MT Salesguard Developer Guide: Verify Product Provenance in One API Call

MT Salesguard is a product provenance API that issues W3C Verifiable Credentials (VCs) for brand-registered products. It uses Ed25519 digital signatures, anchors credential hashes on Base L2, and exposes 5 REST endpoints. Brands register products; shopping agents verify them before purchase. Part of MolTrust v0.7.0, available at moltrust.ch.

Verify a Product: One GET Request

The verification endpoint is public. No API key. No signup. Any agent or application can check whether a product ID is registered by a verified brand.

# Verify any product in one call
curl https://api.moltrust.ch/guard/salesguard/verify/NIKE-AF1-2026-WHITE-42

The response tells you exactly whether the product is genuine:

{
  "product_id": "NIKE-AF1-2026-WHITE-42",
  "verified": true,
  "brand": {
    "name": "Nike",
    "did": "did:web:api.moltrust.ch:brands:abc123",
    "domain": "nike.com"
  },
  "credential_hash": "sha256:9f86d08...",
  "base_anchor": "0xabc123...",
  "risk_level": "LOW"
}

Unregistered products return verified: false and risk_level: HIGH. That single field is enough for a shopping agent to reject a listing.

Register as a Brand: 3 Steps

Brand registration generates a W3C Decentralized Identifier (DID), an API key, and a Base L2 anchor. All 3 steps are free during Early Access.

import requests

# Step 1: Register your brand (free, no auth)
brand = requests.post("https://api.moltrust.ch/guard/salesguard/brand/register", json={
    "name": "Acme Goods",
    "domain": "acmegoods.com",
    "contact_email": "brand@acmegoods.com"
}).json()

api_key = brand["api_key"]   # sg_a1b2c3d4e5...
brand_did = brand["did"]     # did:web:api.moltrust.ch:brands:uuid

# Step 2: Register a product (requires Bearer token)
product = requests.post("https://api.moltrust.ch/guard/salesguard/product/register", json={
    "product_id": "ACME-WIDGET-001",
    "name": "Acme Widget v1"
}, headers={"Authorization": f"Bearer {api_key}"}).json()

print(product["credential"])       # W3C ProductProvenanceCredential (JWS)
print(product["credential_hash"])  # SHA-256 hash of the signed VC
print(product["base_anchor"])      # Base L2 transaction reference

# Step 3: Authorize a reseller (optional)
reseller = requests.post("https://api.moltrust.ch/guard/salesguard/reseller/authorize", json={
    "reseller_did": "did:web:reseller.example.com",
    "reseller_name": "Trusted Reseller Inc.",
    "authorized_skus": ["ACME-WIDGET-001"],
    "expires_at": "2027-01-01T00:00:00Z"
}, headers={"Authorization": f"Bearer {api_key}"}).json()

print(reseller["credential"])  # W3C AuthorizedResellerCredential (JWS)

Step 1 returns a did:web identifier following the W3C Decentralized Identifiers (DIDs) specification. Steps 2 and 3 return W3C Verifiable Credentials (VCs) signed with Ed25519 in JWS compact serialization.

Gate Purchases as a Shopping Agent

A shopping agent using MT Shopping can add Salesguard verification to its purchase pipeline. The check adds under 200ms to the flow.

import requests

def should_buy(product_id: str) -> bool:
    """Check product provenance before purchasing."""
    resp = requests.get(
        f"https://api.moltrust.ch/guard/salesguard/verify/{product_id}"
    ).json()

    if not resp.get("verified"):
        print(f"BLOCKED: {product_id} not verified (risk: {resp['risk_level']})")
        return False

    # Optionally check reseller authorization
    reseller = requests.get(
        f"https://api.moltrust.ch/guard/salesguard/reseller/verify/{seller_did}"
    ).json()

    if not reseller.get("authorized"):
        print(f"WARNING: Seller {seller_did} not an authorized reseller")
        return False

    return True

2 API calls. Under 400ms total. Zero counterfeit risk.

How MT Salesguard Compares

Most brand protection services focus on human consumers: holograms, QR codes, visual inspections. MT Salesguard is built for the A2A economy where the buyer is an algorithm, not a person. The verification is machine-readable by design, uses open W3C standards rather than proprietary formats, and anchors proof on Base L2 rather than a private database.

The 5 Endpoints

POST /salesguard/brand/register — Register a brand, receive a DID and API key. Free, no auth.
POST /salesguard/product/register — Register a product SKU, receive a signed ProductProvenanceCredential. Requires Bearer token.
POST /salesguard/reseller/authorize — Authorize a reseller for specific SKUs, receive a signed AuthorizedResellerCredential. Requires Bearer token.
GET /salesguard/verify/:product_id — Verify product provenance. Public, no auth.
GET /salesguard/reseller/verify/:reseller_did — Verify reseller authorization. Public, no auth.

All 5 endpoints are free during Early Access. Production pricing: $500 brand onboarding, $50 per reseller, $1–5 per SKU (USDC via the x402 payment protocol on Base L2).

MCP Integration

MT Salesguard is also available as 3 MCP tools via pip install moltrust-mcp-server (33 tools total in v0.7.0):

# Install
pip install moltrust-mcp-server

# Available tools:
# mt_salesguard_verify    — verify product provenance
# mt_salesguard_reseller  — verify reseller authorization
# mt_salesguard_register  — register a brand

The Model Context Protocol (MCP) integration means any MCP-compatible client — Claude Desktop, Cursor, Windsurf — can verify product provenance natively without writing HTTP calls.

5 endpoints. W3C VCs. Ed25519 signatures. Base L2 anchors.

Machine-readable provenance for the A2A economy.

api.moltrust.ch/guard/salesguard/verify/:product_id

FAQ

What is MT Salesguard?

MT Salesguard is a product provenance API that issues W3C Verifiable Credentials for brand-registered products. It allows shopping agents to verify whether a product is genuine before purchasing, using Ed25519-signed credentials anchored on Base L2.

Who is MT Salesguard for?

Brands that sell physical or digital products and want machine-readable proof of authenticity. Developers building shopping agents, marketplace platforms, or supply chain tools that need automated counterfeit detection.

How much does it cost?

All 5 endpoints are free during Early Access. Production pricing: $500 brand onboarding, $50 per authorized reseller, $1–5 per product SKU. Payments via the x402 payment protocol in USDC on Base L2. Verification endpoints remain free permanently.

What standards does it use?

W3C Decentralized Identifiers (DIDs) for brand identity, W3C Verifiable Credentials (VCs) for product provenance and reseller authorization, Ed25519 JWS compact serialization for cryptographic signatures, and the x402 payment protocol on Base L2 for on-chain settlement.

Start Verifying Product Provenance

Free during Early Access. 33 MCP tools via pip install. W3C Verifiable Credentials anchored on Base.

API Docs → pip install →

Written by the MolTrust Team (CryptoKRI GmbH, Zurich). Follow @MolTrust on X for updates.