Console

Technical access

AttestLayer API documentation

Technical access for submitting evidence and retrieving PASS/FAIL output where API access is enabled for the workspace.

Post-purchase execution surface

Console is the authenticated workspace for purchased or issued entitlements. It is not a public marketing site and it does not change Activation pricing, side-offer pricing, checkout links, or fulfillment terms.

Paid side-offer workspaces appear here after purchase: Readiness Check, Buyer Proof Pack, and Service Provider Workspace.

Entitlement-based workspaces

Activation workspaces remain available through the existing buyer console when an Activation entitlement exists. Readiness Check, Buyer Proof Pack, and Service Provider Workspace cards appear only when the matching paid entitlement is active.

Record-only boundary

AttestLayer is record-only. It packages supplied records into structured proof packets with manifests, receipts, signatures, and verification paths. AttestLayer does not certify, audit, legally approve, insure, independently verify supplied claims, or guarantee buyer, procurement, security, partner, or customer approval.

1. Authentication

Use the X-API-Key header. Keys must be kept secret. Keys may be rotated or revoked depending on plan/configuration.

X-API-Key: YOUR_API_KEY

2. Create submission

Create a submission with the API when technical access is enabled.

curl -X POST https://api.attestlayer.com/v1/submissions \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"label":"evidence submission"}'

3. Upload evidence

Upload a ZIP or supported evidence files. Default maximum upload is 100 MB per submission unless a written plan says otherwise.

curl -X POST https://api.attestlayer.com/v1/submissions/SUBMISSION_ID/evidence \
  -H "X-API-Key: YOUR_API_KEY" \
  -F "file=@evidence.zip"

4. Poll status

Expected statuses are PENDING / RUNNING / PASS / FAIL.

curl https://api.attestlayer.com/v1/submissions/SUBMISSION_ID \
  -H "X-API-Key: YOUR_API_KEY"

5. Retrieve deliverables

On PASS, deliverables may include kit.zip, manifest, receipt, signature, binder, verification guide, and supporting JSON artifacts where enabled.

On FAIL, output may include blocker list and fail_report.json where emitted. FAIL burns 0 credits.

6. Security

  • Do not expose API keys.
  • Rotate keys if compromised.
  • Customer remains responsible for submitted evidence.
  • API access depends on plan, entitlement, and account configuration.

7. Support

support@attestlayer.comsecurity@attestlayer.comBuyer Console technical access