EchoMark specializes in visual content protection that embeds invisible marks into the content itself that often survives the analog-hole providing content creators additional tools to investigate such information leak vectors.
The EchoMark API provides a REST interface for forensically watermarking documents and resolving those watermarks. This guide provides basic developer documentation for users of the EchoMark API.
Core Concepts
First, we will review a few core concepts in the EchoMark API.
- Content to mark or “original content”. This refers to your content before watermarking. In v2.0 of the API, we support content in the form of images, pdfs, and html.
- Recipient. The identity of one intended recipient of forensically watermarked content. Recipients must be uniquely identified by some string.
- Marked Copy. A forensically watermarked version of the original content individualized to a particular recipient.
- Artifact. A reproduction of a marked copy copying its content and potentially changing format/media. An example of an artifact is a screenshot of a sensitive document posted to social media, i.e., an unauthorized disclosure.
- Investigation. The process of resolving an artifact to a marked copy and, thus, an intended recipient.
Structure
The developer interacts with the API with HTTP endpoints. For marking tasks, a POST request can be issued to the appropriate endpoint with the original content, a set of marking options, and the intended recipient's identity. The request returns a response after marking is completed with the marked content as a byte stream in a multipart form message. Marking tasks are intended to be blocking and fast.
Investigation tasks may take longer so the workflow is slightly different. For these tasks, a POST request sends the appropriate content such as the artifact and potentially a copy of the original content to the API server. This request queues an asynchronous task to run in the background to complete the investigation. The developer's post request returns quickly with a call-back pointer to the investigation. There is further an interface to render the results of an investigation as a standalone html page to visualize the results.