the date of issue, in line with standard healthcare compliance record retention requirements. Certificates are available via API at any time during the retention period using the original verification_id.

Verifying certificate integrity

You can verify that a certificate has not been tampered with by recomputing the SHA256 hash of the certificate body and comparing it to the certificate_hash field. 
import hashlib
import json

def verify_certificate_integrity(certificate):
    # Extract the hash from the certificate
    expected_hash = certificate.pop('certificate_hash')
    
    # Compute hash of remaining certificate body
    body = json.dumps(certificate, sort_keys=True).encode()
    computed_hash = 'sha256_' + hashlib.sha256(body).hexdigest()
    
    return computed_hash == expected_hash