RESTful API for AI companies and developers to integrate with copyright.sh
The copyright.sh API provides programmatic access to our AI content licensing platform. Use it to verify licenses, log usage, and manage creator accounts.
https://api.copyright.sh/v1
https://ledger.copyright.sh/v1
For real-time license discovery and usage logging with sub-50ms response times.
All requests and responses use JSON:
Content-Type: application/json
Include your API key in the Authorization header:
Authorization: Bearer YOUR_API_KEY
For tamper-proof usage logging, include HMAC signature:
X-HMAC-Signature: sha256=SIGNATURE X-Timestamp: 1698765432
Check licensing terms for a specific URL or domain. Returns parsed license information including pricing and permissions.
| Parameter | Type | Required | Description |
|---|---|---|---|
url |
string | Yes | The URL to check for licensing |
stage |
string | No | AI usage stage: infer, train, embed, tune |
distribution |
string | No | Distribution type: private or public |
{
"url": "https://example.com/article.html",
"stage": "infer",
"distribution": "public"
}
{
"licensed": true,
"action": "allow",
"distribution": "public",
"price": 0.15,
"payto": "cs-8f4a2b9c1d5e6f7a",
"license_version_id": 463781,
"license_sig": "a3f2d8e9b1c4...",
"source": "meta_tag",
"stage_overrides": {
"train": "deny",
"infer": {
"action": "allow",
"price": 0.15
}
}
}
Discover all licensing information for a domain, including ai-license.txt and homepage meta tags.
| Parameter | Type | Description |
|---|---|---|
domain |
string | Domain to discover licenses for |
{
"domain": "example.com",
"ai_txt": {
"found": true,
"url": "https://example.com/ai-license.txt",
"default_action": "allow",
"default_price": 0.10
},
"meta_tags": {
"found": true,
"licenses": [
{
"tag": "ai-license",
"content": "allow;distribution:public;price:0.15"
}
]
},
"verified": true,
"creator_id": "usr_2a3b4c5d"
}
Log AI usage of licensed content. Creates immutable usage records for royalty calculation.
| Header | Required | Description |
|---|---|---|
Authorization |
Yes | Bearer token with usage:write scope |
X-HMAC-Signature |
Yes | HMAC-SHA256 signature of request body |
X-Timestamp |
Yes | Unix timestamp of request |
| Parameter | Type | Required | Description |
|---|---|---|---|
url |
string | Yes | URL of content used |
license_version_id |
integer | Yes | License version from verify response |
tokens |
integer | Yes | Number of tokens used |
stage |
string | Yes | Usage stage: infer, train, embed, tune |
distribution |
string | Yes | Distribution: private or public |
ai_company |
string | Yes | Your company identifier |
model |
string | No | AI model name/version |
verbatim |
boolean | No | True if quoting verbatim |
audience |
string | No | Audience size bracket for multipliers |
{
"url": "https://example.com/article.html",
"license_version_id": 463781,
"tokens": 732,
"stage": "infer",
"distribution": "public",
"ai_company": "openai",
"model": "gpt-4",
"verbatim": false,
"audience": "up_to_100k"
}
{
"usage_id": "use_9f8e7d6c5b4a",
"charge": 0.10995,
"tokens": 732,
"price_per_1k": 0.15,
"multiplier": 1.0,
"creator_earnings": 0.10995,
"platform_fee": 0.010995,
"timestamp": "2025-09-29T15:30:00Z",
"hmac_verified": true
}
HMAC signatures ensure usage logs cannot be tampered with. This creates cryptographic proof of AI usage for legal enforcement.
# Python example
import hmac
import hashlib
import json
import time
def generate_hmac(payload, secret_key):
timestamp = str(int(time.time()))
message = f"{timestamp}.{json.dumps(payload, separators=(',', ':'))}"
signature = hmac.new(
secret_key.encode(),
message.encode(),
hashlib.sha256
).hexdigest()
return {
'signature': f"sha256={signature}",
'timestamp': timestamp
}
# Usage
payload = {
"url": "https://example.com/article.html",
"tokens": 732,
"stage": "infer"
}
hmac_data = generate_hmac(payload, "your_secret_key")
headers = {
'X-HMAC-Signature': hmac_data['signature'],
'X-Timestamp': hmac_data['timestamp']
}
The server verifies signatures by:
The API uses standard HTTP status codes and returns detailed error messages.
| Code | Meaning | Description |
|---|---|---|
| 200 | OK | Request successful |
| 201 | Created | Resource created successfully |
| 400 | Bad Request | Invalid request parameters |
| 401 | Unauthorized | Missing or invalid authentication |
| 403 | Forbidden | Insufficient permissions |
| 404 | Not Found | Resource not found |
| 429 | Too Many Requests | Rate limit exceeded |
| 500 | Server Error | Internal server error |
{
"error": {
"code": "INVALID_LICENSE",
"message": "No valid license found for the specified URL",
"details": {
"url": "https://example.com/page.html",
"checked": ["meta_tags", "ai_txt", "homepage"],
"suggestion": "Add license meta tags to your HTML"
}
},
"request_id": "req_a1b2c3d4e5"
}
INVALID_API_KEY - API key is invalid or expiredINSUFFICIENT_PERMISSIONS - API key lacks required scopesINVALID_LICENSE - No valid license foundHMAC_VERIFICATION_FAILED - HMAC signature invalidRATE_LIMIT_EXCEEDED - Too many requestsINVALID_PARAMETERS - Request parameters invalidAPI rate limits ensure fair usage and system stability.
| Endpoint | Free Tier | Standard | Enterprise |
|---|---|---|---|
| License Verification | 100/hour | 1,000/hour | 10,000/hour |
| Usage Logging | 1,000/hour | 10,000/hour | 100,000/hour |
| Analytics | 10/hour | 100/hour | 1,000/hour |
Every response includes rate limit information:
X-RateLimit-Limit: 1000 X-RateLimit-Remaining: 999 X-RateLimit-Reset: 1698765432
X-RateLimit-Remaining headerX-RateLimit-Reset timestampWebhooks will provide real-time notifications for usage events and payments.
usage.logged - New usage event recordedpayment.completed - Payment processedlicense.updated - License terms changedthreshold.reached - Usage threshold metWebhooks will be signed with HMAC-SHA256 for verification.
MCP provides standardized integration for AI models to discover and respect content licenses.
Batch license discovery for multiple URLs in a single request.
Log usage and calculate charges with automatic HMAC verification.
# MCP Tool Integration
from mcp import Tool, Resource
class CopyrightLicenseChecker(Tool):
name = "copyright_license_checker"
description = "Check content licensing before use"
async def run(self, url: str) -> dict:
response = await self.http_client.post(
"https://ledger.copyright.sh/v1/mcp/discover",
json={"urls": [url]},
headers={"Authorization": f"Bearer {self.api_key}"}
)
return response.json()
# Register with MCP server
mcp_server.register_tool(CopyrightLicenseChecker())
Test your integration without affecting production data.
https://sandbox-api.copyright.sh/v1
test-allow.copyright.sh - Always returns allow licensetest-deny.copyright.sh - Always returns denytest-paid.copyright.sh - Returns paid license ($0.15)test-stages.copyright.sh - Different prices per stageUse these keys in sandbox for testing:
// Read-only test key Bearer test_pk_readonly_a1b2c3d4e5f6 // Full access test key Bearer test_sk_full_z9y8x7w6v5u4t3s2
Our team is here to help you integrate