Skip to main content
GET
/
aci
/
receipts
/
{id}
Get Receipt
curl --request GET \
  --url https://api.example.com/aci/receipts/{id}

Endpoint

GET https://inference.phala.com/v1/aci/receipts/{id}
This endpoint returns the canonical per-response proof. The receipt binds request and response hashes to the attested gateway and is signed by a key from the attestation report’s published keyset. Use the x-receipt-id header from an inference response, or use the response id.

Parameters

id
string
required
Receipt id (rcpt-...) or response id from POST /v1/chat/completions.

Example

curl "https://inference.phala.com/v1/aci/receipts/$RECEIPT_ID" \
  -H "Authorization: Bearer <API_KEY>"

Response

FieldTypeDescription
api_versionstringACI version token, for example aci/1.
receipt_idstringReceipt id.
chat_idstringChat or response id.
workload_idstringMust match the attestation report you verified.
workload_keyset_digeststringMust match the attestation report you verified.
endpointstringRoute served, for example /v1/chat/completions.
methodstringHTTP method.
served_atnumberUnix timestamp.
event_logarrayOrdered transparency events.
signaturestringSignature over the receipt by a key in the attested keyset.

event_log entries

EventKey fields
request.receivedbody_hash
middleware.forwardedbody_hash
route.selectedtarget_route_id
request.forwardedbody_hash
transparency.request_modifiedPresent when forwarded body differs from the received body.
upstream.verifiedprovider, model_id, result, required, session_id, channel_bindings, claims
response.receivedcleartext_hash
transparency.response_modifiedPresent when returned body differs from the provider response.
response.returnedcleartext_hash, wire_hash
{
  "api_version": "aci/1",
  "receipt_id": "rcpt-e0eefe63b3673e2a5984951f",
  "chat_id": "d3ad808b20a444c29e798db35f112033",
  "workload_id": "sha256:3def476b...",
  "workload_keyset_digest": "sha256:3eff0836...",
  "endpoint": "/v1/chat/completions",
  "method": "POST",
  "served_at": 1781588857,
  "event_log": [
    { "seq": 0, "type": "request.received", "body_hash": "sha256:111d08a5..." },
    { "seq": 2, "type": "route.selected", "target_route_id": "phala/qwen3.5-27b" },
    {
      "seq": 5,
      "type": "upstream.verified",
      "provider": "phala",
      "model_id": "phala/qwen3.5-27b",
      "result": "verified",
      "required": true,
      "session_id": "as_3681736b..."
    },
    { "seq": 7, "type": "response.returned", "wire_hash": "sha256:07703fb4..." }
  ],
  "signature": "..."
}

Verifying the Receipt

  1. Fetch and verify a fresh Attestation Report.
  2. Confirm workload_id and workload_keyset_digest match the attestation report.
  3. Verify signature under a receipt_signing_keys entry from the attested keyset.
  4. Confirm request.received.body_hash matches the request body you sent.
  5. Confirm response.returned.wire_hash matches the response bytes you received.
  6. Read upstream.verified. For a confidential response, result is verified, required is true, and session_id points to an attested session.
See Verify a Response for the full walkthrough.

Legacy Alias

GET /v1/signature/{id} returns this same receipt inside a compatibility envelope for older clients.

Attestation Report

Get Session