| Layer | What it protects | Where you see it | When it’s on |
|---|---|---|---|
Per-row hash | A single transaction’s core details | Transaction API responses (hash field) | Always |
| Global hash chain | Your full transaction history in order | Verify with blnk verify-chain | Optional, disabled by default |
The global hash chain is available in Blnk Core 0.15.0 and later. It is disabled by default.
Why hashing matters
Transaction records are the audit trail of your ledger. If amount, balance, currency, status, or reference changes after recording, your balances and reports can no longer be trusted. Blnk uses hashing to make that history :- Per-row hash — fingerprints important fields on each transaction.
- Global hash chain — links sealed transactions together in order.
blnk verify-chain— replays the chain and reports the first broken link if protected data changed.
Quick start
Enable the hash chain
Wait for sealing
Existing transaction rows are sealed automatically. New ones seal after the trailing delay,
default: 30s.Verify the chain
To verify the chain, run in the same directory as your Exit code
docker-compose.yaml:0 means the chain is intact.Success
verify-chain is a Core CLI command, not an HTTP API. The one-off container uses the same Postgres connection and config as your server.Monitor sealing progress
Track backlog and sealing delay over time through Monitoring in Blnk. When the hash chain is enabled, these gauges appear on the metrics endpoint:
See Metrics reference for attribute details and other Core metrics.
| Metric | Description |
|---|---|
blnk_chain_backlog | Transactions not yet sealed into the hash chain |
blnk_chain_head_seq | Sequence number of the hash-chain head |
blnk_chain_lag_seconds | Seconds since the hash chain last advanced |
Per-row hash
Every transaction in Blnk gets ahash — a SHA-256 fingerprint built from five fields. If any of them change after recording, the fingerprint no longer matches.
Blnk concatenates these values in order, hashes the string with SHA-256, and returns the hex digest as hash: amount, reference, currency, source, destination.
The per-row hash uses
amount (the display float), not precise_amount. Fields such as description, status, and meta_data are not included.hash from when you first recorded a transaction with the hash on a later fetch to confirm those fingerprinted fields are unchanged. Built-in integrity verification is handled by the global hash chain and blnk verify-chain.
Global hash chain
When you enable the hash chain, transaction rows are linked in order. Each seal depends on the previous one, so your full history acts as one tamper-evident record.
- Existing transactions seal automatically when you turn the chain on.
- New transactions seal after a short trailing delay so recent writes can finish.
- The chain includes all statuses: queued, inflight, applied, voided, rejected, and refund.
transaction_id, source, destination, amount, precise_amount, currency, status, reference, created_at. Change any after sealing and verification fails.
Fields such as
description and meta_data are not integrity-protected by the chain. Changing them does not fail verification. Protected transaction fields are also guarded by the database immutability trigger.blnk verify-chain, not by reading a response field.
Verification
blnk verify-chain tells you whether your full sealed history is intact or where it broke.
Exit code 0 means the chain passed; any other exit code means it failed.
| Result | What it means |
|---|---|
| Pass | The full transaction history is intact. Output states how many transactions are sealed. |
| Fail | History was tampered with or broken. Output names the position where verification stopped. |
- Pass
- Fail
When verification passes, output looks like this:
Success
Related docs
Hash chain settings
Full config and env vars.
Metrics reference
Chain backlog, head sequence, and lag gauges.
About transactions
Immutability and recording basics.