Why verification matters
Confidential AI verification answers two questions:- Who served my request? The gateway attestation report proves the API was served by a specific workload running in a genuine TEE.
- What happened to my request? The signed receipt binds your request and response hashes to that attested workload and records whether the upstream model provider was verified.
Verification workflow
Fetch gateway attestation
Generate a fresh nonce and call
GET /v1/aci/attestation. Verify the TEE quote, keyset endorsement, freshness, and source provenance.Make an inference request
Call an OpenAI-compatible endpoint such as
POST /v1/chat/completions and capture the x-receipt-id header.Fetch the signed receipt
Call
GET /v1/aci/receipts/{id}. Confirm the receipt’s workload_id and workload_keyset_digest match the attestation report.What a passing verification proves
- The gateway is a genuine TEE workload with a known identity.
- The receipt was signed by a key published in the attested gateway keyset.
- The response bytes you received match the response hash in the receipt.
- For a confidential response, the upstream provider was verified and the request channel was bound before forwarding.
Canonical and legacy endpoints
| Purpose | Canonical endpoint | Legacy alias |
|---|---|---|
| Gateway attestation | GET /v1/aci/attestation?nonce= | GET /v1/attestation/report |
| Per-response proof | GET /v1/aci/receipts/{id} | GET /v1/signature/{id} |
| Upstream security context | GET /v1/aci/sessions/{session_id} | None |
/v1/aci/* endpoints for new integrations.
Verify Attestation
Understand the attestation report, nonce binding, gateway keyset, and source provenance.
Verify a Response
Verify a signed receipt, response hashes, and confidential upstream status.