Standalone Usage
Protect and inspect assets without React hooks
Standalone Protection & Inspection
The SDK provides standalone functions for protecting and inspecting assets without React hooks. These are useful for server-side rendering, non-React environments, or batch processing.
Protecting an Existing Asset
Use protectAsset to apply a cryptographic seal to an existing media file:
import { protectAsset } from "@trustnxt/protect-react";
const result = await protectAsset({
apiKey: "tnxt_live_...",
apiSecret: "tnxt_secret_...",
asset: imageBlob,
tags: { photographer: "Jane Doe" },
source: "upload",
});
// result.protectedBlob — sealed asset with trust label
upload(result.protectedBlob);Important security consideration: Protecting an existing asset is inherently less secure than capturing directly using the capture API. When you protect an existing file, you can only guarantee that the asset has not been tampered with from this point on — it provides no guarantees about the origin or authenticity of the original file. For maximum trust and security, always prefer direct capture using useCapture.
Options
| Option | Type | Description |
|---|---|---|
apiKey | string | TrustNXT API key. |
apiSecret | string | TrustNXT API secret. |
sandbox | boolean | Whether to use the sandbox API (default: false). |
baseUrl | string | Custom API base URL override. |
asset | Blob | The media file to protect. |
tags | Record<string, string> | Custom metadata tags. |
cameraSettings | CameraSettings | Camera EXIF metadata. |
sensorSnapshot | SensorSnapshot | Device sensor data. |
source | ProtectSource | "camera" | "upload" | "imported". |
Source Modes
camera: Asset was captured by the app — indicates a first-party capture.upload/imported: User-provided asset — indicates the asset was acquired externally and is being sealed from this point on.
Inspecting an Asset
Use inspectAsset to verify a protected asset's trust label:
import { inspectAsset } from "@trustnxt/protect-react";
const result = await inspectAsset(protectedBlob);
if (result.labelValid) {
console.log("Signed by:", result.signature?.signedBy);
console.log("GPS:", result.gps);
console.log("Device:", result.device);
} else {
console.log("Invalid:", result.reason);
}Response
The InspectAPIResponse includes:
| Field | Type | Description |
|---|---|---|
labelValid | boolean | Whether the trust label is valid. |
reason | string? | Failure reason (when labelValid is false). |
signature | object? | Signing certificate info (CN, issuer, validity dates). |
gps | GpsData? | GPS coordinates at capture time. |
device | DeviceInfo? | Device model, OS, SDK version. |
camera | CameraSettings? | Camera lens, ISO, aperture, etc. |
orientation | DeviceOrientation? | Roll, pitch, yaw. |
network | NetworkInfo? | WiFi/cellular status. |