The audit chain is an append-only ledger of every search Hoist Assets has run. Each entry contains: search type, target ACN/serial, timestamp, certificate hash, record hash, user ID, and the hash of the previous entry.
Why it's "tamper-evident"
Because each entry's hash incorporates the previous entry's hash, altering any historic entry would change the hashes of every subsequent entry. You'd need to recompute and republish the whole chain to hide an alteration — and we publish chain heads to a public bucket daily, so the chain is checkpointed.
How you verify a record
The record PDF contains a SHA-256 hash. Pass that hash to GET /v1/records/{id}/verify and we return whether it matches the chain. If a byte of the PDF changed, the hash no longer matches.
What's not in the chain
No personal information about grantors. No body of the certificate. Just hashes and minimal metadata. The chain is publishable; the underlying records are private.
Related terms
- Due Diligence Record — The one-page PDF Hoist Assets generates after every search — summarising the inquiry, hashing the AFSA certificate, and tying it to an audit-chain entry.
- Search certificate — The official, AFSA-issued PDF returned by every PPSR search — proof of what the register showed at a specific point in time.
How Hoist Assets uses this
These are core Hoist artefacts — every search you run generates one of each.