Skip to main content

Verify a pentest attestation by its verification id (no auth)

GET 

/api/v1/public/attestations/:verification_id

Resolve a keyed ATT-… verification id to its public letter.

Login-less: an auditor pastes the id printed on the PDF and gets back the issued attestation (scope, methodology, severity summary, statement). An unknown id 404s. The id is an HMAC-backed bearer credential stored with the issued letter, so historical letters resolve by their persisted id. No internal identifiers are exposed — the stored letter is already the public-safe subset.

Request

Responses

Successful Response