Skip to main content
GET
/
attestation
/
report
Attestation Report
curl --request GET \
  --url https://api.redpill.ai/v1/attestation/report \
  --header 'Authorization: Bearer <token>'

Get Attestation Report

Returns cryptographic proof of TEE execution with hardware-signed measurements. 
GET https://api.redpill.ai/v1/attestation/report?model={model_id}&nonce={nonce}&signing_address={address}
Try it now! Click the “Try it” button above to test the API in the playground. You’ll need:
  1. Your API key (add it when prompted)
  2. The model parameter is pre-filled with phala/qwen-2.5-7b-instruct
  3. Optionally add nonce for replay protection
Security Best Practice: Always include a fresh random nonce when fetching attestations to prevent replay attacks. Generate a 32-byte random value (64 hex characters) for each request.

Parameters

model
string
default:"phala/qwen-2.5-7b-instruct"
Model ID for TEE attestation (required for Phala confidential models)Examples: phala/qwen-2.5-7b-instruct, phala/deepseek-chat-v3-0324, phala/gpt-oss-120b
nonce
string
Random 32-byte value (64 hex characters) to prevent replay attacks. The nonce will be embedded in the TEE attestation report data.Example: a1b2c3d4e5f6... (64 hex characters)Security: Generate fresh nonce for each request using secrets.token_hex(32) in Python or openssl rand -hex 32 in bash.
signing_address
string
Ethereum address (ECDSA) or Ed25519 public key to filter attestations in multi-server deployments.Use case: When verifying signatures, provide the signing address recovered from the signature to get attestation for that specific TEE instance.Example: 0x1234567890abcdef... (ECDSA address)

Example

Basic Request (without nonce)

curl "https://api.redpill.ai/v1/attestation/report?model=phala/qwen-2.5-7b-instruct" \
  -H "Authorization: Bearer YOUR_API_KEY"

# Generate fresh nonce
NONCE=$(openssl rand -hex 32)

curl "https://api.redpill.ai/v1/attestation/report?model=phala/qwen-2.5-7b-instruct&nonce=$NONCE" \
  -H "Authorization: Bearer YOUR_API_KEY"

With Signing Address (for signature verification)

NONCE=$(openssl rand -hex 32)
SIGNING_ADDRESS="0x1234567890abcdef..."

curl "https://api.redpill.ai/v1/attestation/report?model=phala/qwen-2.5-7b-instruct&nonce=$NONCE&signing_address=$SIGNING_ADDRESS" \
  -H "Authorization: Bearer YOUR_API_KEY"

Response

Single Server Response

{
  "model": "phala/qwen-2.5-7b-instruct",
  "signing_address": "0x1234567890abcdef...",
  "signing_algo": "ecdsa",
  "nonce": "a1b2c3d4e5f6...",
  "intel_quote": "0x...",
  "nvidia_payload": "{...}",
  "info": {
    "tcb_info": {
      "app_compose": "{\"docker_compose_file\": \"...\"}"
    }
  },
  "attestation": {
    "type": "nvidia_h100_tee",
    "measurements": {
      "code_hash": "a7f3b2c1d4e5...",
      "platform": "NVIDIA H100 80GB",
      "firmware": "v1.2.3"
    },
    "signature": {
      "algorithm": "ECDSA-P256",
      "value": "3045022100...",
      "cert_chain": ["-----BEGIN CERTIFICATE-----\n..."]
    },
    "timestamp": "2025-01-15T10:30:00Z"
  },
  "verified": true
}

Multi-Server Response (with signing_address filter)

{
  "all_attestations": [
    {
      "signing_address": "0x1234...",
      "signing_algo": "ecdsa",
      "nonce": "a1b2c3d4...",
      "intel_quote": "0x...",
      "nvidia_payload": "{...}",
      "info": {...},
      "verified": true
    },
    {
      "signing_address": "0x5678...",
      "signing_algo": "ecdsa",
      "nonce": "a1b2c3d4...",
      "intel_quote": "0x...",
      "nvidia_payload": "{...}",
      "info": {...},
      "verified": true
    }
  ]
}

Response Fields

FieldTypeDescription
signing_addressstringEthereum address (ECDSA) or Ed25519 public key used for signing
signing_algostringSignature algorithm: "ecdsa" or "ed25519"
noncestringThe nonce you provided, embedded in TEE report data
intel_quotestringIntel TDX quote (hex-encoded) for CPU TEE verification
nvidia_payloadstringNVIDIA GPU attestation payload (JSON string)
info.tcb_info.app_composestringDocker compose configuration (JSON string)
all_attestationsarrayArray of attestations from multiple backend servers
verifiedbooleanWhether RedPill pre-verified the attestation
Multi-server deployments: When using signing_address parameter, you may receive an all_attestations array containing attestations from multiple backend servers. Filter by signing_address to find the specific server that signed your response.

Attestation Guide

Learn how to verify attestation →