Skip to main content
GET
/
aci
/
sessions
/
{session_id}
Get Session
curl --request GET \
  --url https://api.redpill.ai/v1/aci/sessions/{session_id} \
  --header 'Authorization: Bearer <token>'
Returns an attested session: the immutable, content-addressed record of the verified TEE channel a confidential request was bound to. A receipt’s upstream.verified.session_id references it, so you can trace any confidential response back to the exact verified security context, with its typed claims and channel binding. 
GET /v1/aci/sessions/{session_id}
GET /v1/aci/sessions?provider={provider}&model={model}

Get one session

session_id
string
required
The as_… id from a receipt’s upstream.verified.session_id.

Response

FieldTypeDescription
api_versionstringACI version token.
session_idstringas_<sha256> content hash of the verified material.
providerstringThe upstream config name this channel belongs to.
endpointstringThe verified upstream origin.
verifier_idstringThe verifier that produced this result.
established_atnumberWhen the material was verified (Unix seconds).
expires_atnumberRetention deadline (Unix seconds).
identityobjectVerified upstream identity keys (for example a signing address).
channel_bindingarrayThe enforceable binding(s): a TLS SPKI digest or an E2EE public key.
claimsobjectTyped claims (below).
evidenceobjectByte-preserving evidence the verifier checked (digest + data URI).

Typed claims

Each claim carries a status (Asserted / Refuted / Unknown), a source (HardwareProven / VerifierDerived / ProviderAsserted / OperatorAsserted), and a reason. The claim set: tee_attested, tcb_up_to_date, os_known_good, serving_software_known_good, gpu_attested, model_weights_provenance, plus provider-specific entries in extra. See Reading TCB and claims. 
{
  "api_version": "aci/1",
  "session_id": "as_3681736b33b9b8191216968e37e350bfa1e4fd8d5d192bbebf4c17c0d4edf344",
  "provider": "near-ai",
  "endpoint": "https://cloud-api.near.ai",
  "verifier_id": "private-ai-verifier/near-ai-gateway/v1",
  "established_at": 1781588840,
  "expires_at": 1781589140,
  "channel_binding": [ { "type": "tls_spki_sha256", "value": "…" } ],
  "claims": {
    "tee_attested": { "status": "Asserted", "source": "HardwareProven", "reason": "verified TDX quote" },
    "tcb_up_to_date": { "status": "Asserted", "source": "HardwareProven" },
    "gpu_attested": { "status": "Unknown" }
  },
  "evidence": { "digest": "sha256:…", "data": "data:application/json;base64,…" }
}

List a provider’s sessions

GET /v1/aci/sessions?provider={provider}&model={model} returns the attested sessions a provider currently has. Use it as a preflight survey: inspect the verified identity, channel binding, and claims for a model before sending a prompt. 
curl "https://api.redpill.ai/v1/aci/sessions?provider=near-ai" \
  -H "Authorization: Bearer $API_KEY"
Returns a JSON array of session records in the shape above.

Why content-addressed

session_id is a hash of the verified material. Re-verifying an unchanged endpoint resolves to the same id, and any change (a rotated TLS certificate, a new measurement, a changed claim) produces a new id. The session a receipt points to is exactly the one the gateway committed to.

Attested sessions concept

Get receipt