Frequently Asked Questions

MIR Assertions is a system for creating cryptographically-signed statements about media artifacts (images, videos, documents). Each assertion records who made a statement and when, anchored by a digital signature that anyone can verify.

No. MIR records the identity of the asserter, not whether the assertion is accurate. Think of it like a notary stamp — it proves who signed, not whether the content is correct. Consumers decide how much to trust each issuer based on their reputation and domain verification.

ISSUED_BY — "We created or published this."

NOT_ISSUED_BY — "This was not created by us."

LICENSED_TO — "This is licensed to a specific party."

TRANSFORMED_BY — "This was modified (cropped, AI-enhanced, etc.)."

DISPUTE — "We dispute another assertion about this artifact."

SUPERSEDES — "This replaces a previous assertion."

ROLE_SCOPE, INTENT, METHOD — Additional context about creation.

Use the public lookup page to search by SHA-256 hash or drop/paste an image. You can also use the GET /assertions/lookup?hash=... API endpoint or embed the widget on your own site.

Re-encoding changes the SHA-256 hash, so the exact match will fail. MIR also computes a perceptual hash (visual fingerprint) that survives re-encoding, compression, and minor edits. If the original assertion has a perceptual hash stored, the file lookup will find it as a "content match" even if the bytes are different.

Apply through the issuer application form. Applications are reviewed manually. Once approved, you'll set up your signing keys and subscribe to a plan.

Domain verification proves you control the domain associated with your issuer account. You add a DNS TXT record (_mir-verify.yourdomain.com) with a token we provide, then click verify. Verified domains get a checkmark in public lookups, increasing trust.

Signing keys are cryptographic key pairs (Ed25519 or ES256) used to sign assertions. You generate the key pair locally — the private key never leaves your infrastructure. You register only the public key with MIR. Each assertion includes a signature that anyone can verify using your public key.

Yes, with an Enterprise plan. You can invite team members who each register their own signing key. This way you can track which individual signed each assertion while all keys are tied to your organization.

Individual — $79/year. One domain, one signing key, full API access.

Enterprise — $349/year. Up to 3 domains included, team signing keys with invites, and add-on domains at $99/year each beyond the included 3.

The first 1,000 issuers get their subscription price locked at the rate they sign up at — forever. Your founder number is displayed in the portal.

Your subscription stays active until the end of the billing period. After that, your API key is disabled and you'll see a resubscribe notice when logging into the portal. Your assertions remain public and verifiable — they're never deleted. Resubscribe at any time to regain access.

Yes. Go to the Billing tab in the Issuer Portal and click "Upgrade to Enterprise." Your current billing period is prorated automatically.

Include your API key in the x-api-key header. Your API key is generated in the Issuer Portal and shown once — store it securely. MIR stores only a SHA-256 hash of the key.

Hash your artifact (SHA-256), build a JSON payload with the hash and assertion type, sign it with your private key, then POST /assertions with the payload and signature. See the documentation for the full reference.

Yes. The Browser Signer lets you create assertions entirely in the browser. Your private key stays in your browser and is never sent to MIR. You can also create assertions from the Issuer Portal.

Yes. MIR provides embeddable widget scripts (mir-assert-overlay.js and mir-badge-overlay.js) that work cross-origin. Add them to your page and they'll automatically show assertion status for your images.