Some audiences need to verify a PageCrawl archive without a PageCrawl account: a regulator examining your records, opposing counsel reviewing a docket capture, an auditor packaging evidence for a board, a journalist citing a primary source. PageCrawl supports this through a public verification page accessible via a signed URL.
This article explains how the link works, what the recipient sees, and how to revoke a link if needed.
Generating a public verification link
From the PageCrawl interface, on any tracked change with an archive:
- Click the link icon (or open the archive information panel).
- Click "Copy public verification link".
- Paste the link into an email, a docket filing, an audit report, or wherever else.
The link is a Laravel signed URL. Anyone who has the link can open the verification page. Anyone who does not have the link cannot guess it, since the signature is cryptographically derived from your account's signing key.
What the recipient sees
The verification page renders without authentication. It shows:
- The source URL and capture timestamp.
- The archive's manifest hash (SHA-256 of the WACZ datapackage).
- Every cryptographic attestation present:
- The embedded WACZ Auth signature (with signing-service domain and creation time)
- The OpenTimestamps Bitcoin anchor proof
- The DigiCert AATL certified timestamp
- The Sectigo AATL certified timestamp
- The eIDAS qualified timestamp (Custom plan only, when applicable)
- A download button for each raw proof file with an inline command-line verification hint (e.g.
ots verify ...,openssl ts -reply -in ...). - A link to open the WACZ in ReplayWeb.page for a fully interactive replay of the captured page.
The page does not expose any other archives, settings, or account information from your workspace. Only the specific archive corresponding to the link.
Audit log of public access
Every public verification page view and every public proof download is logged in your archive access audit log with action = public_verify or action = public_download_proof_<provider>, the recipient's IP address, the user agent, and the timestamp. The log is queryable from the PageCrawl interface and via the API. Chain of custody is preserved even when the recipient is anonymous.
Link expiry and revocation
By default the signed link does not expire. The link remains valid for as long as the archive is retained and the underlying signing key is unchanged.
To revoke a previously issued link, rotate your account's signing key from the workspace security settings. All previously issued public verification links become invalid; subsequent links generated after the rotation are valid against the new key.
For situations where you want time-bound access (for example, sharing with a vendor for a specific audit window), generate a fresh link from the API with an explicit expires_at parameter. The link will reject access after the expiry timestamp.
Why this matters
A public verification link is the lightest practical way to deliver a tamper-proof archive to an external party. The recipient does not need credentials, does not need to install tooling (although they can, for offline verification), and does not need to take your word for it. The page itself shows them every cryptographic attestation, and the underlying proofs are independently verifiable by any standard tooling.
In an era when AI can fabricate any screenshot or document, the public verification page is how PageCrawl users hand off "this is what the page looked like at this moment, attested by parties we don't control" without friction.