· 04/10/2025 ·

Intel® Trust Authority REST API Reference

Representational State Transfer (REST) APIs are service endpoints that allow you to use HTTPS to access nearly all the functionality provided by Intel Trust Authority. A few operations, such as creating a new Admin API key, can only be performed in the portal. All the REST APIs require an API key for authorization. For more information, see API keys.

The REST APIs are organized by service and functional area.

• Attestation — Attestation and nonce APIs.
• Azure Attestation — Attestation APIs specifically for Microsoft Azure Attestation compatibility.
• Client Management — This set of APIs supports CRUD operations on API clients.
• Faithful Verification — API to retrieve a Faithful Verification token audit report.
• Policy Management — This set of APIs supports CRUD operations on appraisal and custom policies.
• Product Management — Management APIs to search for and retrieve products.
• Service Management — Management APIs to search for and retrieve services, such as Intel® SGX or Intel® TDX attestation.
• Service Offer Management — Management APIs to search for and retrieve service offers.
• Tenant Management — This set of APIs supports management of tags, tenants, users, and user roles.

Rate Limiting

Intel Trust Authority REST APIs have a rate limit of 1,000 requests per five minutes. If the rate limit is exceeded, additional requests will be throttled, and you may receive a 429 Too Many Requests response. The REST APIs also have a body size limit of 500,000 bytes (500 KB) for each request.

Note

A reduced rate limit of two requests per second is set for the Intel Trust Authority Pilot environments.

Base and API URLs

[!include[Regional URLs](include/regional-urls-note.md)]

OpenID configuration

The following URL returns the OpenID configuration document for Intel Trust Authority:

'https://portal.trustauthority.intel.com/.well-known/openid-configuration`

If you're in the European Union (EU) region, use the following URL:
https://portal.eu.trustauthority.intel.com/.well-known/openid-configuration

Sample response for status code 200:

{
  "response_types_supported": [
    "token",
    "none"
  ],
  "id_token_signing_alg_values_supported": [
    "RS384"
  ],
  "revocation_endpoint": "https://portal.trustauthority.intel.com/crl/ats-ca-crl.der",
  "issuer": "https://portal.trustauthority.intel.com",
  "jwks_uri": "https://portal.trustauthority.intel.com/certs"
}

Signing certificates

The following URL returns the JWKS of certificates used to sign Intel Trust Authority attestation tokens.

https://portal.trustauthority.intel.com/certs

Intel Trust Authority supports PS386 and RS256 token signing algorithms. The signing key sets are identical for both algorithms and both sets are included in the JWKS.

If you are in the European Union (EU) region, use the following Intel Trust Authority URL to return JWKS certificates:
https://portal.eu.trustauthority.intel.com/certs

Sample response for status code 200 (truncated for brevity):

{"keys":[{"alg":"PS384","e":"AQAB","kid":"79d807...6817785","kty":"RSA","n":"yE07D7FRSXLsswdeK7h22kw-Xv2K...ZnbSP"]}]}