# dev.cocore.compute.verifyReceipt

> Published by [cocore.dev](https://lexicon.garden/identity/did:plc:5quuhkmwe2q4k3azfsgg7kdz)

✓ This is the authoritative definition for this NSID.

## Links

- [View on Lexicon Garden](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.compute.verifyReceipt)
- [Documentation](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.compute.verifyReceipt/docs)
- [Examples](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.compute.verifyReceipt/examples)

## Definitions

### `dev.cocore.compute.verifyReceipt`

**Type**: `query`

Verify an indexed receipt offline-equivalently: structural checks against its job + attestation, a P-256 ECDSA signature check of `enclaveSignature` against the attestation public key, lexicon-schema validation, and — when an MDA cert chain is present — a hardware-attestation check bound to the signing key. `trustLevel` rises to `hardware-attested` only when a valid Apple chain certifies the receipt-signing key.

#### Parameters

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `uri` | `string` (at-uri) | Yes | The receipt record URI to verify. |

#### Output

**Encoding**: `application/json`

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `ok` | `boolean` | Yes |  |
| `findings` | `array` | Yes |  |
| `trustLevel` | `string` | Yes |  |

#### Errors

- **InvalidRequest**: The `uri` parameter is missing.
- **NotFound**: The receipt, or its referenced job/attestation, is not indexed.

## Raw Schema

```json
{
  "id": "dev.cocore.compute.verifyReceipt",
  "defs": {
    "main": {
      "type": "query",
      "errors": [
        {
          "name": "InvalidRequest",
          "description": "The `uri` parameter is missing."
        },
        {
          "name": "NotFound",
          "description": "The receipt, or its referenced job/attestation, is not indexed."
        }
      ],
      "output": {
        "schema": {
          "type": "object",
          "required": [
            "ok",
            "trustLevel",
            "findings"
          ],
          "properties": {
            "ok": {
              "type": "boolean"
            },
            "findings": {
              "type": "array",
              "items": {
                "ref": "dev.cocore.defs#verifyFinding",
                "type": "ref"
              }
            },
            "trustLevel": {
              "enum": [
                "self-attested",
                "hardware-attested"
              ],
              "type": "string"
            }
          }
        },
        "encoding": "application/json"
      },
      "parameters": {
        "type": "params",
        "required": [
          "uri"
        ],
        "properties": {
          "uri": {
            "type": "string",
            "format": "at-uri",
            "description": "The receipt record URI to verify."
          }
        }
      },
      "description": "Verify an indexed receipt offline-equivalently: structural checks against its job + attestation, a P-256 ECDSA signature check of `enclaveSignature` against the attestation public key, lexicon-schema validation, and — when an MDA cert chain is present — a hardware-attestation check bound to the signing key. `trustLevel` rises to `hardware-attested` only when a valid Apple chain certifies the receipt-signing key."
    }
  },
  "$type": "com.atproto.lexicon.schema",
  "lexicon": 1
}
```
