( Developers )

Check consent before you generate.

If your product creates, hosts, or distributes AI media, Royall is the infrastructure layer that verifies who owns a likeness, checks whether a use is permitted, and honors the owner's terms — all through one clean API.

Consent check

identity_id: idt_9f2a…

use: voice_synthesis

context: advertising

territory: US

Allowed

license_id: lic_4b81…

scope: voice_synthesis

expires: 2026-12-31

POST /v1/consent/check
200 OK · 42ms
01

( Why use the API )

Know the rights before you build.

Royall is the consent and ownership layer for products that touch a person's identity. One call tells you whether a likeness is claimed, what's permitted, and on what terms — so your product can act responsibly by default.

Verify identity ownership

Ask whether a face, voice, or name is a registered, verified likeness — and who holds the rights — before you generate or publish anything.

Check consent, in real time

Query the current permission state for a specific use. Consent is a live signal, not a checkbox you saved six months ago.

Understand licensing terms

Read the scope, duration, territory, and pricing an owner has approved so you can route compliant, paid uses at the point of creation.

Stay in sync automatically

Subscribe to changes and get notified the moment permissions are updated or revoked — no polling, no stale cache.

1

API call to check consent

<50ms

Median check latency

3

Typed SDKs · TS · Python · Go

100%

Fail-closed by default

02

( Real-world use cases )

One layer, many surfaces.

Anywhere a product creates, hosts, distributes, or authenticates a person's identity, Royall gives you a single call to check permission first.

AI companies

Gate generation on consent. Check a likeness before a model renders a face or synthesizes a voice, and log the verified permission behind each output.

Creator platforms

Let creators bring their registered likeness with them. Verify uploads, honor per-creator terms, and keep impersonation off your platform.

Marketplaces

Confirm sellers actually hold the rights to the likeness they're listing, and surface clean licensing terms buyers can trust.

Voice applications

Match a voice sample against registered fingerprints, check whether synthesis is licensed, and route royalties for approved voice use.

Authentication systems

Use a verified, timestamped likeness record as an identity signal — with the owner's consent and a clear audit trail.

Enterprise products

Bake consent checks into internal creative and marketing tools so every asset that uses a real person is permission-backed.

03

( Consent lifecycle )

Consent is a living signal.

Permission isn't granted once and forgotten. Royall models the whole lifecycle so your product always acts on what's true today — not what was true when you first cached it.

  1. 01

    Request

    Ask an owner for a specific use — scope, duration, and territory. The request lands with the right person or their team to review.

  2. 02

    Verify

    Before you generate, confirm the current state: is this exact use approved, for this identity, right now?

  3. 03

    Update

    Terms change. Owners can widen, narrow, or re-price permissions, and your integration reads the latest state on the next call.

  4. 04

    Revoke

    Consent can be withdrawn at any time. A revoked permission fails closed — the check returns denied instead of a stale yes.

  5. 05

    Notify

    Every change fires a signed webhook so your systems react immediately — pull content, halt jobs, or update your own records.

( Our promise )

We ship consent to production.

Verifiable proof, audit trails, and fail-closed checks aren't add-ons — they're how the API works from the first call.

( Code examples )

A request you can read at a glance.

Predictable REST, JSON in and out, and errors that fail closed. Here's what the core calls actually look like.

Check consent
POST /v1/consent/check
Authorization: Bearer sk_live_•••
Content-Type: application/json

{
  "identity_id": "idt_9f2a...",
  "use": {
    "type": "voice_synthesis",
    "context": "advertising",
    "territory": "US"
  }
}

200 OK
{
  "allowed": true,
  "license_id": "lic_4b81...",
  "terms": {
    "scope": "voice_synthesis",
    "expires_at": "2026-12-31T23:59:59Z",
    "attribution_required": true
  }
}

( Our toolkit )

Everything you need, already wired.

TypeScript SDKPython SDKGo SDKREST endpointsBearer API keysScoped permissionsSandbox + live keysSigned webhooksIdempotency keysCursor paginationRate-limit headersLive API referenceTypeScript SDKPython SDKGo SDKREST endpointsBearer API keysScoped permissionsSandbox + live keysSigned webhooksIdempotency keysCursor paginationRate-limit headersLive API reference
TypeScript SDKPython SDKGo SDKREST endpointsBearer API keysScoped permissionsSandbox + live keysSigned webhooksIdempotency keysCursor paginationRate-limit headersLive API referenceTypeScript SDKPython SDKGo SDKREST endpointsBearer API keysScoped permissionsSandbox + live keysSigned webhooksIdempotency keysCursor paginationRate-limit headersLive API reference

( Developer experience )

From API key to first call in minutes.

The integration should be the easy part. Everything is documented, typed, and built to get out of your way.

SDKs for your stack

Typed SDKs for TypeScript, Python, and Go wrap auth, retries, and signature verification so you write intent, not plumbing.

Clean REST endpoints

Resource-oriented routes, consistent JSON, cursor pagination, and idempotency keys on every write.

Simple authentication

Bearer API keys with scoped permissions and separate sandbox and live keys. Rotate without downtime.

Signed webhooks

Every event is signed and retried with backoff. Verify with the SDK helper and dedupe on the event id.

Predictable rate limits

Generous defaults, clear headers on every response, and burst allowances so you're never guessing.

Docs that get you there

Copy-paste quickstarts, a live API reference, and guides that take you from API key to first verified call in minutes.

( Compliance & risk )

Permission is becoming the expectation.

Platforms, partners, and regulators increasingly expect AI products to confirm they had permission before using someone's face, voice, or name. Royall is the infrastructure layer that makes that a single call — so responsible defaults don't slow you down.

  • Verifiable proof of consent behind each output
  • Timestamped, exportable audit trail for every check
  • Fail-closed checks so revoked permission stops use
  • A neutral source of truth you don't have to build yourself

( Technical FAQ )

The questions engineers ask.

Build AI that asks first.

Grab a sandbox key, make your first verified call, and ship consent checks without building the hard parts yourself.