paybondpaybond
Sign in

Evidence & artifacts

Submitting signed payee evidence and attaching artifact hashes, with idempotency for retries.

Evidence & artifacts

Evidence submission is the payee’s signed statement about what happened, optionally accompanied by a list of artifact content hashes (for example: receipts, logs, PDFs, or model outputs stored elsewhere).

Evidence submission checklist

  • Tenant scope: evidence is accepted only within the authenticated tenant realm.
  • Intent scope: evidence targets a single intent_id.
  • Signature binding: the payee signs a canonical binding of intent and payload metadata.
  • Idempotency: when retrying submissions, send idempotency-key to avoid duplicates.

Artifacts

Artifacts are referenced by hash (for example blake3 hex). The artifact bytes are stored outside Harbor; Harbor stores the hashes and the signed evidence binding.

Retry safety (idempotency key)

Harbor honors an optional idempotency-key header on mutating POST routes. Reusing a key with a different request body returns 409.

See: docs/api/harbor-idempotency-openapi.yaml.