> ## Documentation Index > Fetch the complete documentation index at: https://support.fortanix.com/llms.txt > Use this file to discover all available pages before exploring further. # Retrieve a key attestation certificate for a security object. > If the cluster is capable of key attestation, and requested security object supports key attestation (currently only RSA or EC keys that have their private key component), a key attestation is returned. ## OpenAPI ````json POST /crypto/v1/keys/key_attestation { "openapi": "3.0.0", "info": { "title": "Fortanix DSM REST API", "description": "This is a set of REST APIs for accessing the Fortanix Data Security Manager. This includes APIs for managing accounts, and for performing cryptographic and key management operations. \n\n **Note:** \n- All binary input should be base64-encoded. These fields are marked with `format: byte`. \n- For forward compatibility, any API client is expected to ignore any fields in the response not explicitly mentioned in the documentation. We reserve the right to add new fields at any time to provide new functionality without affecting existing API clients.", "termsOfService": "https://www.fortanix.com/legal/terms/", "contact": { "name": "Fortanix Support", "url": "https://support.fortanix.com/", "email": "support@fortanix.com" }, "license": { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "0.1.0-20260526" }, "servers": [ { "url": "https://amer.smartkey.io" } ], "paths": { "/crypto/v1/keys/key_attestation": { "post": { "operationId": "GetKeyAttestation", "tags": [ "Keys" ], "security": [ { "bearerToken": [] }, { "apiKeyAuth": [] } ], "summary": "Retrieve a key attestation certificate for a security object.", "description": "If the cluster is capable of key attestation, and requested security\nobject supports key attestation (currently only RSA or EC keys that have\ntheir private key component), a key attestation is returned.", "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/KeyAttestationRequest" } } } }, "responses": { "2XX": { "description": "Success result", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/KeyAttestationResponse" } } } } } } } }, "components": { "schemas": { "KeyAttestationRequest": { "allOf": [ { "type": "object", "description": "Request to retrieve a key attestation certificate for a security object.", "properties": { "key": { "$ref": "#/components/schemas/SobjectDescriptorPersisted" } }, "required": [ "key" ] } ] }, "KeyAttestationResponse": { "allOf": [ { "type": "object", "description": "Key attestation response.", "properties": { "authority_chain": { "type": "array", "items": { "type": "string", "format": "byte" }, "description": "The DER-encoded certificate chain for the authority issuing the key\nattestation statement." }, "attestation_statement": { "$ref": "#/components/schemas/KeyAttestationStatement" } }, "required": [ "authority_chain", "attestation_statement" ] } ] }, "SobjectDescriptorPersisted": { "description": "Uniquely identifies a persisted sobject.", "oneOf": [ { "title": "SobjectDescriptorPersistedVariantKid", "type": "object", "properties": { "kid": { "type": "string", "format": "uuid" } }, "required": [ "kid" ] }, { "title": "SobjectDescriptorPersistedVariantName", "type": "object", "properties": { "name": { "type": "string", "maxLength": 4096, "pattern": "^[^\\n]*[^\\s\\n][^\\n]*$" } }, "required": [ "name" ] } ] }, "KeyAttestationStatement": { "allOf": [ { "type": "object", "description": "A key attestation statement", "properties": { "format": { "$ref": "#/components/schemas/KeyAttestationStatementFormat" }, "statement": { "type": "string", "format": "byte", "description": "The key attestation statement formatted according to `format`" } }, "required": [ "format", "statement" ] } ] }, "KeyAttestationStatementFormat": { "type": "string", "enum": [ "x509_certificate" ] } } } } ````