Frequently asked questions

Each Authentific QR code encodes a unique digital signature generated using asymmetric cryptography. The signature is bound to that specific unit's metadata — batch, facility, date — so any copied or replicated code would carry the same signature as the original. Our authentication API detects when the same code is scanned from multiple geographic locations within a short time window, which is a characteristic pattern of clone attack attempts. Flagged events generate automatic alerts and are visible in the analytics dashboard.

Signing private keys are generated and stored exclusively in hardware security modules (HSMs). They are never exposed to application-layer processes or stored in software-accessible key stores. Key rotation is supported without invalidating existing issued codes — the verification system maintains the public keys for all active and historical key pairs.

Consumer scans resolve via the cloud authentication API and require connectivity at scan time. For environments requiring offline verification — such as warehouse or logistics operations in low-connectivity areas — Authentific supports local signature validation using the public key, which can be cached or pre-loaded on enterprise scan devices. Contact our solutions team to discuss offline verification architecture for your specific operational environment.

Authentific generates standard QR Code (ISO/IEC 18004) as the primary carrier. Datamatrix (ISO/IEC 16022) and GS1 DataBar are also supported for regulated product categories where specific barcode symbologies are required. NFC chip encoding is supported as a companion or alternative carrier for premium packaging applications. The choice of carrier depends on your packaging material, print process, and consumer interaction requirements.

The Authentific serialization service exposes a REST API that your printing or labelling system can call to receive signed QR codes at line speed. We also support pre-generated batch code export for systems that pull code files rather than calling an API in real time. For SAP and Oracle ERP environments, pre-built connectors are available. Our integration team works with your manufacturing IT team during onboarding to select and configure the right integration pattern for your production infrastructure.

Deployment timelines vary depending on the number of production lines, ERP integration complexity, and the breadth of supply chain partner onboarding required. A pilot deployment covering a single production line and consumer verification flow typically takes four to eight weeks. Enterprise-wide multi-line, multi-facility deployments with full ERP integration are typically scoped as three-to-six-month programs. We scope all engagements with a technical discovery session before committing to a timeline.

Yes. The platform is multi-tenant by design, with brand and product line segmentation built in. Each brand or product line has its own code namespace, consumer verification page configuration, analytics view, and access control scope. This structure supports both single-brand manufacturers managing multiple product lines and brand management companies deploying authentication across a portfolio.

Yes. Authentific's serialization module generates product identifiers and transaction data in the formats required by DSCSA's Tier 3 requirements — including serialized numeric identifier (SNI) encoding, lot-level data, and EPCIS-compatible transaction records for trading partner exchange. We work with pharmaceutical manufacturers and distributors to configure the specific data flows required by their trading partner agreements and regulatory submission processes.

Authentific supports the serialization and verification data requirements of EU FMD — including 2D Data Matrix barcode encoding of product code, serial number, lot, expiry, and batch. Integration with national medicines verification organisation (NMVO) repositories is supported via standard interface protocols. Contact our regulatory team to discuss your specific national requirements.

Authentific is priced on a combination of code issuance volume and platform access tier. Pricing is structured for enterprise deployment — it is not a self-serve SaaS subscription. Engagements are scoped based on annual production volume, number of production lines, geographic deployment scope, and the specific platform modules required. Contact our commercial team to discuss pricing for your specific use case.

Authentific is designed for enterprise manufacturers operating at meaningful scale — typically millions of product units per year. Pilot programs are available for qualified prospects evaluating the platform for larger deployment. We are not the right fit for low-volume or individual product authentication use cases. Request a demo to have a conversation about fit.