The 0byte API has three core endpoints:
Base URL: https://api.0byte.tech
Analyze and stamp requests require an API key:
1Authorization: Bearer 0b_key_...Verify, proof lookup, and transparency endpoints are public — no key needed.
| Tier | Limit | Scopes |
|---|---|---|
| Free | 60 requests/min | analyze, stamp, verify |
| Dev | 300 requests/min | analyze, stamp, verify |
| Pro | 1,000 requests/min | analyze, stamp, verify |
Install:
1pip install 0byte1from zerobyte import Client
2
3client = Client(api_key="0b_key_...")
4
5# Detect if an image is AI-generated
6result = client.analyze(open("photo.png", "rb").read())
7print(result.verdict) # "ai_generated"
8print(result.confidence) # 0.94
9print(result.ai_probability) # 0.971proof = client.stamp(
2 content=image_bytes,
3 content_type="image/png",
4 provider="stability",
5 model="sdxl-turbo",
6)
7
8print(proof.id) # "0b_a1b2c3d4-..."
9print(proof.fingerprint) # perceptual content hash
10print(proof.verify_url) # "https://0byte.tech/proof/0b_a1b2c3d4-..."1result = client.verify(
2 content=some_image_bytes,
3 content_type="image/png",
4)
5
6print(result.matched) # True / False
7print(result.confidence) # 0.0 — 1.0
8print(result.proof) # original proof if matched1proof = client.get_proof("0b_a1b2c3d4-...")
2
3print(proof.provider) # "stability"
4print(proof.model) # "sdxl-turbo"
5print(proof.signature) # Ed25519 signaturePOST /v1/analyze — Detect whether an image is AI-generated. Requires API key.
Runs the neural classifier, checks metadata for generation artifacts, and queries the proof registry. Returns a weighted verdict combining all three signals.
Request:
1curl -X POST https://api.0byte.tech/v1/analyze \
2 -H "Authorization: Bearer 0b_key_..." \
3 -H "Content-Type: application/json" \
4 -d '{
5 "content": "<base64_encoded_image>",
6 "content_type": "image/png"
7 }'Response (no registry match):
1{
2 "verdict": "ai_generated",
3 "confidence": 0.94,
4 "ai_probability": 0.97,
5 "signals": [
6 {
7 "signal_type": "neural_classifier",
8 "score": 0.97,
9 "weight": 0.75,
10 "details": {"model_version": "v1", "generator_hint": "stable_diffusion"}
11 },
12 {
13 "signal_type": "metadata_analysis",
14 "score": 0.85,
15 "weight": 0.25,
16 "details": {"has_exif": false, "has_xmp": false}
17 }
18 ],
19 "registry_match": {
20 "matched": false,
21 "proof": null
22 },
23 "processing_time_ms": 142
24}Response (with registry match):
1{
2 "verdict": "ai_generated",
3 "confidence": 0.99,
4 "ai_probability": 0.97,
5 "signals": [
6 {"signal_type": "neural_classifier", "score": 0.97, "weight": 0.75, "details": {}},
7 {"signal_type": "metadata_analysis", "score": 0.85, "weight": 0.25, "details": {}},
8 {"signal_type": "registry_match", "score": 1.0, "weight": 0.40, "details": {}}
9 ],
10 "registry_match": {
11 "matched": true,
12 "proof": {
13 "id": "0b_a1b2c3d4-...",
14 "provider": "openai",
15 "model": "dall-e-3",
16 "timestamp": "2026-03-12T10:30:00Z",
17 "signature": "base64_ed25519_signature...",
18 "verify_url": "https://0byte.tech/proof/0b_a1b2c3d4-..."
19 }
20 },
21 "processing_time_ms": 87
22}ai_generated, likely_real, or uncertainGET /v1/health — Returns server status, public key, and index size. No auth.
POST /v1/stamp — Create a proof of origin. Requires API key with stamp scope.
Request:
1curl -X POST https://api.0byte.tech/v1/stamp \
2 -H "Authorization: Bearer 0b_key_..." \
3 -H "Content-Type: application/json" \
4 -d '{
5 "content": "<base64_encoded_media>",
6 "content_type": "image/png",
7 "provider": "openai",
8 "model": "dall-e-3",
9 "metadata": {"prompt_hash": "abc123"}
10 }'Response:
1{
2 "id": "0b_a1b2c3d4-...",
3 "fingerprint": "f0e1d2c3b4a59687",
4 "provider": "openai",
5 "model": "dall-e-3",
6 "content_type": "image/png",
7 "timestamp": "2026-03-12T10:30:00Z",
8 "signature": "base64_ed25519_signature...",
9 "signing_key_id": "3e1b03b9",
10 "verify_url": "https://0byte.tech/proof/0b_a1b2c3d4-...",
11 "metadata": {"prompt_hash": "abc123"}
12}POST /v1/verify — Check content against the registry. No auth required.
Request:
1curl -X POST https://api.0byte.tech/v1/verify \
2 -H "Content-Type: application/json" \
3 -d '{
4 "content": "<base64_encoded_media>",
5 "content_type": "image/png"
6 }'Response:
1{
2 "matched": true,
3 "confidence": 0.95,
4 "proof": {
5 "id": "0b_a1b2c3d4-...",
6 "fingerprint": "f0e1d2c3b4a59687",
7 "provider": "openai",
8 "model": "dall-e-3",
9 "content_type": "image/png",
10 "timestamp": "2026-03-12T10:30:00Z",
11 "signature": "base64_ed25519_signature...",
12 "signing_key_id": "3e1b03b9",
13 "verify_url": "https://0byte.tech/proof/0b_a1b2c3d4-..."
14 }
15}Uses perceptual fingerprinting — works after re-encoding, cropping, or screenshotting.
GET /v1/proofs/:id — Fetch a specific proof by ID. No auth.
Request:
1curl https://api.0byte.tech/v1/proofs/0b_a1b2c3d4-...Response:
1{
2 "id": "0b_a1b2c3d4-...",
3 "fingerprint": "f0e1d2c3b4a59687",
4 "provider": "openai",
5 "model": "dall-e-3",
6 "content_type": "image/png",
7 "timestamp": "2026-03-12T10:30:00Z",
8 "signature": "base64_ed25519_signature...",
9 "signing_key_id": "3e1b03b9",
10 "verify_url": "https://0byte.tech/proof/0b_a1b2c3d4-...",
11 "metadata": {}
12}Manage API keys programmatically. All key endpoints require authentication.
POST /v1/keys — Create a new API key. The raw key is returned once.
1curl -X POST https://api.0byte.tech/v1/keys \
2 -H "Authorization: Bearer 0b_key_..." \
3 -H "Content-Type: application/json" \
4 -d '{"name": "production"}'1{
2 "id": "a1b2c3d4-...",
3 "name": "production",
4 "created_at": "2026-03-12T10:30:00",
5 "key": "0b_key_new_raw_key_here"
6}GET /v1/keys — List all keys (raw keys are never returned).
1curl https://api.0byte.tech/v1/keys \
2 -H "Authorization: Bearer 0b_key_..."DELETE /v1/keys/:id — Revoke a key. Can't revoke your own or the last remaining key.
1curl -X DELETE https://api.0byte.tech/v1/keys/a1b2c3d4-... \
2 -H "Authorization: Bearer 0b_key_..."Every proof is batched into a signed Merkle tree every 60 seconds. These endpoints let anyone independently verify that a proof was included in the log.
GET /v1/transparency/head — Latest Merkle tree root.
Request:
1curl https://api.0byte.tech/v1/transparency/headResponse:
1{
2 "tree_id": 42,
3 "root_hash": "a1b2c3d4e5f6...",
4 "tree_size": 128,
5 "published_at": "2026-03-12T10:31:00Z"
6}GET /v1/transparency/inclusion/:proof_id — Verify a proof exists in the transparency log.
Request:
1curl https://api.0byte.tech/v1/transparency/inclusion/0b_a1b2c3d4-...Response:
1{
2 "proof_id": "0b_a1b2c3d4-...",
3 "leaf_hash": "abc123...",
4 "leaf_index": 7,
5 "tree_id": 42,
6 "root_hash": "a1b2c3d4e5f6...",
7 "tree_size": 128,
8 "published_at": "2026-03-12T10:31:00Z",
9 "inclusion_path": [
10 {"hash": "def456...", "direction": "left"},
11 {"hash": "789abc...", "direction": "right"}
12 ]
13}| Code | Status | Description |
|---|---|---|
| AUTH_MISSING | 401 | No Authorization header |
| AUTH_INVALID | 401 | API key is invalid or revoked |
| SCOPE_DENIED | 403 | Key doesn't have the required scope for this endpoint |
| RATE_LIMITED | 429 | Too many requests for your tier |
| INVALID_BASE64 | 400 | Content is not valid base64 |
| INVALID_IMAGE | 400 | Content is not a valid image |
| PAYLOAD_TOO_LARGE | 413 | Content exceeds 50MB limit |
| PROOF_NOT_FOUND | 404 | No proof with that ID |
| NOT_YET_ANCHORED | 404 | Proof not yet in transparency log (wait ~60s) |
| KEY_NOT_FOUND | 404 | No API key with that ID |
| CANNOT_DELETE_SELF | 400 | Can't revoke the key you're authenticating with |
| LAST_KEY | 400 | Can't revoke the last remaining key |