How Verification Works

"How do you actually verify this stuff?"

Fair question. If you're going to trust a platform to confirm your work, you deserve to know how it works under the hood.

Here's the honest breakdown of every verification method we use — what it proves, how it works, and what we never see.

The Verification Stack

ProofFabric uses four verification levels, each proving something different:

Verification	What It Proves	Trust Level
Live Check	The URL responds	Observed
Domain Ownership	You control the domain	Verified
GitHub Linked	You own or contribute to the repo	Verified
Revenue Range	The product makes money	Verified

Let's break each one down.

1. Live Check (Observed)

What it proves: This thing exists and is accessible.

How it works:

You enter a URL
We ping it
If it responds with a 200 status, you get the "Live" badge

What we see: Only that the URL responds. We don't track uptime, don't store response data, don't monitor it continuously.

Why it matters: It's the minimum bar. Anyone can claim they built something — this confirms it actually exists on the internet right now.

Trust level: Observed. We checked, it's there. But we haven't confirmed you own it yet.

2. Domain Ownership (Verified)

What it proves: You control this domain's DNS settings — which means you own it or have admin access.

How it works:

We generate a unique verification code for you
You add it as a TXT record to your domain's DNS
You click "Verify"
We query the DNS for that TXT record
If it matches, you're verified

Example:

Record Type: TXT
Host: @
Value: prooffabric-verify=abc123xyz

What we see: Only the public DNS record. We don't access your registrar, don't see other DNS records, don't store credentials.

Why it matters: DNS access is the gold standard for domain ownership. You can't add a TXT record unless you control the domain. Period.

Trust level: Verified. This is cryptographic-level proof of ownership.

Time required: 2 minutes to add the record + up to 24 hours for DNS propagation (usually much faster).

3. GitHub Linked (Verified)

What it proves: Your GitHub account is connected, and you own or contribute to the repository.

How it works:

You click "Connect GitHub"
GitHub OAuth asks you to authorize ProofFabric
You approve (read-only access)
We check if your GitHub username matches the repo owner or contributors
If yes, you're verified

What we request:

Read access to your public profile
Read access to your public repositories

What we never request:

Write access to anything
Access to private repos (unless you explicitly grant it)
Your email or personal data beyond username

Why it matters: GitHub is the source of truth for code. If your account owns the repo or shows commits, you demonstrably built it.

Trust level: Verified. OAuth confirmation from GitHub itself.

4. Revenue Verification (Coming Soon)

What it proves: This product generates real revenue in a specific range.

How it will work:

You connect your Stripe account via OAuth
We query aggregate revenue data
We assign a range (e.g., "$1k–$10k lifetime")
You get the revenue badge

What we'll see: Only aggregate numbers needed to assign a range. We won't see individual transactions, customer data, or exact figures.

What we'll display: A range, not exact numbers. Your revenue stays private — we just confirm it's real.

Why it matters: Revenue is the ultimate proof of value. Someone paid for this. That's not fakeable.

Trust level: Verified. Direct confirmation from the payment processor.

Status: Coming soon. We're finalizing the Stripe integration.

What We Never Do

Let's be explicit about boundaries:

We Never...	Why
Store your credentials	OAuth tokens are encrypted and scoped
Access private repos without permission	We request minimum scopes
See exact revenue numbers	Only ranges, for privacy
Write to your GitHub	Read-only access only
Track your sites continuously	One-time checks, not monitoring
Share verification data	Your proof is yours

Your privacy isn't the cost of verification. It's a constraint we design around.

Why Not Just Screenshots?

You might wonder: why not just upload a screenshot of your Stripe dashboard or GitHub commits?

Because screenshots lie.

In 2026, anyone can generate a fake screenshot in seconds. AI makes it trivial. Screenshots prove nothing except that someone has Photoshop — or ChatGPT.

System-level verification is different:

DNS records can't be faked without domain access
GitHub OAuth comes directly from GitHub's servers
Stripe OAuth comes directly from Stripe's API

We verify at the source, not the surface.

The Verification Hierarchy

Not every card needs every verification. Here's how to think about it:

Minimum viable proof:

Live check ✓

Solid proof:

Live check ✓
Domain ownership ✓

Strong proof:

Live check ✓
Domain ownership ✓
GitHub linked ✓

Undeniable proof:

Live check ✓
Domain ownership ✓
GitHub linked ✓
Revenue verified ✓

Each level adds trust. But even one verification puts you ahead of 90% of portfolios that are purely self-reported.

Common Questions

How long does verification take?

Live check: Instant
Domain: 2 min setup + DNS propagation (minutes to hours)
GitHub: 30 seconds (OAuth flow)
Revenue: 1 minute once available

Can I remove a verification? Yes. Disconnect anytime. The badge disappears immediately.

What if my DNS hasn't propagated? We'll tell you. Just wait and try again — usually resolves within an hour.

Do I need to verify everything? No. Add what you're comfortable with. More verification = more trust, but one verified signal is still valuable.

Is my data safe? We use encrypted OAuth tokens, don't store credentials, and follow security best practices. See our Privacy Policy for details.

Start Verifying

Verification isn't about bureaucracy. It's about making your work undeniable.

In a world where anyone can claim anything, verified proof is rare. And rare is valuable.

Ready to prove what you've built?

Create Your Proof Card →