Quickstart

Sign a file and verify it in under a minute.

Option 1: Sign from Flowsta Vault (Desktop)

Prerequisites

• Flowsta Vault installed and set up with a recovery phrase

Sign

1. Open Flowsta Vault and unlock it
2. Click Sign It in the sidebar
3. Drag files onto the drop zone (or click Choose Files to select one or more)
4. Vault hashes each file and runs integrity checks automatically
5. Choose your metadata:
   • AI Generation — None, Assisted, or Generated
   • Content Rights — License, commercial availability, AI training policy, contact preference
6. Click Sign File (or Sign N Files for a batch)
7. Your signatures are committed to the Holochain DHT

View Your Signatures

• Recent Signatures shows your latest 5 on the Sign It page
• Click View all to see everything, including revoked signatures

Option 2: Sign from Web Dashboard

Prerequisites

• A Flowsta account (free)

Sign

1. Login at flowsta.com
2. Navigate to Sign It in the dashboard
3. Drag files onto the drop zone (or click Choose Files)
4. Files are hashed in your browser — nothing is uploaded
5. Choose your metadata (same options as Vault)
6. Click Sign File or Sign N Files
7. The server signs using your keypair from the conductor — no password needed
8. Signatures are immediately verifiable

Verify a File

1. Go to flowsta.com/sign-it
2. Drop the file onto the page (or click Choose File)
3. The file is hashed in your browser — it never leaves your device
4. Exact match: finds signatures for the identical file
5. Fuzzy match: for images and audio, finds similar versions (resized, re-encoded, trimmed)
6. See all signatures: who signed, when, their declared rights, integrity check results

Verify via API

curl "https://auth-api.flowsta.com/api/v1/sign-it/verify?hash=a7f3b9c1e2d4..."

Returns all signatures for that SHA-256 hash, including metadata and revocation status.

Sign via SDK (for developers)

Web Apps (OAuth)

import { FlowstaAuth, hashFile } from '@flowsta/auth';

const flowsta = new FlowstaAuth({
  clientId: 'your_client_id',
  redirectUri: 'https://your-app.com/callback',
  scopes: ['profile', 'sign'],
});

// After user logs in...
const hash = await hashFile(file);
const result = await flowsta.signFile({
  fileHash: hash,
  intent: 'authorship',
  contentRights: { license: 'cc-by', aiTraining: 'not_allowed' },
});

Desktop Holochain Apps (Vault IPC)

import { signDocument } from '@flowsta/holochain';

const result = await signDocument({
  clientId: 'flowsta_app_abc123...',
  appName: 'ArtStudio',
  fileHash: 'a7f3b9c1e2d4...',
  label: 'Illustration.png',
  intent: 'authorship',
  contentRights: { license: 'cc-by', aiTraining: 'not_allowed' },
});

The user sees an approval dialog in Vault. If approved, the signature is committed to the DHT and returned to your app.

Next Steps

• Content Rights — Full guide to the rights manifest
• Developer Guide — OAuth signing for third-party web apps
• Verification API — Programmatic file verification
• SDK Reference — Complete SDK reference