SDKs
Python and TypeScript SDKs
Both SDKs default to https://verify.attesto.eu, validate
system-key shape locally, set idempotency headers, and retry
transient failures with jittered exponential backoff.
Python
pip install attestoimport os
from attesto import AttestoClient
attesto = AttestoClient(api_key=os.environ["ATTESTO_API_KEY"])
ack = attesto.log_event(
type="inference",
status="verified",
source_ref="case-2026-0001:decision-1",
payload={
"model": "risk-service-v4",
"score": 0.91,
"policy_id": "policy-2026-01",
},
)
print(ack.id)Python async
import os
from attesto import AsyncAttestoClient
async with AsyncAttestoClient(api_key=os.environ["ATTESTO_API_KEY"]) as attesto:
ack = await attesto.log_event(
type="ai.decision",
status="verified",
source_ref="case-2026-0001:decision-1",
payload={"decision": "manual_review", "score": 91},
)
print(ack.id)TypeScript
npm install @attesto/sdkimport { AttestoClient } from "@attesto/sdk";
const attesto = new AttestoClient({
apiKey: process.env.ATTESTO_API_KEY!,
});
const ack = await attesto.logEvent({
type: "inference",
status: "verified",
sourceRef: "case-2026-0001:decision-1",
payload: {
model: "risk-service-v4",
score: 0.91,
policy_id: "policy-2026-01",
},
});
console.log(ack.id);Proofstream v2 client
Use AttestoV2Client when you need stream-level receipts,
checkpoint consistency, witness policy visibility, verifier bundles,
and offline verification helpers.
from attesto import AttestoV2Client
with AttestoV2Client(api_key=os.environ["ATTESTO_API_KEY"]) as attesto:
stream = attesto.create_stream(
use_case="ai-decision-history",
policy_id="policy-2026-01",
)
receipt = attesto.log_event(
stream_id=stream.stream_id,
source_ref="source-event-001",
event_type="decision",
payload={"decision": "review", "score": 91},
)
stored = attesto.get_receipt(receipt.stream_event_id)
report = attesto.verify_receipt(
receipt=stored.receipt,
public_key_hex=os.environ["ATTESTO_RECEIPT_SIGNER_PUBLIC_KEY_HEX"],
stream_event_id=receipt.stream_event_id,
)
assert report.okTypeScript Proofstream:
import { AttestoV2Client } from "@attesto/sdk";
const attesto = new AttestoV2Client({
apiKey: process.env.ATTESTO_API_KEY!,
});
const stream = await attesto.createStream({
useCase: "ai-decision-history",
policyId: "policy-2026-01",
});
const receipt = await attesto.logEvent(stream.streamId, {
sourceRef: "case-2026-0001:decision-1",
eventType: "ai.decision",
payload: { decision: "manual_review", score: 91 },
});
const report = await attesto.verifyReceipt({
receipt: receipt.receipt,
streamEventId: receipt.streamEventId,
publicKeyHex: process.env.ATTESTO_RECEIPT_SIGNER_PUBLIC_KEY_HEX!,
});
if (!report.ok) throw new Error(report.problems.join("; "));Offline and online verify helpers
SDK verification methods are useful in services that receive Attesto receipts or bundles and need to fail closed before accepting them.
from attesto import AttestoV2Client
with AttestoV2Client(api_key=os.environ["ATTESTO_API_KEY"]) as attesto:
report = attesto.verify_object(
kind="bundle",
proof_object=bundle_object,
)
if not report.ok:
raise RuntimeError(report.problems)const report = await attesto.verifyObject({
kind: "bundle",
object: bundleObject,
});
if (!report.ok) {
throw new Error(report.problems.join("; "));
}Security rules
- Use SDKs from server-side code only.
- Store system keys in your secret manager and inject them at runtime.
- Do not place system keys in frontend bundles, mobile apps, query strings, or logs.
- Use the default production origin unless your tenant has a private deployment origin.
- Keep idempotency enabled for every write path.