EPM Adoption Kit
3 curl commands from zero to verified evidence.
Step 1: Get Fresh Manifest
Generate unique DSSE envelope
curl -s https://api.feedoracle.io/api/v1/epm/example/fresh | jq .manifest.manifest_id # → "EPM-RLUSD-20260130235959"
Save the full response to fresh.json for verification.
Step 2: Verify (First Call → PASS)
Submit DSSE for verification
curl -X POST -H "Content-Type: application/json" \ -d @fresh.json https://api.feedoracle.io/api/v1/epm/verify | jq .status # → "PASS"
Response includes verified_at, manifest_hash, signature checks.
Step 3: Replay (Second Call → 409)
Same manifest_id = blocked
curl -X POST -H "Content-Type: application/json" \ -d @fresh.json https://api.feedoracle.io/api/v1/epm/verify # → HTTP 409: REPLAY_DETECTED
Each manifest_id can only be verified once. This is the replay protection.
Webhook Integration (CloudEvents)
{
"specversion": "1.0",
"type": "feedoracle.evidence.verified",
"source": "https://api.feedoracle.io/api/v1/epm",
"id": "evt-abc123",
"time": "2026-01-30T23:00:00Z",
"data": {
"manifest_id": "EPM-RLUSD-20260130",
"manifest_url": "https://api.feedoracle.io/api/v1/epm/manifest/EPM-RLUSD-20260130",
"epm_version": "1.0",
"type": "rlusd.integrity",
"jurisdiction": "GLOBAL"
}
}
Subscribe at /docs/webhooks.html
EPM Data Flow
┌─────────────┐ ┌──────────────┐ ┌─────────────┐
│ Your App │────▶│ /epm/verify │────▶│ PASS/FAIL │
└─────────────┘ └──────────────┘ └─────────────┘
│ │ │
│ ▼ │
│ ┌──────────────┐ │
│ │ Replay Cache │ │
│ │ (1h TTL) │ │
│ └──────────────┘ │
│ │ │
▼ ▼ ▼
┌─────────────┐ ┌──────────────┐ ┌─────────────┐
│ Webhook │◀────│ CloudEvent │ │ Audit Log │
└─────────────┘ └──────────────┘ └─────────────┘
Resources
Risk Boundary: EPM provides data infrastructure and verifiable evidence artifacts.
This is not certification of any kind, legal advice, or guarantee of upstream data accuracy.