{ "openapi": "3.1.0", "info": { "title": "AttestLayer Evidence API", "version": "FES-1.0-preview", "description": "A small record-only API surface for evidence intake, kit metadata, receipt retrieval, JWKS discovery, and verification workflows. The API supports evidence handling and verification metadata. It does not certify compliance, guarantee security, or replace audit work." }, "servers": [ { "url": "https://api.attestlayer.com" } ], "paths": { "/.well-known/jwks.json": { "get": { "summary": "Retrieve public JWKS verification keys", "responses": { "200": { "description": "JWKS public keys" } } } }, "/v1/intake/jobs": { "post": { "summary": "Create intake job", "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IntakeJob" } } } }, "responses": { "202": { "description": "Intake job accepted", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IntakeJob" } } } }, "400": { "$ref": "#/components/responses/Error" } } } }, "/v1/intake/jobs/{job_id}": { "get": { "summary": "Check intake job status", "parameters": [ { "name": "job_id", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Intake job status", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IntakeJob" } } } }, "404": { "$ref": "#/components/responses/Error" } } } }, "/v1/kits/{kit_id}/manifest": { "get": { "summary": "Retrieve kit manifest", "parameters": [ { "name": "kit_id", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Manifest JSON", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Manifest" } } } }, "404": { "$ref": "#/components/responses/Error" } } } }, "/v1/kits/{kit_id}/receipt": { "get": { "summary": "Retrieve signed receipt", "parameters": [ { "name": "kit_id", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Receipt JSON", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Receipt" } } } }, "404": { "$ref": "#/components/responses/Error" } } } }, "/v1/kits/{kit_id}/download": { "get": { "summary": "Download full kit ZIP", "parameters": [ { "name": "kit_id", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Kit ZIP", "content": { "application/zip": { "schema": { "type": "string", "format": "binary" } } } }, "404": { "$ref": "#/components/responses/Error" } } } }, "/v1/verify/receipt": { "post": { "summary": "Verify receipt and manifest binding", "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Receipt" } } } }, "responses": { "200": { "description": "Verification result", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VerificationResult" } } } }, "400": { "$ref": "#/components/responses/Error" } } } } }, "components": { "responses": { "Error": { "description": "Fail-closed API error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } } } }, "schemas": { "IntakeJob": { "type": "object", "required": [ "job_id", "tenant_id", "scope_label", "status", "created_at", "updated_at", "boundary" ], "properties": { "job_id": { "type": "string" }, "tenant_id": { "type": "string" }, "scope_label": { "type": "string" }, "status": { "type": "string", "enum": [ "DRAFT", "SUBMITTED", "PASS", "FAIL", "ISSUED", "EXPIRED" ] }, "created_at": { "type": "string", "format": "date-time" }, "updated_at": { "type": "string", "format": "date-time" }, "kit_id": { "type": [ "string", "null" ] }, "boundary": { "type": "string", "example": "Integrity and issuance evidence only. Not audit, certification, or compliance guarantee." } } }, "Kit": { "type": "object", "required": [ "kit_id", "job_id", "issued_at", "receipt_version", "manifest_sha256", "public_key_kid", "downloads", "boundary" ], "properties": { "kit_id": { "type": "string" }, "job_id": { "type": "string" }, "issued_at": { "type": "string", "format": "date-time" }, "receipt_version": { "type": "string" }, "manifest_sha256": { "type": "string" }, "public_key_kid": { "type": "string" }, "downloads": { "type": "object", "additionalProperties": { "type": "string" } }, "boundary": { "type": "string" } } }, "Manifest": { "type": "object", "required": [ "receipt_version", "kit_id", "job_id", "issued_at", "artifacts", "manifest_sha256", "boundary" ], "properties": { "receipt_version": { "type": "string" }, "kit_id": { "type": "string" }, "job_id": { "type": "string" }, "issued_at": { "type": "string", "format": "date-time" }, "artifacts": { "type": "array", "items": { "type": "object", "required": [ "path", "sha256", "size_bytes" ], "properties": { "path": { "type": "string" }, "sha256": { "type": "string" }, "size_bytes": { "type": "integer" } } } }, "manifest_sha256": { "type": "string", "description": "Canonical SHA-256 hash of the manifest object as returned or referenced." }, "boundary": { "type": "string" } } }, "Receipt": { "type": "object", "required": [ "receipt_version", "job_id", "kit_id", "issued_at", "issuer", "public_key_kid", "manifest_sha256", "manifest_root_hash", "canonical_receipt_sha256", "signature_algorithm", "signature", "scope", "boundary" ], "properties": { "receipt_version": { "type": "string" }, "job_id": { "type": "string" }, "kit_id": { "type": "string" }, "issued_at": { "type": "string", "format": "date-time" }, "issuer": { "type": "string" }, "public_key_kid": { "type": "string" }, "manifest_sha256": { "type": "string" }, "manifest_root_hash": { "type": "string" }, "canonical_receipt_sha256": { "type": "string" }, "signature_algorithm": { "type": "string", "enum": [ "Ed25519" ] }, "signature": { "type": "string" }, "scope": { "type": "string" }, "boundary": { "type": "string" } } }, "VerificationResult": { "type": "object", "required": [ "status", "manifest_hash_valid", "artifact_hashes_valid", "receipt_canonical_hash_valid", "ed25519_signature_valid", "kid_matched", "errors", "boundary" ], "properties": { "status": { "type": "string", "enum": [ "PASS", "FAIL" ] }, "manifest_hash_valid": { "type": "boolean" }, "artifact_hashes_valid": { "type": "boolean" }, "receipt_canonical_hash_valid": { "type": "boolean" }, "ed25519_signature_valid": { "type": "boolean" }, "kid_matched": { "type": "boolean" }, "errors": { "type": "array", "items": { "type": "string" } }, "boundary": { "type": "string" } } }, "ErrorResponse": { "type": "object", "required": [ "error", "code", "message", "request_id" ], "properties": { "error": { "type": "string" }, "code": { "type": "string" }, "message": { "type": "string" }, "request_id": { "type": "string" }, "boundary": { "type": "string" } } }, "Boundary": { "type": "object", "properties": { "boundary": { "type": "string", "example": "Integrity and issuance evidence only. Not audit, certification, or compliance guarantee." } } } } }, "x-attestlayer-boundary": "AttestLayer provides record-only evidence issuance and verification support. It does not certify compliance, replace audit work, provide legal advice, or guarantee the underlying security/compliance state of the customer." }