Signed snapshots
Our refresh pipeline runs every 6 hours, re-scrapes public signals, and writes a signed snapshot of the leaderboard to our object-store archive (so each refresh cycle is signed — not just the once-a-day publish). You can verify any snapshot matches what SupplierSpy signed without trusting this server at all.
What you need
- The public key — /.well-known/jwks.json (JWK format, ECDSA P-256).
- The fingerprint — /.well-known/trust.txt (
sha256:<32-hex>). Verify the JWKS matches this fingerprint before trusting the key. - A signed snapshot — pick any date below. Each has a paired
.sigfile.
How to verify
Every snapshot is signed over its canonical JSON (keys sorted) using ECDSA P-256 + SHA-256 (alg ES256). Any language's WebCrypto verifier works. Pseudocode:
// Browser or Node 20+
const jwks = await (await fetch('https://supplierspy.com/.well-known/jwks.json')).json();
const pub = await crypto.subtle.importKey('jwk', jwks.keys[0],
{ name: 'ECDSA', namedCurve: 'P-256' }, false, ['verify']);
const body = await (await fetch('https://supplierspy.com/snapshots/DATE.json')).text();
const sigJson = await (await fetch('https://supplierspy.com/snapshots/DATE.json.sig')).json();
const sigBytes = Uint8Array.from(atob(
sigJson.signature.replace(/-/g,'+').replace(/_/g,'/')
), c => c.charCodeAt(0));
const ok = await crypto.subtle.verify({ name: 'ECDSA', hash: 'SHA-256' },
pub, sigBytes, new TextEncoder().encode(body));
// ok === true means this snapshot was signed by SupplierSpy
Archive
- 2026-04-29T18-00-42-115Z.json · signature · how to verify
- 2026-04-29T12-00-42-176Z.json · signature · how to verify
- 2026-04-29T06-00-42-151Z.json · signature · how to verify
- 2026-04-29T00-00-15-706Z.json · signature · how to verify
- 2026-04-28T18-00-15-970Z.json · signature · how to verify
- 2026-04-28T12-00-20-550Z.json · signature · how to verify
- 2026-04-28T06-00-32-068Z.json · signature · how to verify
- 2026-04-28T00-00-39-174Z.json · signature · how to verify
- 2026-04-27T18-00-34-651Z.json · signature · how to verify
- 2026-04-27T12-00-31-917Z.json · signature · how to verify
- 2026-04-27T06-00-22-692Z.json · signature · how to verify
- 2026-04-27T00-00-24-683Z.json · signature · how to verify
- 2026-04-26T18-00-34-873Z.json · signature · how to verify
- 2026-04-26T12-00-31-445Z.json · signature · how to verify
- 2026-04-26T06-00-26-486Z.json · signature · how to verify
- 2026-04-26T00-00-39-665Z.json · signature · how to verify
- 2026-04-25T18-00-37-459Z.json · signature · how to verify
- 2026-04-25T12-00-44-203Z.json · signature · how to verify
- 2026-04-25T06-00-42-234Z.json · signature · how to verify
- 2026-04-25T00-00-59-056Z.json · signature · how to verify
- 2026-04-24T18-00-57-799Z.json · signature · how to verify
- 2026-04-24T12-00-56-335Z.json · signature · how to verify
- 2026-04-24T06-01-12-013Z.json · signature · how to verify
- 2026-04-24T00-00-25-841Z.json · signature · how to verify
- 2026-04-23T18-00-33-853Z.json · signature · how to verify
- 2026-04-23T12-00-20-276Z.json · signature · how to verify
- 2026-04-23T06-00-21-285Z.json · signature · how to verify
- 2026-04-23T00-00-16-075Z.json · signature · how to verify
- 2026-04-22T18-00-18-055Z.json · signature · how to verify
- 2026-04-22T12-00-18-094Z.json · signature · how to verify
- 2026-04-22T06-00-59-654Z.json · signature · how to verify
- 2026-04-22T00-00-48-752Z.json · signature · how to verify
- 2026-04-21T18-00-23-792Z.json · signature · how to verify
- 2026-04-21T12-00-23-882Z.json · signature · how to verify
- 2026-04-21T06-01-10-623Z.json · signature · how to verify
- 2026-04-21T00-00-54-750Z.json · signature · how to verify
- 2026-04-20T18-01-19-037Z.json · signature · how to verify
- 2026-04-20T12-01-08-769Z.json · signature · how to verify
- 2026-04-20T06-00-37-534Z.json · signature · how to verify
- 2026-04-20T00-00-35-031Z.json · signature · how to verify
- 2026-04-19T18-00-58-581Z.json · signature · how to verify
- 2026-04-19T12-00-40-755Z.json · signature · how to verify
- 2026-04-19T06-00-52-248Z.json · signature · how to verify
- 2026-04-19T00-00-47-320Z.json · signature · how to verify
- 2026-04-18T18-00-40-902Z.json · signature · how to verify
- 2026-04-18T14-55-34-461Z.json · signature · how to verify
- 2026-04-18T12-00-31-949Z.json · signature · how to verify
- 2026-04-18T06-01-02-441Z.json · signature · how to verify
- 2026-04-18T00-00-36-302Z.json · signature · how to verify
- 2026-04-17T19-13-27-575Z.json · signature · how to verify