OpenReceipt v1 protocol

The OpenReceipt v1 protocol is an open spec — read the canonical version at signedreceipts.org. This page summarises how CloakAPI implements it.

Envelope shape

{
  "v": "v1",
  "alg": "ecdsa-p256-sha256",
  "jti": "01HWRK9GTBF3MXQJ4VZPNDS7CE",
  "kid": "gw-eu-west-2026-04",
  "ts": 1759420800,
  "tenant": "org_abc",
  "request": {
    "method_hash": "sha256:b3a…",
    "input_hash":  "sha256:e4a7…"
  },
  "response": {
    "model": "gpt-4o",
    "provider": "azure-openai-eu-west",
    "input_tokens": 184,
    "output_tokens": 312,
    "output_hash": "sha256:c91…"
  },
  "chain": {
    "seq": 47,
    "prev_hash": "sha256:a3f8c2…"
  },
  "signature": "BASE64URL_ECDSA_SIGNATURE"
}

Field	Meaning
`v`	Protocol version. Always `"v1"`.
`alg`	Signing algorithm. Today only `ecdsa-p256-sha256` is allow-listed.
`jti`	Unique receipt id (ULID).
`kid`	Key id — look up `jwks[kid]` in the public JWKS to get the verifying key.
`ts`	Unix-seconds timestamp the gateway sealed the response.
`tenant`	Opaque tenant id (the API key’s organisation).
`request` / `response`	Hashes of the on-the-wire bytes — never the bytes themselves.
`chain.seq`	Monotonically increasing per-tenant sequence number.
`chain.prev_hash`	Hash of the previous receipt envelope (for the same tenant). Lets auditors detect missing or out-of-order receipts.
`signature`	ECDSA-P-256 signature over the canonical JSON of the envelope minus this field.

Where to find the public key

JWKS: https://api.cloakapi.io/.well-known/cloakapi-receipt-pubkeys.jwks
PEM: https://api.cloakapi.io/.well-known/cloakapi-receipt-pubkey.pem

Keys rotate quarterly. Old keys remain in the JWKS so historic receipts keep verifying indefinitely.