Get Attestation Report
Verification
Get Attestation Report
The gateway TEE attestation report, bound to a caller-supplied nonce.
GET
Get Attestation Report
Returns the gateway’s attestation report: the hardware-backed proof of which TEE workload is serving
the API, plus the public keys it signs with. Verify this report before trusting any
receipt. For what each field proves, see
Attestation report.
Request
A fresh random value (for example 16 bytes hex). The gateway binds it into the quote’s
report_data
so you can prove the report is not a replay.Response
200 OK, application/json. The bare attestation report.
Top-level fields
| Field | Type | Description |
|---|---|---|
api_version | string | ACI version token, for example aci/1. |
workload_id | string | sha256:… identity of the running workload. |
workload_keyset_digest | string | sha256:… digest over the published keyset. |
attestation | object | The attestation evidence and keyset (below). |
all_attestations | array | One full attestation object per server, for multi-instance deployments. |
service_capabilities | object | supported_e2ee_versions (array). |
attestation object
| Field | Type | Description |
|---|---|---|
tee_type | string | TEE technology, for example tdx. |
vendor | string | Deployment vendor tag. |
report_data | string | Value bound into the quote. Commits to your nonce and the keyset. |
freshness | object | fetched_at and stale_after (Unix seconds). |
source_provenance | object | repo_url, repo_commit, image_digest, image_provenance. |
workload_keyset | object | workload_identity, receipt_signing_keys, e2ee_public_keys, tls_public_keys, keyset_epoch. |
keyset_endorsement | object | algo and value: signature over the keyset under the workload identity key. |
evidence | object | quote, quote_report_data, event_log, vm_config, key_custody. |
Example (long values truncated)
Verifying the report
- Verify
attestation.evidence.quoteagainst Intel DCAP collateral, and confirm its report data binds yournonceand theworkload_keyset. - Verify
keyset_endorsementunderworkload_keyset.workload_identity. - Confirm
workload_idandworkload_keyset_digestmatch the receipts you verify. - Confirm
freshness.stale_afteris in the future. - In production, confirm
source_provenancematches the reviewed release.
Legacy alias
GET /v1/attestation/report is a legacy compatibility alias for this endpoint, documented
under Attestation Report.
Related
Get receipt
The signed per-response receipt.
Attestation report concept
What each field proves.