# VAARHAFT API

API for image and document verification.

 Send us your files in a ZIP archive through a request like below, and we verify them for you.
You can give us images (like JPEG, PNG, ...) or PDF documents - we extract relevant items like embedded images or document scans automatically.

 You will get back a response where we detail exactly what the results of our different analyses are - and if your file is suspicious. 

 The results are packaged in a clean, structured JSON response like below, that is easy to understand, read and integrate. Additionally, depending on the results, we
may send you one or multiple ZIP attachments containing additional results or indicators, like heatmaps that show you where your files have been edited.

 We can even generate an evaluation report for you, which shows you everything we found in an intuitive way, that everyone, even without
technical knowledge, can understand.

  
  <br><br> One more thing:

   If you're using Python (v3.9 or higher), the easiest way to integrate our API is through our SDK - just run `pip install vaarhaft-fraudscanner` and you're good to go! [(more info here)](https://pypi.org/project/vaarhaft-fraudscanner/)


Version: v2.5.0

## Servers

```
https://api.vaarhaft.com
```

## Security

### apiKeyAuth

Type: apiKey
In: header
Name: x-api-key

## Download OpenAPI description

[VAARHAFT API](https://docs.vaarhaft.com/_bundle/openapi.yaml)

## FraudScanner

### Upload a ZIP file for fraud analysis

 - [POST /v2/fraudscanner](https://docs.vaarhaft.com/openapi/fraudscanner/analysefile.md): Analyze image and document files for fraud indicators.

There are two ways to send your ZIP file, depending on its size:

| ZIP size | Method | How |
|----------|--------|-----|
| < 10 MB | Direct upload | Send the ZIP as file in the request body (multipart/form-data) |
| 10–50 MB | Presigned S3 upload | First call POST /v2/getUploadUrl, upload to S3, then call this endpoint with s3_key as query parameter |

For files under 10 MB, nothing changes — use the direct upload as before.
For larger files, the presigned flow bypasses the 10 MB gateway limit.

Python example (both flows):

python
import requests, os

API_URL = "https://api.vaarhaft.com"
HEADERS = {"x-api-key": "YOUR_KEY", "caseNumber": "Case-123"}
THRESHOLD = 9  1024  1024  # 9 MB safety margin

zip_path = "images.zip"
zip_size = os.path.getsize(zip_path)

if zip_size < THRESHOLD:
    # --- Direct upload (small files) ---
    with open(zip_path, "rb") as f:
        resp = requests.post(
            f"{API_URL}/v2/fraudscanner",
            files={"file": (zip_path, f, "application/zip")},
            headers=HEADERS,
        )
else:
    # --- Presigned S3 upload (large files) ---
    # Step 1: Get presigned URL
    url_resp = requests.post(
        f"{API_URL}/v2/getUploadUrl", headers=HEADERS
    )
    upload_url = url_resp.json()["upload_url"]
    s3_key = url_resp.json()["s3_key"]

    # Step 2: Upload ZIP to S3
    with open(zip_path, "rb") as f:
        requests.put(
            upload_url,
            data=f,
            headers={"Content-Type": "application/zip"},
        )

    # Step 3: Trigger analysis
    resp = requests.post(
        f"{API_URL}/v2/fraudscanner",
        params={"s3_key": s3_key},
        headers=HEADERS,
    )

result = resp.json()


Note: requests with many or large files can take longer due to compute-heavy analysis. The request timeout is 120s.

### Get a presigned S3 upload URL for large files

 - [POST /v2/getUploadUrl](https://docs.vaarhaft.com/openapi/fraudscanner/getuploadurl.md): Returns a presigned S3 PUT URL for uploading ZIP files that exceed the 10 MB direct upload limit.
The URL is valid for 10 minutes. After uploading to S3, pass the returned s3_key to POST /v2/fraudscanner.

Flow:

1. POST /v2/getUploadUrl → receive upload_url + s3_key
2. PUT your ZIP to upload_url (with Content-Type: application/zip)
3. POST /v2/fraudscanner?s3_key= → receive analysis results

The uploaded file is automatically deleted after processing (or after 24h if not consumed).