Skip to main content
GET
/
aci
/
attestation
Get Attestation Report
curl --request GET \
  --url https://api.redpill.ai/v1/aci/attestation \
  --header 'Authorization: Bearer <token>'
Returns the gateway’s attestation report: the hardware-backed proof of which TEE workload is serving the API, plus the public keys it signs with. Verify this report before trusting any receipt. For what each field proves, see Attestation report.
GET /v1/aci/attestation?nonce={nonce}

Request

nonce
string
A fresh random value (for example 16 bytes hex). The gateway binds it into the quote’s report_data so you can prove the report is not a replay.

Response

200 OK, application/json. The bare attestation report.

Top-level fields

FieldTypeDescription
api_versionstringACI version token, for example aci/1.
workload_idstringsha256:… identity of the running workload.
workload_keyset_digeststringsha256:… digest over the published keyset.
attestationobjectThe attestation evidence and keyset (below).
all_attestationsarrayOne full attestation object per server, for multi-instance deployments.
service_capabilitiesobjectsupported_e2ee_versions (array).

attestation object

FieldTypeDescription
tee_typestringTEE technology, for example tdx.
vendorstringDeployment vendor tag.
report_datastringValue bound into the quote. Commits to your nonce and the keyset.
freshnessobjectfetched_at and stale_after (Unix seconds).
source_provenanceobjectrepo_url, repo_commit, image_digest, image_provenance.
workload_keysetobjectworkload_identity, receipt_signing_keys, e2ee_public_keys, tls_public_keys, keyset_epoch.
keyset_endorsementobjectalgo and value: signature over the keyset under the workload identity key.
evidenceobjectquote, quote_report_data, event_log, vm_config, key_custody.

Example (long values truncated)

{
  "api_version": "aci/1",
  "workload_id": "sha256:3def476b72026924f9d88f7b339b2e21…",
  "workload_keyset_digest": "sha256:3eff0836cd104d8cb5f8e8ee361789cf9…",
  "attestation": {
    "tee_type": "tdx",
    "vendor": "private-ai-gateway-dev",
    "report_data": "7b7daf62d7e9e31f5d17e70d32c010bda9ead273…",
    "freshness": { "fetched_at": 1781589476, "stale_after": 1781593076 },
    "source_provenance": {
      "repo_url": "https://github.com/Dstack-TEE/private-ai-gateway.git",
      "repo_commit": "9d45c7e3d48d2f74c31cd85f1fb5c6cee1435ef3",
      "image_digest": null,
      "image_provenance": null
    },
    "workload_keyset": {
      "workload_identity": { "public_key": { "algo": "ecdsa-secp256k1", "public_key": "04d3b5…" } },
      "receipt_signing_keys": [ { "key_id": "dstack-kms-receipt-v1", "algo": "ecdsa-secp256k1", "public_key": "04211c…" } ],
      "e2ee_public_keys": [ { "key_id": "dstack-kms-e2ee-v1", "algo": "secp256k1-aes-256-gcm-hkdf-sha256", "public_key": "04943c…" } ],
      "tls_public_keys": [],
      "keyset_epoch": { "version": 1, "not_after": 18446744073709551615 }
    },
    "keyset_endorsement": { "algo": "ecdsa-secp256k1", "value": "a91bff…" },
    "evidence": { "quote": "040002008100…", "quote_report_data": "7b7daf…", "event_log": "[{…}]", "vm_config": "{…}", "key_custody": { "provider": "dstack-kms", "keys": [  ] } }
  },
  "all_attestations": [ "…" ],
  "service_capabilities": { "supported_e2ee_versions": ["2"] }
}

Verifying the report

  1. Verify attestation.evidence.quote against Intel DCAP collateral, and confirm its report data binds your nonce and the workload_keyset.
  2. Verify keyset_endorsement under workload_keyset.workload_identity.
  3. Confirm workload_id and workload_keyset_digest match the receipts you verify.
  4. Confirm freshness.stale_after is in the future.
  5. In production, confirm source_provenance matches the reviewed release.
The end-to-end procedure is in Verify a response.

Legacy alias

GET /v1/attestation/report is a legacy compatibility alias for this endpoint, documented under Attestation Report.

Get receipt

The signed per-response receipt.

Attestation report concept

What each field proves.