Manifests
A manifest is the set of assertions embedded into a signed file's C2PA claim. Think of it as structured metadata that travels with the file forever.
Manifest structure
json
{
"title": "Campaign Photo, June 2025",
"creator": "Alice Johnson",
"software_agent": "Acme Photo Suite 3.0",
"custom": {
"campaign_id": "summer-2025",
"approved_by": "editorial-team"
}
}| Field | Required | Description |
|---|---|---|
title | Yes | Human-readable name for the asset |
creator | Yes | Name of the content creator |
software_agent | No | Tool used to produce the file |
custom | No | Arbitrary key-value pairs (stringified) |
Creating manifests in the web UI
- Open Manifest Builder in the dashboard.
- Fill in the fields and click Save Manifest.
- Manifests are saved to
localStorageand available in the signing flow.
Using a manifest via the API
Pass manifest as a JSON object in the /v1/media/sign request body:
bash
curl -X POST https://api.tauth.io/v1/media/sign \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"upload_id": "abc123",
"manifest": {
"title": "Product Shot",
"creator": "Bob Smith",
"software_agent": "Capture One 24"
}
}'What gets embedded
Tauth constructs the following C2PA assertions from your manifest:
c2pa.claim: the signed claim binding all assertions to the file hashstds.schema-org.CreativeWork: mapstitleandcreatorc2pa.training-mining: set tonotAllowedby default (configurable)c2pa.hash.data: SHA-256 of the file content for tamper detection
Verifying embedded metadata
bash
curl -X POST https://api.tauth.io/v1/media/verify \
-F "file=@signed-photo.jpg" | jq .manifest