Changelog of Azure APIs

2025/10/15 • 5 updated methods

Attestation_AttestOpenEnclave (updated)

Description	: Processes an OpenEnclave report , producing an artifact. The type of artifact produced is dependent upon attestation policy.
Reference	: Link ¶

⚶ Changes

{
  "#id": "Attestation_AttestOpenEnclave",
  "$parameters": {
    "body": {
      "$properties": [
        {
          "#name": "report",
          "Format": {
            "new": "base64url",
            "old": "byte"
          }
        },
        {
          "runtimeData": [
            {
              "#name": "data",
              "Format": {
                "new": "base64url",
                "old": "byte"
              }
            }
          ]
        },
        {
          "initTimeData": [
            {
              "#name": "data",
              "Format": {
                "new": "base64url",
                "old": "byte"
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

POST: /attest/OpenEnclave

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

body:

{

Required: True ,

}

{

report:

{

Description: OpenEnclave report from the enclave to be attested ,

Format: base64url ,

Required: False ,

}

string ,

runtimeData:

{

Description: Runtime data provided by the enclave at the time of report generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data. ,

Required: False ,

}

{

data:

{

Description: Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's "report data" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's "report data" attribute. ,

Format: base64url ,

Required: False ,

}

string ,

dataType:

{

Description: The type of data contained within the "data" field ,

Enum:

{

Binary: The field's content should be treated as binary and not interpreted by MAA. ,

JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,

}

Required: False ,

}

enum ,

}

initTimeData:

{

Description: Base64Url encoded "InitTime data". The MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors. ,

Required: False ,

}

{

data:

{

Description: Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's "config id" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's "host data" attribute. ,

Format: base64url ,

Required: False ,

}

string ,

dataType:

{

Description: The type of data contained within the "data" field ,

Enum:

{

Binary: The field's content should be treated as binary and not interpreted by MAA. ,

JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,

}

Required: False ,

}

enum ,

}

draftPolicyForAttestation:

{

Description: Attest against the provided draft policy. Note that the resulting token cannot be validated. ,

Required: False ,

}

string ,

nonce:

{

Description: Nonce for incoming request - emitted in the generated attestation token ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

token:

{

Description: An RFC 7519 JSON Web Token, the body of which is an AttestationResult object. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

$headers:

{

x-ms-error-code:

{

Description: String error code indicating what went wrong. ,

}

string ,

}

$schema:

{

Description: A response containing error details. ,

}

{

error:

{

Description: The error object. ,

Required: True ,

}

{

code:

{

Description: One of a server-defined set of error codes. ,

Required: True ,

}

string ,

message:

{

Description: A human-readable representation of the error. ,

Required: True ,

}

string ,

target:

{

Description: The target of the error. ,

Required: False ,

}

string ,

details:

{

Description: An array of details about specific errors that led to this reported error. ,

Required: False ,

}

[

string ,

]

innererror:

{

Description: An object containing more specific information than the current object about the error. ,

Required: False ,

}

{

code:

{

Description: One of a server-defined set of error codes. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

Attestation_AttestSevSnpVm (updated)

Description	: Processes a SEV SNP Boot chain. The type of artifact produced is dependent upon attestation policy.
Reference	: Link ¶

⚶ Changes

{
  "#id": "Attestation_AttestSevSnpVm",
  "$parameters": {
    "body": {
      "$properties": {
        "runtimeData": [
          {
            "#name": "data",
            "Format": {
              "new": "base64url",
              "old": "byte"
            }
          }
        ],
        "initTimeData": [
          {
            "#name": "data",
            "Format": {
              "new": "base64url",
              "old": "byte"
            }
          }
        ]
      }
    }
  }
}

⚼ Request

POST: /attest/SevSnpVm

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

body:

{

Required: True ,

}

{

report:

{

Description: Hardware rooted report of the virtual machine being attested along with the signing certificate chain and optionally, additional endorsements ,

Required: False ,

}

string ,

runtimeData:

{

Description: Runtime data provided by the enclave at the time of report generation. The MAA will verify that the run time data is known to the attestation target. ,

Required: False ,

}

{

data:

{

Format: base64url ,

Required: False ,

}

string ,

dataType:

{

Description: The type of data contained within the "data" field ,

Enum:

{

Binary: The field's content should be treated as binary and not interpreted by MAA. ,

JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,

}

Required: False ,

}

enum ,

}

initTimeData:

{

Description: Initialization data provided by the enclave at the time of report generation. The MAA will verify that the init time data is known to the attestation target. ,

Required: False ,

}

{

data:

{

Format: base64url ,

Required: False ,

}

string ,

dataType:

{

Description: The type of data contained within the "data" field ,

Enum:

{

Binary: The field's content should be treated as binary and not interpreted by MAA. ,

JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,

}

Required: False ,

}

enum ,

}

draftPolicyForAttestation:

{

Description: Attest against the provided draft policy. Note that the resulting token cannot be validated. ,

Required: False ,

}

string ,

nonce:

{

Description: Nonce for incoming request - emitted in the generated attestation token ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

token:

{

Description: An RFC 7519 JSON Web Token, the body of which is an AttestationResult object. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

$headers:

{

x-ms-error-code:

{

Description: String error code indicating what went wrong. ,

}

string ,

}

$schema:

{

Description: A response containing error details. ,

}

{

error:

{

Description: The error object. ,

Required: True ,

}

{

code:

{

Description: One of a server-defined set of error codes. ,

Required: True ,

}

string ,

message:

{

Description: A human-readable representation of the error. ,

Required: True ,

}

string ,

target:

{

Description: The target of the error. ,

Required: False ,

}

string ,

details:

{

Description: An array of details about specific errors that led to this reported error. ,

Required: False ,

}

[

string ,

]

innererror:

{

Description: An object containing more specific information than the current object about the error. ,

Required: False ,

}

{

code:

{

Description: One of a server-defined set of error codes. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

Attestation_AttestSgxEnclave (updated)

Description	: Processes an SGX enclave quote, producing an artifact. The type of artifact produced is dependent upon attestation policy.
Reference	: Link ¶

⚶ Changes

{
  "#id": "Attestation_AttestSgxEnclave",
  "$parameters": {
    "body": {
      "$properties": [
        {
          "#name": "quote",
          "Format": {
            "new": "base64url",
            "old": "byte"
          }
        },
        {
          "runtimeData": [
            {
              "#name": "data",
              "Format": {
                "new": "base64url",
                "old": "byte"
              }
            }
          ]
        },
        {
          "initTimeData": [
            {
              "#name": "data",
              "Format": {
                "new": "base64url",
                "old": "byte"
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

POST: /attest/SgxEnclave

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

body:

{

Required: True ,

}

{

quote:

{

Description: Quote of the enclave to be attested ,

Format: base64url ,

Required: False ,

}

string ,

runtimeData:

{

Description: Runtime data provided by the enclave at the time of quote generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data. ,

Required: False ,

}

{

data:

{

Format: base64url ,

Required: False ,

}

string ,

dataType:

{

Description: The type of data contained within the "data" field ,

Enum:

{

Binary: The field's content should be treated as binary and not interpreted by MAA. ,

JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,

}

Required: False ,

}

enum ,

}

initTimeData:

{

Description: Initialization data provided when the enclave is created. MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors. ,

Required: False ,

}

{

data:

{

Format: base64url ,

Required: False ,

}

string ,

dataType:

{

Description: The type of data contained within the "data" field ,

Enum:

{

Binary: The field's content should be treated as binary and not interpreted by MAA. ,

JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,

}

Required: False ,

}

enum ,

}

draftPolicyForAttestation:

{

Description: Attest against the provided draft policy. Note that the resulting token cannot be validated. ,

Required: False ,

}

string ,

nonce:

{

Description: Nonce for incoming request - emitted in the generated attestation token ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

token:

{

Description: An RFC 7519 JSON Web Token, the body of which is an AttestationResult object. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

$headers:

{

x-ms-error-code:

{

Description: String error code indicating what went wrong. ,

}

string ,

}

$schema:

{

Description: A response containing error details. ,

}

{

error:

{

Description: The error object. ,

Required: True ,

}

{

code:

{

Description: One of a server-defined set of error codes. ,

Required: True ,

}

string ,

message:

{

Description: A human-readable representation of the error. ,

Required: True ,

}

string ,

target:

{

Description: The target of the error. ,

Required: False ,

}

string ,

details:

{

Description: An array of details about specific errors that led to this reported error. ,

Required: False ,

}

[

string ,

]

innererror:

{

Description: An object containing more specific information than the current object about the error. ,

Required: False ,

}

{

code:

{

Description: One of a server-defined set of error codes. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

Attestation_AttestTdxVm (updated)

Description	: Processes an TDX quote, producing an artifact. The type of artifact produced is dependent upon attestation policy.
Reference	: Link ¶

⚶ Changes

{
  "#id": "Attestation_AttestTdxVm",
  "$parameters": {
    "body": {
      "$properties": [
        {
          "#name": "quote",
          "Format": {
            "new": "base64url",
            "old": "byte"
          }
        },
        {
          "runtimeData": [
            {
              "#name": "data",
              "Format": {
                "new": "base64url",
                "old": "byte"
              }
            }
          ]
        },
        {
          "initTimeData": [
            {
              "#name": "data",
              "Format": {
                "new": "base64url",
                "old": "byte"
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

POST: /attest/TdxVm

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

body:

{

Required: True ,

}

{

quote:

{

Description: Quote of the TDX virtual machine to be attested ,

Format: base64url ,

Required: False ,

}

string ,

runtimeData:

{

Required: False ,

}

{

data:

{

Format: base64url ,

Required: False ,

}

string ,

dataType:

{

Description: The type of data contained within the "data" field ,

Enum:

{

Binary: The field's content should be treated as binary and not interpreted by MAA. ,

JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,

}

Required: False ,

}

enum ,

}

initTimeData:

{

Description: Initialization data provided when the enclave is created. MAA will verify that the init data was known to the enclave. ,

Required: False ,

}

{

data:

{

Format: base64url ,

Required: False ,

}

string ,

dataType:

{

Description: The type of data contained within the "data" field ,

Enum:

{

Binary: The field's content should be treated as binary and not interpreted by MAA. ,

JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,

}

Required: False ,

}

enum ,

}

nonce:

{

Description: Nonce for incoming request - emitted in the generated attestation token ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

token:

{

Description: An RFC 7519 JSON Web Token, the body of which is an AttestationResult object. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

$headers:

{

x-ms-error-code:

{

Description: String error code indicating what went wrong. ,

}

string ,

}

$schema:

{

Description: A response containing error details. ,

}

{

error:

{

Description: The error object. ,

Required: True ,

}

{

code:

{

Description: One of a server-defined set of error codes. ,

Required: True ,

}

string ,

message:

{

Description: A human-readable representation of the error. ,

Required: True ,

}

string ,

target:

{

Description: The target of the error. ,

Required: False ,

}

string ,

details:

{

Description: An array of details about specific errors that led to this reported error. ,

Required: False ,

}

[

string ,

]

innererror:

{

Description: An object containing more specific information than the current object about the error. ,

Required: False ,

}

{

code:

{

Description: One of a server-defined set of error codes. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

Attestation_AttestTpm (updated)

Description	: Processes attestation evidence from a VBS enclave, producing an attestation result. The attestation result produced is dependent upon the attestation policy.
Reference	: Link ¶

⚶ Changes

{
  "#id": "Attestation_AttestTpm",
  "$parameters": {
    "body": {
      "$properties": [
        {
          "#name": "data",
          "Format": {
            "new": "base64url",
            "old": "byte"
          }
        }
      ]
    }
  },
  "$responses": {
    "200": {
      "$properties": [
        {
          "#name": "data",
          "Format": {
            "new": "base64url",
            "old": "byte"
          }
        }
      ]
    }
  }
}

⚼ Request

POST: /attest/Tpm

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

body:

{

Required: True ,

}

{

data:

{

Description: Protocol data containing artifacts for attestation. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

data:

{

Description: Protocol data containing attestation service response. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

$headers:

{

x-ms-error-code:

{

Description: String error code indicating what went wrong. ,

}

string ,

}

$schema:

{

Description: A response containing error details. ,

}

{

error:

{

Description: The error object. ,

Required: True ,

}

{

code:

{

Description: One of a server-defined set of error codes. ,

Required: True ,

}

string ,

message:

{

Description: A human-readable representation of the error. ,

Required: True ,

}

string ,

target:

{

Description: The target of the error. ,

Required: False ,

}

string ,

details:

{

Description: An array of details about specific errors that led to this reported error. ,

Required: False ,

}

[

string ,

]

innererror:

{

Description: An object containing more specific information than the current object about the error. ,

Required: False ,

}

{

code:

{

Description: One of a server-defined set of error codes. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

Attestation REST API (stable:2025-06-01)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)