Attesto 1.0

Evidence primitives

Attesto 1.0 is the production control plane: tenants, systems, server-side event ingest, receipts, public verification, anchoring, evidence exports, auditor access, billing, and connector management. Attesto 2.0 builds on this control plane.

Events

Events are the smallest evidence unit. Log events for decisions, approvals, policy checks, model evaluations, connector observations, data-export boundaries, and other moments that a future reviewer may need to inspect.

curl -X POST https://verify.attesto.eu/v1/sdk/events \
  -H "Authorization: Bearer $ATTESTO_API_KEY" \
  -H "Idempotency-Key: $ATTESTO_IDEMPOTENCY_KEY" \
  -H "Content-Type: application/json" \
  --data-binary @event.json

Recommended event fields:

• type: stable machine name such as ai.decision.
• status: domain-specific state such as verified, rejected, or needs_review.
• payload: structured data that is safe and useful for future verification.
• occurred_at: source timestamp when the business event happened.
• source_ref: stable source identifier for dedupe and traceability.

Receipts

A receipt is the acceptance proof for an event. It is not a legal conclusion; it is the technical evidence that a particular event was accepted by Attesto and can be linked to later proof material.

{
  "id": "evt_...",
  "tenant_id": "tenant_...",
  "event_hash": "hex-encoded-hash",
  "received_at": "2026-06-07T12:00:00Z",
  "signature": {
    "alg": "Ed25519",
    "kid": "attesto-signing-key-id",
    "value": "hex-encoded-signature"
  }
}

Verification

Verification in 1.0 proves that event proof material is internally consistent and signed by the expected Attesto signing key. It is the first verification layer. Proofstream extends this with ordered stream history, consistency, witnesses, quorum, fork evidence, and offline bundles.

curl -X POST https://verify.attesto.eu/v1/public/verify \
  -H "Content-Type: application/json" \
  --data-binary @attesto-v1-proof.json

Anchoring

Anchoring binds batch commitments outside the application database. A verifier can inspect the anchor reference to connect exported evidence to an external commitment. Anchoring improves integrity evidence; it does not prove the source payload was true.

Evidence exports and auditors

Tenant users export evidence ranges from the dashboard. Auditors use the auditor portal or portable files to inspect proof material, timestamps, anchors, and verification status. Exports should be kept immutable once shared.