Receipts

Fetch the signed JWS receipt for a previous chat completion.

Every POST /v1/chat/completions response carries a receipt_id in the tresor extension (see Chat Completions). Use this endpoint to retrieve the signed receipt response at any time after the request completed. The receipt field contains the compact signed receipt JWS, whose payload carries the requested and resolved route, request and response digests, and the embedded router_attestation / inference_attestation blocks.

Receipts are issued by default. To opt out for a single request, send X-Tresor-Receipt: false on the chat-completion call; no receipt is stored and receipt_id is omitted from the response.

GET /v1/receipts/{id}

Returns a JSON response containing the requested receipt id and the signed compact JWS for a previously issued receipt owned by the calling API key's customer.

Path parameters

ParameterTypeDescription
idstringThe receipt_id returned by a prior chat completion (e.g. 7c9e6679-7425-40de-944b-e07fc1f90ae7). Must belong to the same customer as the caller.

Headers

HeaderNotes
AuthorizationBearer tr-… API key. Required.

Example request

curl https://api.tresor.co/v1/receipts/7c9e6679-7425-40de-944b-e07fc1f90ae7 \
  -H "Authorization: Bearer YOUR_API_KEY"

Response

200 OK with Content-Type: application/json:

{
  "id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
  "receipt": "eyJhbGciOiJFUzI1NiIsImtpZCI6InJvdXRlci1yZWNlaXB0LTEifQ.eyJqdGkiOiI3YzllNjY3OS0uLi4iLCJpYXQiOjE3NDc4MjIyODgsInJvdXRlZF9tb2RlbCI6ImV1L3RyZXNvci9ncHQtb3NzLTEyMGIiLC4uLn0.MEUCIQD..."
}
FieldTypeDescription
idstringEcho of the requested receipt ID.
receiptstringCompact JWS (ES256) signed by the router. Verify against the JWKS at /.well-known/jwks.json, then inspect the payload claims described in Concepts → Receipts. The full JSON response can be piped directly into tresor-verify.

For example, the raw API response can be verified directly without extracting .receipt first:

curl -s https://api.tresor.co/v1/receipts/7c9e6679-7425-40de-944b-e07fc1f90ae7 \
  -H "Authorization: Bearer $TRESOR_API_KEY" \
  | tresor-verify receipt \
      --jwks-url https://api.tresor.co/.well-known/jwks.json \
      -

For the receipt payload schema and a verification walkthrough, see Concepts → Receipts and the Verify a receipt guide.

Errors

StatuscodeMeaning
400missing_fieldPath parameter id was empty.
401unauthorizedMissing or invalid API key.
404not_foundReceipt does not exist, was never stored (caller opted out via X-Tresor-Receipt: false), or belongs to another customer.
503service_unavailableReceipt storage is temporarily unavailable.

Error bodies follow the standard error envelope.

See also