Open Beta Archipelag.io is in open beta until June 2026. All credits and earnings are virtual. Read the announcement →

Docs/Cargo Registry/Verification Guide
Edit Report issue

Verification Guide

Step-by-step guide to verifying your publisher account and Cargos

Verification Guide

This guide walks you through verifying your publisher account and getting your Cargos to higher trust levels.

Publisher Verification

Upgrade to Verified Tier

Why verify?

  • Publish up to 10 Cargos (vs 3)
  • Access standard resources (1GB RAM, 2 CPU)
  • Cargos start at Trust Level 1
  • Builds user trust

Option 1: Stripe Identity

The fastest verification method.

  1. Go to SettingsPublisher Profile
  2. Click Upgrade to Verified
  3. Select Verify with Stripe Identity
  4. You’ll be redirected to Stripe’s secure verification flow
  5. Upload a photo of your government-issued ID:
    • Passport
    • Driver’s license
    • National ID card
  6. Take a selfie for matching
  7. Wait for verification (usually under 5 minutes)
  8. Return to Archipelag.io - your tier upgrades automatically
Privacy
Stripe handles identity verification. We only receive a pass/fail result and your verified name - not your ID documents.

Option 2: GitHub Verification

For developers with established GitHub presence.

Requirements:

  • GitHub account at least 6 months old
  • Meaningful activity (commits, repos, or contributions)

Steps:

  1. Go to SettingsPublisher Profile
  2. Click Upgrade to Verified
  3. Select Verify with GitHub
  4. Click Connect GitHub Account
  5. Authorize the Archipelag.io GitHub App
  6. We check your account age and activity
  7. If eligible, tier upgrades instantly
Not Eligible?
If your GitHub account doesn't meet requirements, you'll see a message explaining why. Use Stripe Identity instead.

Upgrade to Organization Tier

Why upgrade?

  • Unlimited Cargos
  • Elevated resources (8GB RAM, 4 CPU)
  • Network access for Cargos
  • Team member management
  • Verified domain shown on profile

Step 1: Verify Your Domain

  1. Go to SettingsPublisher Profile
  2. Click Upgrade to Organization
  3. Enter your company domain (e.g., yourcompany.com)
  4. Copy the verification TXT record shown
  5. Add the TXT record to your DNS:
Type: TXT
Host: @ (or leave blank)
Value: archipelag-verify=abc123xyz...
  1. Click Verify Domain
  2. We’ll check DNS (may take up to 48 hours for propagation)
DNS Providers
Common DNS providers: - **Cloudflare**: DNS → Add record → TXT - **Route 53**: Hosted zones → Create record → TXT - **GoDaddy**: DNS Management → Add → TXT - **Namecheap**: Advanced DNS → Add new record → TXT

Step 2: Provide Organization Details

Once domain is verified:

  1. Enter your legal organization name
  2. Provide business address
  3. Add billing contact email
  4. Optionally add tax ID (required for payouts)
  5. Review and accept Organization Terms
  6. Click Complete Upgrade

Your tier upgrades immediately after completion.

Cargo Verification

Reaching Trust Level 1 (Community)

Trust Level 1 is automatic once requirements are met:

Requirements:

  • Security scan passes (0 critical, ≤5 high vulnerabilities)
  • 100+ successful jobs completed
  • Publisher is Verified tier or higher

What you can do to help:

  1. Fix any vulnerabilities found in scans
  2. Promote your Cargo to get initial usage
  3. Ensure reliability to avoid failures

Reaching Trust Level 2 (Verified)

Trust Level 2 requires staff review and cryptographic signing.

Eligibility:

  • Publisher must be Organization tier or higher
  • Cargo must be Trust Level 1
  • Clean security scan (0 critical, 0 high)
  • Reputation score 2.0+

Request Process:

  1. Go to My Cargos → Select Cargo
  2. Click SettingsRequest Verification
  3. Complete the verification checklist:
    • Cargo description is complete and accurate
    • README/documentation is provided
    • Container builds from public source (preferred)
    • No known issues or limitations undisclosed
  4. Submit request
  5. Wait for staff review (typically 2-5 business days)

During Review:

Our team checks:

  • Security scan results
  • Code review (if source available)
  • Container contents and behavior
  • Documentation accuracy
  • Publisher track record

Outcomes:

ResultWhat Happens
ApprovedCargo signed with platform key, upgraded to Level 2
Changes RequestedFeedback provided, resubmit after addressing
DeniedReason provided, can appeal or address issues
Review Priority
Reviews are processed in order. High-usage Cargos and Partner-tier publishers may receive priority.

Maintaining Verification

Publisher Tier

Verified Tier:

  • No maintenance required
  • Stripe Identity verification doesn’t expire

Organization Tier:

  • Domain verification checked monthly
  • Keep your DNS TXT record in place
  • Update organization details if they change

Cargo Trust Level

Trust Level 1:

  • Maintained automatically with good performance
  • Demoted if new critical vulnerabilities found
  • Demoted if success rate drops below 80%

Trust Level 2:

  • Signature remains valid unless:
    • Cargo container is modified (new digest)
    • Security issues are discovered
    • Platform policy changes

After Updates

When you update a Cargo (new container version):

Trust Level 1:

  • Rescan happens automatically
  • Trust maintained if scan passes
  • Trust demoted if scan fails

Trust Level 2:

  • New version must be re-reviewed
  • Submit update for review from Cargo settings
  • Previous version remains available until new version approved
  • Or: Request expedited review for security patches

Verification Checklist

Before Submitting for Level 2

  • Publisher account is Organization tier
  • Cargo is currently Trust Level 1
  • 500+ successful jobs completed
  • Reputation score 2.5+
  • Security scan shows 0 critical, 0 high vulnerabilities
  • Documentation is complete
  • Source code is available (preferred, not required)
  • No unresolved user complaints

For Fastest Approval

  • Use a minimal base image (Alpine, distroless)
  • Pin all dependency versions
  • Include build instructions in repo
  • Add comprehensive README
  • Provide example usage
  • List all capabilities and limitations
  • Include license information
  • Respond promptly to reviewer questions

Common Issues

Verification Denied

“Insufficient GitHub activity”

  • Use Stripe Identity instead
  • Or: Build more GitHub presence and retry in 30 days

“Domain verification failed”

  • Check DNS TXT record is correct
  • Wait for DNS propagation (up to 48 hours)
  • Verify no typos in the record value

“Security scan failed”

  • Review vulnerability report in dashboard
  • Update packages to fix issues
  • Rebuild and resubmit

Trust Level Demoted

“New vulnerabilities found”

  • Check rescan report
  • Update affected packages
  • New scan triggers automatically on update

“Reputation too low”

  • Fix bugs causing failures
  • Improve Cargo reliability
  • Build positive track record

Frequently Asked Questions

How long does publisher verification take?

  • Stripe Identity: Under 5 minutes
  • GitHub: Instant if eligible
  • Domain: 24-48 hours (DNS propagation)

How long does Cargo review take?

Staff reviews typically take 2-5 business days. Complex Cargos may take longer.

Can verification be revoked?

Yes, for policy violations, security issues, or sustained poor performance. You’ll be notified with reasons and can appeal.

Do I need to re-verify after updating?

Publisher verification: No Cargo Level 1: Automatic rescan Cargo Level 2: Yes, submit update for review

Is there a fee for verification?

Publisher verification: Free Cargo verification: Free for the first 5 Cargos per month, then $10/Cargo for expedited review

Next Steps

{% card(title="Publishing Guide", href="/guides/publishing/") %} Complete guide to creating and publishing Cargos.

Security Best Practices

How to minimize vulnerabilities in your Cargos.

{% end %}