Skip to main content
Every transaction processed by Centsless is added to an immutable hash chain. Each record’s hash includes the previous record’s hash, forming a tamper-evident linked list: if any historical record is modified, every subsequent hash in the chain becomes invalid. This structure makes it cryptographically verifiable that the audit log has not been altered after the fact.

How the hash chain works

Each transaction record produces two fields in the response:
  • chainPosition (integer) — the record’s sequential position in the chain, starting at 1
  • auditHash (SHA-256 string) — the hash of this transaction record, computed over the record contents plus the previous record’s hash
Because each hash depends on the one before it, the chain is a linked structure. Verifying the chain means re-computing every hash in sequence and confirming each one matches the stored value.

Tracked event types

All of the following events are written to the audit chain with full employee attribution:
EventDescription
SALEStandard transaction processed
VOIDTransaction voided with reason code and voiding employee
REFUNDRefund processed against an original transaction
OVERRIDEManager-approved rounding override with reason code
Every event records the employee ID and name of the person who initiated it. Override records additionally store the original rounding amount, the new amount, and the reason code (customer-request, manager-discretion, pricing-error, or system-error).

Verifying the hash chain

You can verify the integrity of the entire chain at any time using the GET /admin/verify-hash-chain endpoint: 
curl https://api.centsless.org/api/v1/admin/verify-hash-chain \
  -H "x-api-key: YOUR_ADMIN_API_KEY"
The response includes the total record count, the number of verified records, the number of breaks detected, and details of any breaks found.

Compliance value

The audit trail satisfies regulatory evidence requirements for jurisdictions that require merchants to demonstrate rounding compliance. You can export the full transaction history as a 53-field CSV alongside the hash chain to produce a complete compliance package for a regulator or auditor.
Hash chain integrity can be verified at any time without downtime or locking. Use the verify-hash-chain endpoint as part of your compliance reporting workflow to confirm the chain is unbroken before submitting audit evidence.