Show HN: OTS-SDK – a tiny OpenTimestamps API that never keeps your data

I got tired of timestamping tools that force you to upload entire files, so I made OTS-SDK. It’s a tiny Node/Express server that only ever touches hashes, talks directly to the public OpenTimestamps calendars, and stores nothing except <hash>.ots proofs. Zero original data ever hits disk — ever.

Why it’s cool

• Privacy actually means privacy. /ots/timestamp SHA-256s whatever you send in memory, drops your raw bytes instantly, and only keeps the 64-char hash + the .ots proof. If you’re the “trust but verify” type, check src/routes/ots.js and SECURITY.md.

• Day-one production-safe. Helmet, JSON body limits, separate rate limits for read/write routes, clean error messages, and optional Swagger docs if you drop a spec in. No weird surprises.

• Full REST workflow done right. Timestamp → verify → download proof → inspect info → upgrade when Bitcoin confirms. Routes: /ots/timestamp, /ots/verify, /ots/proof/:hash, /ots/info/:hash, /ots/upgrade/:hash.

• Survives flaky calendars. It fans out to Alice/Bob/Finney (or whatever you put in OTS_CALENDAR_URLS), wraps both stamp + upgrade calls with timeouts + retries, and overwrites proofs when stronger attestations come in.

• Developer life = painless. npm run dev (nodemon), npm run e2e / scripts/e2e-smoke.ps1, Dockerfile + docker-compose, everything tunable via .env (JSON limits, rate limits, proof dir, OTS timeouts, etc.).

Usage examples are all in the GitHub repo.

Next ideas

Docker!!!!!!!!

Maybe a little dashboard

MIT-licensed, docs included, SECURITY guide included. Happy to answer questions — always down to nerd out on timestamping.