dev.cocore.compute.verifyReceipt

cocore.dev

Documentation

Verify an indexed receipt offline-equivalently: structural checks against its job + attestation, a P-256 ECDSA signature check of `enclaveSignature` against the attestation public key, lexicon-schema validation, and — when an MDA cert chain is present — a hardware-attestation check bound to the signing key. `trustLevel` rises to `hardware-attested` only when a valid Apple chain certifies the receipt-signing key.

main query

Verify an indexed receipt offline-equivalently: structural checks against its job + attestation, a P-256 ECDSA signature check of `enclaveSignature` against the attestation public key, lexicon-schema validation, and — when an MDA cert chain is present — a hardware-attestation check bound to the signing key. `trustLevel` rises to `hardware-attested` only when a valid Apple chain certifies the receipt-signing key.

Parameters

uri string at-uri Required

The receipt record URI to verify.

Output

Encodingapplication/json
findings array Required

No description available.

ok boolean Required

No description available.

trustLevel string Required

No description available.

Errors

InvalidRequest The `uri` parameter is missing.
NotFound The receipt, or its referenced job/attestation, is not indexed.
Try It

Requests are sent directly from your browser. Some servers may block requests due to CORS.

Base URL for XRPC calls (e.g., https://api.bsky.social)
Parameters
The receipt record URI to verify.
View raw schema
{
  "type": "query",
  "errors": [
    {
      "name": "InvalidRequest",
      "description": "The `uri` parameter is missing."
    },
    {
      "name": "NotFound",
      "description": "The receipt, or its referenced job/attestation, is not indexed."
    }
  ],
  "output": {
    "schema": {
      "type": "object",
      "required": [
        "ok",
        "trustLevel",
        "findings"
      ],
      "properties": {
        "ok": {
          "type": "boolean"
        },
        "findings": {
          "type": "array",
          "items": {
            "ref": "dev.cocore.defs#verifyFinding",
            "type": "ref"
          }
        },
        "trustLevel": {
          "enum": [
            "self-attested",
            "hardware-attested"
          ],
          "type": "string"
        }
      }
    },
    "encoding": "application/json"
  },
  "parameters": {
    "type": "params",
    "required": [
      "uri"
    ],
    "properties": {
      "uri": {
        "type": "string",
        "format": "at-uri",
        "description": "The receipt record URI to verify."
      }
    }
  },
  "description": "Verify an indexed receipt offline-equivalently: structural checks against its job + attestation, a P-256 ECDSA signature check of `enclaveSignature` against the attestation public key, lexicon-schema validation, and — when an MDA cert chain is present — a hardware-attestation check bound to the signing key. `trustLevel` rises to `hardware-attested` only when a valid Apple chain certifies the receipt-signing key."
}

Lexicon Garden

@