What is an approval proof? The anatomy of a verifiable client sign-off
An approval proof is a dated, tamper-evident record that a specific client approved a specific piece of content — one that anyone can verify later, without taking your word for it. The strongest version pins the exact content with a cryptographic hash, the moment with a UTC timestamp, and offers an independent public page where the record can be checked. A verbal "looks good," a chat thumbs-up, or a screenshot is not an approval proof — it's a memory you hope holds up.
What an approval proof is made of
A record only protects you if it can answer four questions at once. Drop any one and the proof gets argued away.
- The exact content. Not "the post," but this version — caption and media — fixed by a SHA-256 content hash. Change a single character afterwards and the hash no longer matches, so a later edit can't quietly pass as the approved version.
- The moment. A UTC timestamp of when the client approved — so "when did they agree?" is a lookup, not a memory contest.
- The act, honestly labelled. The client's affirmative Approve, with the assurance level stated plainly (a link tap, or a link tap plus a contact) rather than overclaimed.
- Independent verification. A public page anyone can open to confirm the record hasn't been altered — without an account, and without having to trust the vendor's private log.
How the common methods hold up
Most "proof" in social media work is one of the rows below. Only the last one answers all four columns.
| Method | Pinned to the exact version? | Dated? | Editable after? | Anyone can verify? |
|---|---|---|---|---|
| Verbal "looks good" | No | No | n/a | No |
| Chat thumbs-up | No | Partly | Yes — deletable | No |
| Screenshot | Weak | Shown, forgeable | Yes | No |
| Email "approved" | Only if content attached | Yes | Hard | No — private |
| Approval-tool audit log | Yes | Yes | Vendor can | No — vendor-held |
| Publicly-verifiable signed record | Yes | Yes (UTC) | No — hash breaks | Yes — public page |
An email or a tool's audit log is a real step up from a screenshot — but both stay private to you or the vendor. The jump is being able to hand a third party a link they can check themselves.
See a real one
Here is a live sample approval proof. Open it and confirm it yourself — no account, nothing to install.
- Certificate IDMZTAGUF23EP6
- What it recordsthe approved post + a SHA-256 content hash
- Whena UTC timestamp of the approval
- How it's checkeda public page; the hash must still match
An open standard — so you don't have to trust us
The way these certificates are built is published as an open specification: Approval-Proof. The exact byte format and the signature are fully documented, so anyone can reproduce the record and re-check the signature themselves — with a free reference verifier, and without access to our system. That is what "verifiable without trusting the vendor" actually means.
Read the open Approval-Proof spec on GitHub →
Why it matters
The dispute that costs you is rarely "I never approved that." It's the quieter "I approved a different version," weeks later, when money or reputation is on the line. An approval proof closes both: it shows exactly what was agreed and when — and lets anyone confirm it without your say-so. That's the difference between a position you can show and an argument you have to win.
Frequently asked questions
How is an approval proof different from a screenshot?
A screenshot shows that someone said something, but it carries no metadata, isn't pinned to the exact version, and can be edited in seconds — so in a dispute it can be waved away as "doctored." An approval proof ties the affirmative to a specific, dated version and can be independently verified, which a screenshot cannot.
What does "tamper-evident" mean here?
It means any change to the approved content is detectable. The proof stores a SHA-256 hash of the exact post; if a single character changes afterwards, re-computing the hash gives a different value, so the alteration shows. It is "tamper-evident," not "tamper-proof" — the point is that tampering can't pass unnoticed.
Can the client verify it without an account?
Yes. Verification happens on a public page from the certificate ID — no login, no app, nothing to install. That's what makes it usable as proof you can hand to a third party, rather than a record only you can see.
Does an approval proof replace a contract?
No — it complements one. A contract sets the terms; an approval proof is the dated, verifiable record that a specific post was signed off under them. Keep both: the contract for scope, the proof for "this version, on this date."
Is this the same as an e-signature?
Not quite. E-signature tools are built for heavy documents and a formal signing flow. An approval proof is lighter and made for the everyday case — a client approving a single social post on a plain link, with a verifiable, dated record captured automatically.
This page explains how proof of approval works and is provided for clarity. It is not legal advice. See the Security & proof page for how data is handled, and the Terms and Privacy Policy for the binding terms.