Whiteboards API

A Whiteboard is an in-session collaborative drawing surface (Excalidraw under the hood). When the operator snaps it, the platform captures both the rendered PNG and the canonical Excalidraw element JSON, hashed together — so the audit chain can prove the same shapes you saw on screen are the ones the auditor sees later.

A whiteboard capture is just an Evidence row with kind=whiteboard. The dedicated endpoint below is a convenience filter — use it when you only care about whiteboards, the Evidence API when you want all artefacts at once.

List whiteboards for a session

GET /api/v1/public/sessions/{session_id}/whiteboards — scope whiteboards:read

curl "https://app.nexbasira.com/api/v1/public/sessions/0c8f.../whiteboards?limit=25" \
  -H "Authorization: Bearer nb_sec_..."

Returns cursor-paginated Evidence rows of kind=whiteboard.

{
  "data": [
    {
      "id": "ev-wb1...",
      "session": "0c8f...",
      "kind": "whiteboard",
      "status": "ready",
      "mime": "image/png",
      "byte_size": 42178,
      "sha256": "8e2c01...",
      "captured_at": "2026-05-23T10:18:44Z",
      "created_at":  "2026-05-23T10:18:44Z",
      "completed_at":"2026-05-23T10:18:45Z"
    }
  ],
  "has_more": false,
  "next_cursor": null
}

Downloading + verifying

Same as any other Evidence row — fetch a signed URL from the Evidence download endpoint, hash the bytes with SHA-256, compare to the returned sha256:

curl "https://app.nexbasira.com/api/v1/public/evidence/ev-wb1.../download" \
  -H "Authorization: Bearer nb_sec_..."

Excalidraw element JSON

Each whiteboard row's integrity_jsonb.whiteboard_state stores the canonical Excalidraw scene that produced the PNG. The combined sha256 anchors PNG and JSON together, so re-rendering the JSON later yields a byte-identical PNG. The JSON is intentionally not on the public read shape — request the /download URL for the row to fetch the raw .png, and use the SPA-side audit-verify endpoint when you need the JSON for re-render proofs.

Common errors