Microsoft.Attestation (stable:2025-06-01)

2025/07/09 • 15 new methods

Policy_Get (new)
Description Retrieves the current policy for an attestation type.
Reference Link ¶

⚼ Request

GET:  /policies/{attestationType}
{
api-version:
{
Description: Client API version. Current version is 2025-06-01 ,
Required: True ,
}
string ,
attestationType:
{
Description: Specifies the trusted execution environment to be used to validate the evidence ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
token:
{
Description: An RFC7519 JSON Web Token structure whose body is an PolicyResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: An error response from Attestation. ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for displaying in a user interface. ,
Required: False ,
}
string ,
}
,
}
Policy_Set (new)
Description Sets the policy for a given attestation type.
Reference Link ¶

⚼ Request

PUT:  /policies/{attestationType}
{
api-version:
{
Description: Client API version. Current version is 2025-06-01 ,
Required: True ,
}
string ,
attestationType:
{
Description: Specifies the trusted execution environment to be used to validate the evidence ,
Required: True ,
}
string ,
newAttestationPolicy:
{
Description: JWT Expressing the new policy whose body is a StoredAttestationPolicy object. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
token:
{
Description: An RFC7519 JSON Web Token structure whose body is an PolicyResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: An error response from Attestation. ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for displaying in a user interface. ,
Required: False ,
}
string ,
}
,
}
Policy_Reset (new)
Description Resets the attestation policy for the specified tenant and reverts to the default policy.
Reference Link ¶

⚼ Request

POST:  /policies/{attestationType}:reset
{
api-version:
{
Description: Client API version. Current version is 2025-06-01 ,
Required: True ,
}
string ,
attestationType:
{
Description: Specifies the trusted execution environment to be used to validate the evidence ,
Required: True ,
}
string ,
PolicyJws:
{
Description: JSON Web Signature with an empty policy document ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
token:
{
Description: An RFC7519 JSON Web Token structure whose body is an PolicyResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: An error response from Attestation. ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for displaying in a user interface. ,
Required: False ,
}
string ,
}
,
}
PolicyCertificates_Get (new)
Description Retrieves the set of certificates used to express policy for the current tenant.
Reference Link ¶

⚼ Request

GET:  /certificates
{
api-version:
{
Description: Client API version. Current version is 2025-06-01 ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
token:
{
Description: An RFC7519 JSON Web Token structure containing a PolicyCertificatesResults object which contains the certificates used to validate policy changes ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: An error response from Attestation. ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for displaying in a user interface. ,
Required: False ,
}
string ,
}
,
}
PolicyCertificates_Add (new)
Description Adds a new attestation policy certificate to the set of policy management certificates.
Reference Link ¶

⚼ Request

POST:  /certificates:add
{
api-version:
{
Description: Client API version. Current version is 2025-06-01 ,
Required: True ,
}
string ,
policyCertificateToAdd:
{
Description: An RFC7519 JSON Web Token whose body is an RFC7517 JSON Web Key object. The RFC7519 JWT must be signed with one of the existing signing certificates ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
token:
{
Description: An RFC7519 JSON Web Token structure whose body is a PolicyCertificatesModificationResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: An error response from Attestation. ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for displaying in a user interface. ,
Required: False ,
}
string ,
}
,
}
PolicyCertificates_Remove (new)
Description Removes the specified policy management certificate. Note that the final policy management certificate cannot be removed.
Reference Link ¶

⚼ Request

POST:  /certificates:remove
{
api-version:
{
Description: Client API version. Current version is 2025-06-01 ,
Required: True ,
}
string ,
policyCertificateToRemove:
{
Description: An RFC7519 JSON Web Token whose body is an AttestationCertificateManagementBody object. The RFC7519 JWT must be signed with one of the existing signing certificates ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
token:
{
Description: An RFC7519 JSON Web Token structure whose body is a PolicyCertificatesModificationResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: An error response from Attestation. ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for displaying in a user interface. ,
Required: False ,
}
string ,
}
,
}
Attestation_AttestOpenEnclave (new)
Description Processes an OpenEnclave report , producing an artifact. The type of artifact produced is dependent upon attestation policy.
Reference Link ¶

⚼ Request

POST:  /attest/OpenEnclave
{
api-version:
{
Description: Client API version. Current version is 2025-06-01 ,
Required: True ,
}
string ,
request:
{
Description: Request object containing the quote ,
Required: True ,
}
{
report:
{
Description: OpenEnclave report from the enclave to be attested ,
Format: base64url ,
Required: False ,
}
string ,
runtimeData:
{
Description: Runtime data provided by the enclave at the time of report generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data. ,
Required: False ,
}
{
data:
{
Description: Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's "report data" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's "report data" attribute. ,
Format: base64url ,
Required: False ,
}
string ,
dataType:
{
Description: The type of data contained within the "data" field ,
Enum:
{
Binary: The field's content should be treated as binary and not interpreted by MAA. ,
JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,
}
,
Required: False ,
}
enum ,
}
,
initTimeData:
{
Description: Base64Url encoded "InitTime data". The MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors. ,
Required: False ,
}
{
data:
{
Description: Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's "config id" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's "host data" attribute. ,
Format: base64url ,
Required: False ,
}
string ,
dataType:
{
Description: The type of data contained within the "data" field ,
Enum:
{
Binary: The field's content should be treated as binary and not interpreted by MAA. ,
JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,
}
,
Required: False ,
}
enum ,
}
,
draftPolicyForAttestation:
{
Description: Attest against the provided draft policy. Note that the resulting token cannot be validated. ,
Required: False ,
}
string ,
nonce:
{
Description: Nonce for incoming request - emitted in the generated attestation token ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
token:
{
Description: An RFC 7519 JSON Web Token, the body of which is an AttestationResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: An error response from Attestation. ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for displaying in a user interface. ,
Required: False ,
}
string ,
}
,
}
Attestation_AttestSgxEnclave (new)
Description Processes an SGX enclave quote, producing an artifact. The type of artifact produced is dependent upon attestation policy.
Reference Link ¶

⚼ Request

POST:  /attest/SgxEnclave
{
api-version:
{
Description: Client API version. Current version is 2025-06-01 ,
Required: True ,
}
string ,
request:
{
Description: Request object containing the quote ,
Required: True ,
}
{
quote:
{
Description: Quote of the enclave to be attested ,
Format: base64url ,
Required: False ,
}
string ,
runtimeData:
{
Description: Runtime data provided by the enclave at the time of quote generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data. ,
Required: False ,
}
{
data:
{
Description: Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's "report data" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's "report data" attribute. ,
Format: base64url ,
Required: False ,
}
string ,
dataType:
{
Description: The type of data contained within the "data" field ,
Enum:
{
Binary: The field's content should be treated as binary and not interpreted by MAA. ,
JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,
}
,
Required: False ,
}
enum ,
}
,
initTimeData:
{
Description: Initialization data provided when the enclave is created. MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors. ,
Required: False ,
}
{
data:
{
Description: Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's "config id" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's "host data" attribute. ,
Format: base64url ,
Required: False ,
}
string ,
dataType:
{
Description: The type of data contained within the "data" field ,
Enum:
{
Binary: The field's content should be treated as binary and not interpreted by MAA. ,
JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,
}
,
Required: False ,
}
enum ,
}
,
draftPolicyForAttestation:
{
Description: Attest against the provided draft policy. Note that the resulting token cannot be validated. ,
Required: False ,
}
string ,
nonce:
{
Description: Nonce for incoming request - emitted in the generated attestation token ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
token:
{
Description: An RFC 7519 JSON Web Token, the body of which is an AttestationResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: An error response from Attestation. ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for displaying in a user interface. ,
Required: False ,
}
string ,
}
,
}
Attestation_AttestAzureGuest (new)
Description Processes an Azure Guest TCG Log, producing an artifact. The type of artifact produced is dependent upon attestation policy.
Reference Link ¶

⚼ Request

POST:  /attest/AzureGuest
{
api-version:
{
Description: Client API version. Current version is 2025-06-01 ,
Required: True ,
}
string ,
request:
{
Description: Request object containing TCG Logs from the Azure Guest. ,
Required: True ,
}
{
attestationInfo:
{
Description: Attestation client information containing all artifacts required for Guest Attestation. ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
token:
{
Description: A sealed RFC 7519 JSON Web Token, the body of which is an AttestationResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: An error response from Attestation. ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for displaying in a user interface. ,
Required: False ,
}
string ,
}
,
}
Attestation_AttestTpm (new)
Description Processes attestation evidence from a VBS enclave, producing an attestation result. The attestation result produced is dependent upon the attestation policy.
Reference Link ¶

⚼ Request

POST:  /attest/Tpm
{
api-version:
{
Description: Client API version. Current version is 2025-06-01 ,
Required: True ,
}
string ,
request:
{
Description: Request object ,
Required: True ,
}
{
data:
{
Description: Protocol data containing artifacts for attestation. ,
Format: base64url ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
data:
{
Description: Protocol data containing attestation service response. ,
Format: base64url ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: An error response from Attestation. ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for displaying in a user interface. ,
Required: False ,
}
string ,
}
,
}
Attestation_AttestSevSnpVm (new)
Description Processes a SEV SNP Boot chain. The type of artifact produced is dependent upon attestation policy.
Reference Link ¶

⚼ Request

POST:  /attest/SevSnpVm
{
api-version:
{
Description: Client API version. Current version is 2025-06-01 ,
Required: True ,
}
string ,
request:
{
Description: Request object containing the quote ,
Required: True ,
}
{
report:
{
Description: Hardware rooted report of the virtual machine being attested along with the signing certificate chain and optionally, additional endorsements ,
Required: False ,
}
string ,
runtimeData:
{
Description: Runtime data provided by the enclave at the time of report generation. The MAA will verify that the run time data is known to the attestation target. ,
Required: False ,
}
{
data:
{
Description: Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's "report data" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's "report data" attribute. ,
Format: base64url ,
Required: False ,
}
string ,
dataType:
{
Description: The type of data contained within the "data" field ,
Enum:
{
Binary: The field's content should be treated as binary and not interpreted by MAA. ,
JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,
}
,
Required: False ,
}
enum ,
}
,
initTimeData:
{
Description: Initialization data provided by the enclave at the time of report generation. The MAA will verify that the init time data is known to the attestation target. ,
Required: False ,
}
{
data:
{
Description: Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's "config id" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's "host data" attribute. ,
Format: base64url ,
Required: False ,
}
string ,
dataType:
{
Description: The type of data contained within the "data" field ,
Enum:
{
Binary: The field's content should be treated as binary and not interpreted by MAA. ,
JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,
}
,
Required: False ,
}
enum ,
}
,
draftPolicyForAttestation:
{
Description: Attest against the provided draft policy. Note that the resulting token cannot be validated. ,
Required: False ,
}
string ,
nonce:
{
Description: Nonce for incoming request - emitted in the generated attestation token ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
token:
{
Description: An RFC 7519 JSON Web Token, the body of which is an AttestationResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: An error response from Attestation. ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for displaying in a user interface. ,
Required: False ,
}
string ,
}
,
}
Attestation_AttestTdxVm (new)
Description Processes an TDX quote, producing an artifact. The type of artifact produced is dependent upon attestation policy.
Reference Link ¶

⚼ Request

POST:  /attest/TdxVm
{
api-version:
{
Description: Client API version. Current version is 2025-06-01 ,
Required: True ,
}
string ,
request:
{
Description: Request object containing the quote ,
Required: True ,
}
{
quote:
{
Description: Quote of the TDX virtual machine to be attested ,
Format: base64url ,
Required: False ,
}
string ,
runtimeData:
{
Description: Runtime data provided by the enclave at the time of quote generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data. ,
Required: False ,
}
{
data:
{
Description: Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's "report data" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's "report data" attribute. ,
Format: base64url ,
Required: False ,
}
string ,
dataType:
{
Description: The type of data contained within the "data" field ,
Enum:
{
Binary: The field's content should be treated as binary and not interpreted by MAA. ,
JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,
}
,
Required: False ,
}
enum ,
}
,
initTimeData:
{
Description: Initialization data provided when the enclave is created. MAA will verify that the init data was known to the enclave. ,
Required: False ,
}
{
data:
{
Description: Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's "config id" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's "host data" attribute. ,
Format: base64url ,
Required: False ,
}
string ,
dataType:
{
Description: The type of data contained within the "data" field ,
Enum:
{
Binary: The field's content should be treated as binary and not interpreted by MAA. ,
JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,
}
,
Required: False ,
}
enum ,
}
,
nonce:
{
Description: Nonce for incoming request - emitted in the generated attestation token ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
token:
{
Description: An RFC 7519 JSON Web Token, the body of which is an AttestationResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: An error response from Attestation. ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for displaying in a user interface. ,
Required: False ,
}
string ,
}
,
}
TcbBaselines_Get (new)
Description Retrieves a list of all Azure supported baseline details for the a TEE type along with an indication of which one is in enforced for the attestation provider.
Reference Link ¶

⚼ Request

GET:  /tcbbaselines/{attestationType}
{
api-version:
{
Description: Client API version. Current version is 2025-06-01 ,
Required: True ,
}
string ,
attestationType:
{
Description: Specifies the trusted execution environment to be used to validate the evidence ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
tcbBaselines:
{
Description: A list of all Azure supported baseline details for the a TEE type along with an indication of which one is in enforced for the attestation provider ,
Required: False ,
}
[
{
tcbIdentifier:
{
Description: The Tcb baseline Identifier used in attestation policy ,
Required: False ,
}
string ,
tcbEvaluationDataNumber:
{
Description: A monotonically increasing sequence number changed when Intel updates the content of the TCB evaluation data set. SGX TEE specific property ,
Format: int32 ,
Required: False ,
}
integer ,
tcbReleaseDate:
{
Description: Date and time when the Tcb is released. SGX TEE specific property ,
Format: date-time ,
Required: False ,
}
string ,
minimumPswLinuxVersion:
{
Description: Minimum Linux PSW version required to support the corresponding Tcb baseline. SGX TEE specific property ,
Required: False ,
}
string ,
minimumPswWindowsVersion:
{
Description: Minimum Windows PSW version required to support the corresponding Tcb baseline. SGX TEE specific property ,
Required: False ,
}
string ,
isSelectedTcb:
{
Description: The corresponding Tcb baseline is set in attestation policy and is used in attestation request if set to true ,
Required: False ,
}
boolean ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: An error response from Attestation. ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for displaying in a user interface. ,
Required: False ,
}
string ,
}
,
}
SigningCertificates_Get (new)
Description Retrieves metadata signing certificates in use by the attestation service
Reference Link ¶

⚼ Request

GET:  /certs
{}

⚐ Response (200)

{
keys:
{
Description: The value of the "keys" parameter is an array of JWK values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired. ,
Required: False ,
}
[
{
alg:
{
Description: The "alg" (algorithm) parameter identifies the algorithm intended for use with the key. The values used should either be registered in the IANA "JSON Web Signature and Encryption Algorithms" registry established by [JWA] or be a value that contains a Collision- Resistant Name. ,
Required: False ,
}
string ,
crv:
{
Description: The "crv" (curve) parameter identifies the curve type ,
Required: False ,
}
string ,
d:
{
Description: RSA private exponent or ECC private key ,
Required: False ,
}
string ,
dp:
{
Description: RSA Private Key Parameter ,
Required: False ,
}
string ,
dq:
{
Description: RSA Private Key Parameter ,
Required: False ,
}
string ,
e:
{
Description: RSA public exponent, in Base64 ,
Required: False ,
}
string ,
k:
{
Description: Symmetric key ,
Required: False ,
}
string ,
kid:
{
Description: The "kid" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the "kid" value is unspecified. When "kid" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct "kid" values. (One example in which different keys might use the same "kid" value is if they have different "kty" (key type) values but are considered to be equivalent alternatives by the application using them.) The "kid" value is a case-sensitive string. ,
Required: False ,
}
string ,
kty:
{
Description: The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key, such as "RSA" or "EC". "kty" values should either be registered in the IANA "JSON Web Key Types" registry established by [JWA] or be a value that contains a Collision- Resistant Name. The "kty" value is a case-sensitive string. ,
Required: True ,
}
string ,
n:
{
Description: RSA modulus, in Base64 ,
Required: False ,
}
string ,
p:
{
Description: RSA secret prime ,
Required: False ,
}
string ,
q:
{
Description: RSA secret prime, with p < q ,
Required: False ,
}
string ,
qi:
{
Description: RSA Private Key Parameter ,
Required: False ,
}
string ,
use:
{
Description: Use ("public key use") identifies the intended use of the public key. The "use" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly "sig" (signature) or "enc" (encryption). ,
Required: False ,
}
string ,
x:
{
Description: X coordinate for the Elliptic Curve point ,
Required: False ,
}
string ,
x5c:
{
Description: The "x5c" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280]. The certificate chain is represented as a JSON array of certificate value strings. Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate. ,
Required: False ,
}
[
string ,
]
,
y:
{
Description: Y coordinate for the Elliptic Curve point ,
Required: False ,
}
string ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: An error response from Attestation. ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for displaying in a user interface. ,
Required: False ,
}
string ,
}
,
}
MetadataConfiguration_Get (new)
Description Retrieves metadata about the attestation signing keys in use by the attestation service
Reference Link ¶

⚼ Request

GET:  /.well-known/openid-configuration
{}

⚐ Response (200)

{
response_types_supported:
{
Description: Types supported in the OpenID metadata API ,
Required: False ,
}
[
string ,
]
,
id_token_signing_alg_values_supported:
{
Description: List of the supported signing algorithms ,
Required: False ,
}
[
string ,
]
,
revocation_endpoint:
{
Description: Revocation endpoint ,
Required: False ,
}
string ,
issuer:
{
Description: Issuer tenant base endpoint ,
Required: False ,
}
string ,
jwks_uri:
{
Description: The URI to retrieve the signing keys ,
Required: False ,
}
string ,
claims_supported:
{
Description: Set of claims supported by the OpenID metadata endpoint ,
Required: False ,
}
[
string ,
]
,
}

⚐ Response (default)

{
error:
{
Description: An error response from Attestation. ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for displaying in a user interface. ,
Required: False ,
}
string ,
}
,
}