Getting Started

Quickstart

Submit your first record to the Bedrock ledger in under five minutes.

This guide takes you from zero to a signed certificate. By the end you will have recorded a real piece of advice into your firm's hash chain, watched it move through review, and downloaded the cryptographic proof.

1. Get an API key

Sign in to the Ledger admin dashboard at https://ledger.bedrockcompliance.co.uk, open Settings → API Keys, and click Create key. Give it a descriptive name (e.g. local-dev) and copy the secret. You will only see it once — store it somewhere safe.

Keys are scoped to a single firm and prefixed with bk_live_ (production) or bk_test_ (sandbox). Treat them like passwords.

2. Sanity check the connection

bash
curl https://api.bedrockcompliance.co.uk/health

You should get back:

json
{ "status": "ok", "timestamp": "2026-04-07T12:34:56.000Z" }

3. Upload the source document

Submission is a two-step flow: ask Bedrock for a presigned upload URL, PUT the document bytes to it, then submit the resulting documentKey for review. Bedrock never proxies the document bytes itself.

bash
curl -X POST https://api.bedrockcompliance.co.uk/v1/principal/uploads \
  -H "X-Bedrock-Key: bk_live_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{ "filename": "report.pdf", "contentType": "application/pdf" }'
json
{
  "uploadUrl": "https://uploads.s3.eu-west-2.amazonaws.com/uploads/firm_.../...",
  "documentKey": "uploads/firm_.../<uuid>/report.pdf"
}

Upload the file to the URL — the Content-Type on the PUT must match the value you passed above:

bash
curl -X PUT "$UPLOAD_URL" \
  -H "Content-Type: application/pdf" \
  --data-binary @./report.pdf

4. Submit the document for review

Each review job represents a discrete piece of advice: a suitability report, an investment recommendation, an updated risk profile. Submitting a job copies the document into your firm's immutable ledger bucket and writes a DOCUMENT_SUBMITTED event to the append-only chain.

bash
curl -X POST https://api.bedrockcompliance.co.uk/v1/principal/jobs \
  -H "X-Bedrock-Key: bk_live_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "documentKey": "uploads/firm_.../<uuid>/report.pdf",
    "documentType": "SUITABILITY_REPORT",
    "clientReference": "client-12345",
    "documentReference": "report-2026-04-07-001",
    "factFindSummary": {
      "riskProfile": "Moderate",
      "investmentObjective": "Capital growth",
      "investmentHorizon": "5–10 years",
      "capacityForLoss": "Can absorb 20% loss",
      "existingHoldings": ["Cash ISA"],
      "vulnerabilityFlags": [],
      "annualIncome": "£55,000",
      "netWorth": "£180,000"
    }
  }'

The response contains the created Job with its id and queued status:

json
{
  "id": "01HX4...",
  "status": "QUEUED",
  "documentType": "SUITABILITY_REPORT",
  "clientReference": "client-12345",
  "documentReference": "report-2026-04-07-001",
  "submittedAt": "2026-04-07T12:35:01.000Z",
  "slaDeadline": "2026-04-09T12:35:01.000Z"
}

5. Watch it move through review

Reviewers in your firm will see the job land in their queue inside Review. You can poll its status from the API:

bash
curl https://api.bedrockcompliance.co.uk/v1/principal/jobs/01HX4... \
  -H "X-Bedrock-Key: bk_live_your_api_key"

The job transitions through QUEUED → ASSIGNED → IN_REVIEW and then lands on a terminal status of APPROVED, MODIFIED, REJECTED or ESCALATED. The outcome field on terminal states is one of APPROVED, APPROVED_WITH_MODIFICATIONS, or REJECTED. Each transition is recorded as a ledger event. See Ledger events for the full lifecycle.

6. Download the certificate

When the review is complete, Bedrock issues a signed certificate. It contains the outcome, the reviewer's details, the ledger position, and a cryptographic proof anyone can verify against your firm's public key.

bash
curl https://api.bedrockcompliance.co.uk/v1/ledger/certificates \
  -H "X-Bedrock-Key: bk_live_your_api_key"

Each certificate in the response includes an id and a recordId. To fetch a presigned URL for the PDF for a specific record, call GET /v1/ledger/records/{id}/certificate. Hand the certificate ID to the client and they can verify it themselves at verify.bedrockcompliance.co.uk — or programmatically against GET /v1/verify/{certificateId} — without trusting your firm.

What you just did

  • Authenticated against the Bedrock API.
  • Created a Review job for a piece of advice.
  • Triggered an entry in your firm's tamper-evident ledger.
  • Issued a cryptographically signed certificate that any third party can verify.

What's next

Bedrock AIAsk me anything about Bedrock

Hi! I'm Bedrock's AI assistant. I can answer questions about the product, pricing, compliance coverage, and integrations. What would you like to know?