Woo Plugin — setup walkthrough
Click any screenshot to enlarge. Use ← / → to navigate, Esc to close.
Last updated: 2025-11-30
Stamp a low-visibility forensic grid at download and prove lineage later — no DRM, no PII stored.
/claim.html.
<script src="https://inkdnafingerprint.com/plugin.js"
data-key="pk_XXXX"
data-observe='a[href*=".pdf" i],a[data-inkdna]'
data-mode="loose" async></script>
Get the WP Plugin or see below
InkDNA Fingerprinted Downloads and click
Install Now, then Activate.
API Base and API Key under
WooCommerce → Settings → InkDNA.
The actual api key is provided at the landing page. The plugin is an artifact that exists for your ease of use
While we provide a Woo plugin and a simple CDN loader snippet, other platforms that allow inserting the loader script will work too. We focus engineering effort on the CDN loader and Woo integration; reach out if you need a custom integration.
Use this demo key on Verify to check our stamped sample.
Demo key:
demo_live_d12KIiDxdoLLScgy9Suexow3m9oFAAwS
Download BEFORE.pdf Download AFTER.pdf Open Verify
This key only works on AFTER.pdf and cannot mark.
Stamped files include a faint forensic grid that slightly darkens pages; reading remains normal. Optional canary text (a small visible footer) may be enabled in sandbox/demo to confirm stamping; verification does not depend on it. It will be demolished post beta.
Exact HTML you can drop onto a site that serves downloadable PDFs. This shows the loader, a sample download link, and a few ways to make sure an order token (order id) is included when files are stamped.
Place this near the end of your <body> on pages that
host download links.
<script src="/plugin.js"
data-api="https://your-inkdna-api.example"
data-key="pk_XXXX"
data-observe='a[href*=".pdf" i],a[data-inkdna]'
data-mode="loose" async></script>
Note: the loader requires both
data-api and data-key to run. If either is
missing (for example leaving data-key empty), the loader
will warn in the console and will not run — useful for a non-live demo
page.
Add data-inkdna to your normal PDF anchor and — ideally — a
per-order token via data-inkdna-order:
<a href="/assets/sample.pdf" data-inkdna data-inkdna-order="ORDER-123">Download your PDF</a>When clicked, the loader sends the asset and the detected order token (if present) to your inkdna API to request a stamped PDF.
The loader does not invent an authoritative order id on the
client. If no order token is detected, the loader still calls the
server's /claim endpoint (sending context such as page url
and user-agent). The server is responsible for issuing the internal
token used for that stamped copy and for recording minimal, non-PII
metadata. For strongest legal attribution you should render a unique
order token server-side and expose it to the loader (see patterns
below).
Add the order token directly to the link:
<a href="/assets/sample.pdf" data-inkdna data-inkdna-order="ORDER-123">Download</a>If your platform already appends an order id in the download URL, the loader will detect these query keys:
/assets/sample.pdf?order=ORDER-123
/assets/sample.pdf?order_id=ORDER-123
/assets/sample.pdf?order-received=ORDER-123
Recognized keys: order, order_id,
order-received, oid.
On thank-you or order-complete pages you can add this small snippet. It finds common order elements or query params and copies the value into all PDF links so the loader can pick it up.
<script>(function(){
var el = document.querySelector('#orderNo, .order-number, [data-order-number]');
var ord = el ? (el.textContent || el.value || '').trim() : '';
if (!ord) {
var q = new URLSearchParams(location.search);
ord = q.get('order') || q.get('order_id') || q.get('order-received') || q.get('oid') || '';
}
if (ord) {
// publish at body level and copy to any PDF/download anchors
document.body.dataset.inkdnaOrder = ord;
document.querySelectorAll('a[href*=\".pdf\" i],a[data-inkdna]').forEach(function(a){
a.dataset.inkdnaOrder = ord;
});
}
})();</script>
This snippet is intentionally minimal and safe — it only reads visible
page content and query params and writes a
data-inkdna-order attribute to anchors. It does not access
any backend or sensitive data.
data-inkdna-order="{{ORDER_TOKEN}}").
data-api (your API base) and
data-key (public key prefix). If either is missing the
loader will not run.
If you use WooCommerce, the plugin automates order mapping on the thank-you page — see the “Woo Plugin Setup Walkthrough” images below for visual steps.
Click any screenshot to enlarge. Use ← / → to navigate, Esc to close.
Order IDs make takedowns provable. The loader auto-detects them from attributes, URL params, or page hints. Use one of these:
<a href="/files/ebook.pdf" data-inkdna data-inkdna-order="ORDER-123">Download</a>
<script>(function(){
var el = document.querySelector('#orderNo, .order-number, [data-order-number]');
var ord = el ? (el.textContent || el.value || '').trim() : '';
if (!ord) {
var q = new URLSearchParams(location.search);
ord = q.get('order') || q.get('order_id') || q.get('order-received') || q.get('oid') || '';
}
if (ord) {
document.body.dataset.inkdnaOrder = ord;
document.querySelectorAll('a[href*=".pdf" i],a[data-inkdna]').forEach(function(a){
a.dataset.inkdnaOrder = ord;
});
}
})();</script>
<script>(function(){
var p=new URLSearchParams(location.search);
var ord=p.get('order-received')||p.get('order')||'';
if(ord) document.body.dataset.inkdnaOrder=ord;
})();</script>
# 1) Verify a file with a known order ID
curl -H "X-API-Key: ink_live_xxx" \
-H "X-Order-Id: ORDER-12345" \
-F file=@suspect.pdf \
https://ashtonx24-inkdna.hf.space/detect
# 2) Verify using embedded FID (metadata-based)
curl -H "X-API-Key: ink_live_xxx" \
-F file=@suspect.pdf \
https://ashtonx24-inkdna.hf.space/detect/guess
# 3) Identify origin automatically (no order ID required)
curl -H "X-API-Key: ink_live_xxx" \
-F file=@suspect.pdf \
https://ashtonx24-inkdna.hf.space/detect/identify
Advanced: You can optionally include a layout reference
header X-Ref-Q (Base64 URL-safe) when calling any of the
endpoints above. It supplies a pre-computed layout signature vector for
additional layout-similarity evidence. This is optional and not required
for normal verification.
/claim{ publicKey, asset, context: { orderId?, referer, userAgent? }
}
{ token, expiresAt, policy }/fp?token=…202 +
Retry-After if still rendering.
data-mode="loose" for testing;
switch to "strict" once stable.
/claim? Add your domain on the claim
page.
data-inkdna-order or the auto script
above.
Do I need to pass an order ID?
Not always. InkDNA supports three verification modes:
/detect — when you know the order_id to
confirm attribution.
/detect/guess — when the file still has its embedded FID
metadata.
/detect/identify — when no order ID or metadata is
available; the system searches your stored fingerprints and identifies
the most likely origin automatically.
Providing the correct order ID still yields the most reliable attribution and highest confidence score, but the identify mode works well for leaked or stripped files too.
What if I call Verify without an order ID?
The system will automatically use /detect/identify to find
the most probable match from your tenant's stored fingerprints. This
process is still secure and tenant-isolated — only your own fingerprints
are compared.
Do screenshots or images work?
Yes. Full-page screenshots and page-captured images are supported.
Partial or low-resolution crops may reduce accuracy, but complete page
captures still yield high confidence.
Prefer the terminal? Check the curl example above.
Summary: Providing an order_id gives the
strongest attribution, but you can also verify files with embedded
metadata or let the system identify the origin automatically.