Skip to content

Attestation API

The Attestation API is used by sidecars to submit attestations and receive Merkle proofs.

Base URL

https://receipts.glacis.io/api/v1

Submit Attestation

POST /attestations
Authorization: Bearer {bearer_token}

Request Body

{
  "epochId": "epoch_2024010112",
  "level": "L0",
  "blindedId": "base64...",
  "requestCommitment": "sha256...",
  "encoderId": "encoder_abc",
  "signature": "base64...",

  // L2 only:
  "evidenceCommitment": "sha256...",
  "policyScores": {
    "toxicity": { "score": 0.05, "flagged": false },
    "pii": { "detected": false }
  },
  "prfTag": "base64..."
}

Response

{
  "attestationId": "att_xyz789",
  "epochId": "epoch_2024010112",
  "index": 1247,
  "merkleProof": {
    "root": "0x...",
    "siblings": ["0x...", "0x..."],
    "index": 1247
  },
  "timestamp": 1704106800000
}

Get Attestation

GET /orgs/{orgId}/attestations/{attestationId}
Authorization: Bearer {api_key}

List Attestations

GET /orgs/{orgId}/attestations
Authorization: Bearer {api_key}

Query parameters:

level - Filter by L0 or L2
epochId - Filter by epoch
from / to - Date range
limit / offset - Pagination

Verify Proof

POST /attestations/{attestationId}/verify
Authorization: Bearer {api_key}

Returns verification status of Merkle proof.

Error Codes

Code	Description
`EPOCH_EXPIRED`	Epoch has ended
`EPOCH_FUTURE`	Epoch not started
`IDENTITY_MISMATCH`	Invalid signature
`COUNTER_REPLAY`	Duplicate counter
`TOKEN_INVALID`	Invalid bearer token

Next Steps