Public documentation.
This document is the public-facing surface of the Othra Partner API — what we offer, what we don't, and how to begin a conversation. The full technical specification, sandbox credentials, and pricing details sit behind a mutual NDA, available on request to partner@othra.ai.
What this is
The Othra Partner API is the integration surface between Othra and the platforms that interact with our verified-identity ecosystem: AI image and video generators, social media operators, content-hosting services, identity-verification vendors, security researchers, and law-enforcement liaison teams. Through it, partners can:
- Validate Othra-issued takedown signatures — confirm that a request reaching their Trust & Safety team was actually issued by a biometrically verified Othra user, not forged.
- Query the consent registry — check whether a given face has registered an explicit opt-out signal through Othra, without exposing any user PII.
- Receive verified takedown notices through a structured webhook, ready for ingestion by an automated review pipeline.
- Integrate Othra identity verification into their own internal Trust & Safety workflows.
Each capability is gated behind an appropriate tier of partnership. Lower tiers are public and free. Higher tiers require a signed agreement, a mutual NDA, and standard onboarding (typically 1–4 weeks).
Why this exists
Takedown requests today are unauthenticated text. Anyone can copy a DMCA-style notice and send it about anyone — and Trust & Safety teams end up triaging millions of unverifiable claims by hand. Generative AI compounds this from both sides at once: more content to police, and more plausible impersonation in the messages claiming "this is me."
Othra introduces a thin but powerful layer underneath consumer takedown requests. Every Othra user has completed a biometric identity check (Sign in with Apple plus an Apple Vision liveness pass) and maintains an encrypted reference vault. When that user submits a takedown, Othra attaches a cryptographically signed verification block — a tamper-evident commitment that this request comes from a verified human, not a script, not a bot, not an impersonator.
For platforms, this is a force multiplier. A pre-verified Othra request can skip the manual identity-check queue, automate first-pass review, and produce evidentiary trails that hold up in court. For regulators, it is a concrete answer to the "how will you protect users?" line in every AI law currently being written. For AI generation platforms, it is the foundation of a consent-aware generation protocol.
Othra issues verifiable identity claims that travel with takedown requests. The Partner API lets you validate, ingest, and act on them.
Partnership tiers
Five concentric tiers, increasing in capability, commitment, and revenue share. Most partners begin at Tier I, evaluate, and escalate.
The Public Verifier
Open, no-authentication HTTP endpoint at othra.ai/verify/<token>. Performs structural and prefix-signature validation of any Othra verification token and renders a human-readable claim page. Designed for human Trust & Safety reviewers, journalists, and independent researchers.
- Endpoint
- GET /verify/{token} — HTML response
- Authentication
- None
- Rate limit
- 60 req/min per IP, soft throttling
- Latency p95
- < 250 ms (CDN-cached)
- Use case
- Manual claim verification
Verify-on-Demand API
A programmatic API for automated Trust & Safety pipelines. Submit a token and receive a signed JWT response with verification status, issue time, and authenticity attestation. Backed by Othra's audit log for full signature verification (v2 — see roadmap).
- Endpoint
- POST /api/v1/verify
- Response
- Signed JWT with {status, verification_id, issued_at, claims}
- Authentication
- API key + IP allowlist
- SLA
- 99.9% uptime, p95 < 200 ms
- Use case
- Automated review queues, ticketing integrations
Consent Registry
A privacy-preserving lookup of Othra's protected-identity index. AI generation platforms can check, before producing or training on a face, whether that face has opted out through Othra. Queries return only boolean or probabilistic match results — never user PII, never biometric templates.
- Endpoint
- POST /api/v1/registry/check
- Request
- Hashed face-embedding query (client-side prep)
- Response
- {match: bool, confidence: 0..1, scope}
- Authentication
- Mutual TLS + API key
- SLA
- 99.95% uptime, p95 < 100 ms
- Use case
- Pre-generation consent filter, training-data exclusion
Takedown Inbox webhook
For platforms that receive a meaningful volume of Othra-issued takedowns, we replace the email channel with a structured webhook. Each delivery includes the full canonical letter, the verification block, evidence URLs, and an HMAC-signed envelope.
- Delivery
- Othra POSTs to your endpoint — at-most-once, 24h retry window
- Payload
- JSON, signed with shared HMAC secret
- Acknowledgement
- HTTP 200 with optional {tracking_id}
- Authentication
- HMAC-SHA256 over body, key rotated quarterly
- Use case
- Trust & Safety ingestion, automated removal queues
Standards Co-development
Joint authorship of an open consent-aware AI generation protocol, published as an RFC-style specification with Othra as the reference implementation. Includes co-marketing, shared press, custom integration support, and an annual review cycle.
- Scope
- Protocol design, public specification, reference implementation
- Marketing
- Joint announcement, conference co-presentations, shared logo placement
- Support
- Dedicated engineering liaison, quarterly executive review
- Commitment
- Multi-year, mutually exclusive in defined scope
- Use case
- Anchor partner with strategic interest in setting category standards
Technical foundations
The Partner API is built on the same primitives that power the consumer Othra application. Specific algorithms and parameters are documented fully in the partner-only technical specification; the public surface is summarized below.
| Layer | Implementation |
|---|---|
| Transport | HTTPS 1.3, TLS 1.3 minimum, HSTS enforced |
| Cryptography | HMAC-SHA256 signing, SHA-256 hashing throughout |
| Identity provider | Apple Sign In + Apple Vision liveness (on-device) |
| Biometric processing | Apple Vision face embedding; only hashed fingerprints persist server-side |
| Token format | Base64url-encoded compact pointer (verification ID + payload digest + signature prefix) |
| Audit log retention | 7 years for evidentiary purposes; tombstoned on user erasure |
| Hosting | Multi-region: US-East primary, EU-West replica; partner-region pinning available |
| Backups | Continuous point-in-time recovery, 30-day window |
Sample Tier II response (illustrative)
Programmatic verify response structure. Field names are stable; field contents and additional optional keys are documented in the partner specification.
Possible status values: verified, structurally_valid_but_unknown, tampered, revoked, expired.
Privacy guarantees
Every API surface is designed under a single principle: the block is a commitment, never a publication. Partners receive proof that something is true; they do not receive the underlying evidence.
- We never expose raw biometric templates through any API tier.
- We never return user names, emails, phone numbers, or device identifiers.
- Consent registry queries return only boolean or probabilistic match information.
- Audit log access requires either a partner agreement with defined scope, or a court-ordered subpoena.
- All data processing complies with GDPR, UK GDPR, CCPA/CPRA, Turkish KVKK, German DSGVO, and the EU AI Act transparency requirements.
- Users may revoke and tombstone their records at any time; partner queries against tombstoned records return revoked.
Othra holds the audit trail. Partners receive only what they need to act. The two only connect with explicit user consent, valid legal process, or under a defined partnership scope.
SLA & support
| Tier | Uptime | Latency p95 | Support response |
|---|---|---|---|
| I — Public Verifier | Best effort | < 250 ms | Community / email |
| II — Verify-on-Demand | 99.9 % | < 200 ms | 4 business hours |
| III — Consent Registry | 99.95 % | < 100 ms | 1 business hour |
| IV — Takedown Inbox | 99.95 % | n/a (async) | 1 business hour |
| V — Anchor Partner | 99.99 % | Custom | 30 minutes, dedicated channel |
A public status page (status.othra.ai) is in planning for Q3 2026. Tier III+ partners receive a private Slack channel with on-call engineering coverage during the partner's business hours.
Pricing model
Othra uses a transparent two-axis model: per-request usage plus annual minimum commitment. Volume discounts apply, multi-year agreements receive additional discounts, and Tier V is bespoke. Exact rates are shared under MNDA via partner@othra.ai.
| Tier | Per-request basis | Annual minimum |
|---|---|---|
| I — Public Verifier | Free | — |
| II — Verify-on-Demand | $ low units per verification | Starts at low five figures |
| III — Consent Registry | $ sub-cent per query | Starts at mid five figures |
| IV — Takedown Inbox | $ low double-digits per takedown | Starts at six figures |
| V — Anchor Partner | Bespoke | Starts at low-mid six figures |
Partners with regulatory, journalistic, or academic interest may qualify for reduced or waived fees. Standard pilot terms run 90 days, sandbox access only, with mutual evaluation rights and no annual commitment.
Roadmap
| Window | Delivery |
|---|---|
| Q3 2026 | v2 server-side signing; full signature verification at /verify |
| Q3 2026 | Public status page at status.othra.ai |
| Q4 2026 | Tier III Consent Registry public beta |
| Q4 2026 | SOC 2 Type II certification (audit in progress) |
| Q1 2027 | Tier IV Takedown Inbox stable; webhook spec frozen |
| Q2 2027 | Tier V standard published with first anchor partner |
| Q3 2027 | EU data residency option; Frankfurt primary for EU customers |
How to engage
We welcome inquiries from AI generation platforms, social media operators, identity-verification vendors, Trust & Safety teams, security researchers, journalists, and law-enforcement liaison teams. Write to partner@othra.ai with:
- Your organization and a one-paragraph description of what you build.
- Which tier you're interested in (we will help you decide if you're not sure).
- Estimated volume — requests per month, takedowns per month, or generation queries per month.
- Your timeline — exploratory, active project, or regulator-driven.
We respond within 48 hours. The standard sequence is: 30-minute scoping call → mutual NDA → 1–2 week sandbox setup → 90-day pilot → contract. Anchor partnerships compress this; large-organization legal cycles can extend it.
Start a conversation.
Whether you're scoping a pilot, exploring standards co-development, or just want to ask whether Othra fits your problem — write to us.
partner@othra.ai →Frequently asked questions
Is Othra a competitor to C2PA / Content Credentials?
No. C2PA authenticates content provenance — answering "who made this file?" Othra authenticates identity claims — answering "is the person asking for removal the person they claim to be?" The two are complementary; a content reviewer ideally wants both signals.
Is Othra a competitor to Persona / Onfido / Stripe Identity?
Not directly. Those services authenticate identity for KYC and account-opening flows; they are B2B identity-verification vendors. Othra is a consumer identity-sovereignty platform that produces verifiable claims attached to user actions (takedowns) — different use case, different go-to-market.
Is Othra HIPAA compliant?
Not currently. Othra processes biometric data under GDPR, CCPA, and KVKK frameworks rather than US healthcare law. We can share a HIPAA compliance roadmap on request for partners with relevant use cases.
Do you have SOC 2?
SOC 2 Type II audit is in progress, with anticipated completion in Q4 2026. Partners may request the current Type I report and audit interim materials under NDA.
Can we run a closed pilot?
Yes. Standard pilot terms are 90 days, sandbox access only, with mutual evaluation rights and no annual commitment. Partners can scale to production or walk away at the end of the pilot with no further obligation.
What happens if a user revokes their Othra account?
Audit log records remain in our system for evidentiary purposes (per GDPR Art. 17(3)(e) and equivalent provisions in other regimes), but public-facing identifiers are tombstoned. Partner queries against tombstoned identifiers return revoked, and past claims continue to display the revoked state at the public verifier.
Can we get an on-premises deployment?
Not in v1 or v2. The signing key, audit log, and revocation state must remain under Othra's operational control for the verification claims to be trustworthy. Tier III and IV partners get regional data residency options; full self-hosted deployment is not on our roadmap.
How does Othra make money?
Two revenue streams: (1) consumer subscriptions from the Othra consumer app, and (2) partner API agreements as described in this document. We do not sell user data, do not run advertising, and do not monetize biometric templates in any form.
Is the v1 signing key secure?
The v1 HMAC issuer key is bundled with the consumer application binary. A determined adversary can extract it and forge structurally valid blocks offline; however, such forgeries will not appear in Othra's audit log, and the v2 server-side verification endpoint will detect them. We are transparent about this limit because trust requires it. Partner integrations should rely on Tier II+ APIs, which authenticate against the audit log rather than reproducing the signature client-side.
Can we audit Othra's infrastructure?
Tier III+ partners may request a once-yearly technical review with our security team under NDA. Annual SOC 2 reports will be available to all partners once Type II certification completes.
Direct contacts
Pick the address that matches your enquiry — we acknowledge every well-formed message within 72 hours.