Rest API | Treza Docs

Get user enclaves

get

/api/enclaves

Retrieve all enclaves associated with a wallet address

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

walletstringRequired

Wallet address to filter enclaves

Example: 0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB

Responses

200

List of enclaves

application/json

400

Missing wallet address

application/json

500

Internal server error

application/json

get

/api/enclaves

GET /api/enclaves?wallet=0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "enclaves": [
    {
      "id": "enc_123456",
      "name": "Trading Bot Enclave",
      "description": "Secure environment for automated trading strategies",
      "status": "PENDING_DEPLOY",
      "region": "us-east-1",
      "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB",
      "providerId": "aws-nitro",
      "providerConfig": {
        "dockerImage": "my-app:latest",
        "cpuCount": 2,
        "memoryMiB": 512
      },
      "createdAt": "2024-01-15T00:00:00Z",
      "updatedAt": "2024-01-15T00:00:00Z",
      "githubConnection": {
        "isConnected": true,
        "username": "example-user",
        "selectedRepo": "example-user/trading-bot",
        "selectedBranch": "main",
        "accessToken": "gho_xxxxxxxxxxxxxxxxxxxx"
      },
      "error_message": "Deployment failed: Instance type not compatible with Nitro Enclaves"
    }
  ]
}

Create new enclave

post

/api/enclaves

Create a new secure enclave

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

namestringRequiredExample: Trading Bot Enclave

descriptionstringRequiredExample: Secure environment for automated trading strategies

regionstringRequiredExample: us-east-1

walletAddressstringRequiredExample: 0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB

providerIdstringRequiredExample: aws-nitro

providerConfigobjectOptionalExample: {"dockerImage":"my-app:latest","cpuCount":2,"memoryMiB":512}

Responses

201

Enclave created successfully

application/json

400

Missing required fields or invalid provider configuration

application/json

500

Internal server error

application/json

post

/api/enclaves

POST /api/enclaves HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 456

{
  "name": "Trading Bot Enclave",
  "description": "Secure environment for automated trading strategies",
  "region": "us-east-1",
  "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB",
  "providerId": "aws-nitro",
  "providerConfig": {
    "dockerImage": "my-app:latest",
    "cpuCount": 2,
    "memoryMiB": 512
  },
  "githubConnection": {
    "isConnected": true,
    "username": "example-user",
    "selectedRepo": "example-user/trading-bot",
    "selectedBranch": "main",
    "accessToken": "gho_xxxxxxxxxxxxxxxxxxxx"
  }
}

{
  "enclave": {
    "id": "enc_123456",
    "name": "Trading Bot Enclave",
    "description": "Secure environment for automated trading strategies",
    "status": "PENDING_DEPLOY",
    "region": "us-east-1",
    "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB",
    "providerId": "aws-nitro",
    "providerConfig": {
      "dockerImage": "my-app:latest",
      "cpuCount": 2,
      "memoryMiB": 512
    },
    "createdAt": "2024-01-15T00:00:00Z",
    "updatedAt": "2024-01-15T00:00:00Z",
    "githubConnection": {
      "isConnected": true,
      "username": "example-user",
      "selectedRepo": "example-user/trading-bot",
      "selectedBranch": "main",
      "accessToken": "gho_xxxxxxxxxxxxxxxxxxxx"
    },
    "error_message": "Deployment failed: Instance type not compatible with Nitro Enclaves"
  }
}

Update enclave

put

/api/enclaves

Update an existing enclave

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

idstringRequiredExample: enc_123456

namestringOptionalExample: Updated Enclave Name

descriptionstringOptionalExample: Updated description

regionstringOptionalExample: us-west-2

walletAddressstringRequiredExample: 0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB

providerIdstringOptionalExample: aws-nitro

providerConfigobjectOptionalExample: {"dockerImage":"my-app:v2","cpuCount":4,"memoryMiB":1024}

Responses

200

Enclave updated successfully

application/json

400

Missing required fields or invalid provider configuration

application/json

404

Enclave not found or access denied

application/json

500

Internal server error

application/json

put

/api/enclaves

PUT /api/enclaves HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 440

{
  "id": "enc_123456",
  "name": "Updated Enclave Name",
  "description": "Updated description",
  "region": "us-west-2",
  "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB",
  "providerId": "aws-nitro",
  "providerConfig": {
    "dockerImage": "my-app:v2",
    "cpuCount": 4,
    "memoryMiB": 1024
  },
  "githubConnection": {
    "isConnected": true,
    "username": "example-user",
    "selectedRepo": "example-user/trading-bot",
    "selectedBranch": "main",
    "accessToken": "gho_xxxxxxxxxxxxxxxxxxxx"
  }
}

{
  "enclave": {
    "id": "enc_123456",
    "name": "Trading Bot Enclave",
    "description": "Secure environment for automated trading strategies",
    "status": "PENDING_DEPLOY",
    "region": "us-east-1",
    "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB",
    "providerId": "aws-nitro",
    "providerConfig": {
      "dockerImage": "my-app:latest",
      "cpuCount": 2,
      "memoryMiB": 512
    },
    "createdAt": "2024-01-15T00:00:00Z",
    "updatedAt": "2024-01-15T00:00:00Z",
    "githubConnection": {
      "isConnected": true,
      "username": "example-user",
      "selectedRepo": "example-user/trading-bot",
      "selectedBranch": "main",
      "accessToken": "gho_xxxxxxxxxxxxxxxxxxxx"
    },
    "error_message": "Deployment failed: Instance type not compatible with Nitro Enclaves"
  }
}

Delete enclave

delete

/api/enclaves

Delete an existing enclave

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

idstringRequired

Enclave ID to delete

Example: enc_123456

walletstringRequired

Wallet address for authorization

Example: 0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB

Responses

200

Enclave deleted successfully

application/json

messagestringOptionalExample: Enclave deleted successfully

400

Missing required parameters

application/json

404

Enclave not found or access denied

application/json

500

Internal server error

application/json

delete

/api/enclaves

DELETE /api/enclaves?id=enc_123456&wallet=0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "message": "Enclave deleted successfully"
}

Get specific enclave

get

/api/enclaves/{id}

Retrieve details for a specific enclave by ID

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

idstringRequired

Enclave ID

Example: enc_123456

Responses

200

Enclave details retrieved successfully

application/json

404

Enclave not found

application/json

500

Internal server error

application/json

get

/api/enclaves/{id}

GET /api/enclaves/{id} HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "enclave": {
    "id": "enc_123456",
    "name": "Trading Bot Enclave",
    "description": "Secure environment for automated trading strategies",
    "status": "PENDING_DEPLOY",
    "region": "us-east-1",
    "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB",
    "providerId": "aws-nitro",
    "providerConfig": {
      "dockerImage": "my-app:latest",
      "cpuCount": 2,
      "memoryMiB": 512
    },
    "createdAt": "2024-01-15T00:00:00Z",
    "updatedAt": "2024-01-15T00:00:00Z",
    "githubConnection": {
      "isConnected": true,
      "username": "example-user",
      "selectedRepo": "example-user/trading-bot",
      "selectedBranch": "main",
      "accessToken": "gho_xxxxxxxxxxxxxxxxxxxx"
    },
    "error_message": "Deployment failed: Instance type not compatible with Nitro Enclaves"
  }
}

Delete specific enclave

delete

/api/enclaves/{id}

Delete a specific enclave by ID (only if in terminal state)

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

idstringRequired

Enclave ID

Example: enc_123456

Query parameters

walletstringRequired

Wallet address for authorization

Example: 0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB

Responses

200

Enclave deleted successfully

application/json

messagestringOptionalExample: Enclave deleted successfully

400

Enclave not in terminal state or missing parameters

application/json

403

Unauthorized - wallet mismatch

application/json

404

Enclave not found

application/json

500

Internal server error

application/json

delete

/api/enclaves/{id}

DELETE /api/enclaves/{id}?wallet=0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "message": "Enclave deleted successfully"
}

Manage enclave lifecycle

patch

/api/enclaves/{id}

Perform lifecycle actions on an enclave (pause, resume, terminate)

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

idstringRequired

Enclave ID

Example: enc_123456

Body

actionstring · enumRequired

Action to perform on the enclave

Example: pausePossible values:

walletAddressstringRequiredExample: 0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB

Responses

200

Lifecycle action performed successfully

application/json

messagestringOptionalExample: Enclave pause initiated successfully

400

Invalid action or enclave state

application/json

403

Unauthorized - wallet mismatch

application/json

404

Enclave not found

application/json

500

Internal server error

application/json

patch

/api/enclaves/{id}

PATCH /api/enclaves/{id} HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 79

{
  "action": "pause",
  "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB"
}

{
  "enclave": {
    "id": "enc_123456",
    "name": "Trading Bot Enclave",
    "description": "Secure environment for automated trading strategies",
    "status": "PENDING_DEPLOY",
    "region": "us-east-1",
    "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB",
    "providerId": "aws-nitro",
    "providerConfig": {
      "dockerImage": "my-app:latest",
      "cpuCount": 2,
      "memoryMiB": 512
    },
    "createdAt": "2024-01-15T00:00:00Z",
    "updatedAt": "2024-01-15T00:00:00Z",
    "githubConnection": {
      "isConnected": true,
      "username": "example-user",
      "selectedRepo": "example-user/trading-bot",
      "selectedBranch": "main",
      "accessToken": "gho_xxxxxxxxxxxxxxxxxxxx"
    },
    "error_message": "Deployment failed: Instance type not compatible with Nitro Enclaves"
  },
  "message": "Enclave pause initiated successfully"
}

Get enclave logs

get

/api/enclaves/{id}/logs

Retrieve logs for a specific enclave from various sources

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

idstringRequired

Enclave ID

Example: enc_123456

Query parameters

typestring · enumOptional

Type of logs to retrieve

Default: allExample: applicationPossible values:

limitinteger · min: 1 · max: 1000Optional

Maximum number of log entries to return

Default: 100Example: 50

Responses

200

Logs retrieved successfully

application/json

enclave_idstringOptionalExample: enc_123456

enclave_namestringOptionalExample: Trading Bot Enclave

enclave_statusstringOptionalExample: DEPLOYED

404

Enclave not found

application/json

500

Internal server error

application/json

get

/api/enclaves/{id}/logs

GET /api/enclaves/{id}/logs HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "enclave_id": "enc_123456",
  "enclave_name": "Trading Bot Enclave",
  "enclave_status": "DEPLOYED",
  "logs": {
    "ecs": [
      {
        "timestamp": 1640995200000,
        "message": "Application started successfully",
        "source": "application",
        "stream": "ecs/treza-dev-terraform-runner/12345",
        "type": "stdout",
        "logGroup": "/aws/nitro-enclave/enc_123456/application",
        "function": "treza-dev-validation",
        "execution": "deployment-enc_123456",
        "stateMachine": "deployment"
      }
    ],
    "stepfunctions": [
      {
        "timestamp": 1640995200000,
        "message": "Application started successfully",
        "source": "application",
        "stream": "ecs/treza-dev-terraform-runner/12345",
        "type": "stdout",
        "logGroup": "/aws/nitro-enclave/enc_123456/application",
        "function": "treza-dev-validation",
        "execution": "deployment-enc_123456",
        "stateMachine": "deployment"
      }
    ],
    "lambda": [
      {
        "timestamp": 1640995200000,
        "message": "Application started successfully",
        "source": "application",
        "stream": "ecs/treza-dev-terraform-runner/12345",
        "type": "stdout",
        "logGroup": "/aws/nitro-enclave/enc_123456/application",
        "function": "treza-dev-validation",
        "execution": "deployment-enc_123456",
        "stateMachine": "deployment"
      }
    ],
    "application": [
      {
        "timestamp": 1640995200000,
        "message": "Application started successfully",
        "source": "application",
        "stream": "ecs/treza-dev-terraform-runner/12345",
        "type": "stdout",
        "logGroup": "/aws/nitro-enclave/enc_123456/application",
        "function": "treza-dev-validation",
        "execution": "deployment-enc_123456",
        "stateMachine": "deployment"
      }
    ],
    "errors": [
      {
        "timestamp": 1640995200000,
        "message": "Application started successfully",
        "source": "application",
        "stream": "ecs/treza-dev-terraform-runner/12345",
        "type": "stdout",
        "logGroup": "/aws/nitro-enclave/enc_123456/application",
        "function": "treza-dev-validation",
        "execution": "deployment-enc_123456",
        "stateMachine": "deployment"
      }
    ]
  }
}

Get enclave attestation

get

/api/enclaves/{id}/attestation

Retrieve cryptographic attestation document and verification details for a deployed enclave

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

idstringRequired

Enclave ID

Example: enc_1234567890_abc123

Responses

200

Attestation document and verification details

application/json

enclaveIdstringRequired

Enclave identifier

Example: enc_1234567890_abc123

400

Attestation not available (enclave not deployed)

application/json

404

Enclave not found

application/json

500

Internal server error

application/json

get

/api/enclaves/{id}/attestation

GET /api/enclaves/{id}/attestation HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "enclaveId": "enc_1234567890_abc123",
  "attestationDocument": {
    "moduleId": "nitro-enclave-enc_1234567890_abc123",
    "digest": "sha384:abc123def456...",
    "timestamp": 1702642200000,
    "pcrs": {
      "0": "a1b2c3d4e5f67890abcdef1234567890abcdef1234567890abcdef",
      "1": "b2c3d4e5f67890abcdef1234567890abcdef1234567890abcdef12",
      "2": "c3d4e5f67890abcdef1234567890abcdef1234567890abcdef1234",
      "8": "d4e5f67890abcdef1234567890abcdef1234567890abcdef123456"
    },
    "certificate": "-----BEGIN CERTIFICATE-----\nMIIB...\n-----END CERTIFICATE-----",
    "cabundle": [
      "-----BEGIN CERTIFICATE-----\nMIIB...",
      "-----BEGIN CERTIFICATE-----\nMIIC..."
    ],
    "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBg...\n-----END PUBLIC KEY-----",
    "userData": "custom-user-data",
    "nonce": "a1b2c3d4e5f6"
  },
  "verification": {
    "isValid": true,
    "trustLevel": "HIGH",
    "verificationStatus": "VERIFIED",
    "integrityScore": 98.5,
    "lastVerified": "2024-12-15T10:30:00Z",
    "errors": []
  },
  "endpoints": {
    "verificationUrl": "https://app.trezalabs.com/api/enclaves/enc_123456/attestation/verify",
    "apiEndpoint": "https://app.trezalabs.com/api/enclaves/enc_123456/attestation",
    "webhookUrl": "https://app.trezalabs.com/api/enclaves/enc_123456/attestation/webhook"
  }
}

Get verification status

get

/api/enclaves/{id}/attestation/verify

Get quick verification status for an enclave

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

idstringRequired

Enclave ID

Example: enc_1234567890_abc123

Responses

200

Verification status

application/json

enclaveIdstringOptionalExample: enc_1234567890_abc123

isVerifiedbooleanOptionalExample: true

statusstringOptionalExample: DEPLOYED

lastVerifiedstring · date-timeOptionalExample: 2024-12-15T10:30:00Z

trustLevelstring · enumOptionalExample: HIGHPossible values:

404

Enclave not found

application/json

500

Internal server error

application/json

get

/api/enclaves/{id}/attestation/verify

GET /api/enclaves/{id}/attestation/verify HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "enclaveId": "enc_1234567890_abc123",
  "isVerified": true,
  "status": "DEPLOYED",
  "lastVerified": "2024-12-15T10:30:00Z",
  "trustLevel": "HIGH"
}

Verify attestation document

post

/api/enclaves/{id}/attestation/verify

Perform comprehensive verification of an attestation document

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

idstringRequired

Enclave ID

Example: enc_1234567890_abc123

Body

attestationDocumentstringOptional

Base64 encoded attestation document (optional)

noncestringOptional

Nonce for replay attack protection

Example: a1b2c3d4e5f6

challengestringOptional

Challenge string for additional verification

Example: verify_12345

Responses

200

Verification result

application/json

isValidbooleanRequired

Whether the attestation verification passed

Example: true

trustLevelstring · enumRequired

Overall trust level

Example: HIGHPossible values:

riskScoreinteger · max: 100Required

Risk score (lower is better)

Example: 5

recommendationsstring[]Required

Security recommendations and observations

Example:

["Enclave attestation is valid and secure","All PCR measurements match expected values","Certificate chain verification successful"]

verifiedAtstring · date-timeRequired

Timestamp when verification was performed

Example: 2024-12-15T10:30:00Z

400

Cannot verify (enclave not deployed)

application/json

404

Enclave not found

application/json

500

Internal server error

application/json

post

/api/enclaves/{id}/attestation/verify

POST /api/enclaves/{id}/attestation/verify HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 80

{
  "attestationDocument": "text",
  "nonce": "a1b2c3d4e5f6",
  "challenge": "verify_12345"
}

{
  "isValid": true,
  "trustLevel": "HIGH",
  "verificationDetails": {
    "pcrVerification": true,
    "certificateChain": true,
    "timestampValid": true,
    "nonceMatches": false,
    "signatureValid": true
  },
  "complianceChecks": {
    "soc2": false,
    "hipaa": false,
    "fips": true,
    "commonCriteria": true
  },
  "riskScore": 5,
  "recommendations": [
    "Enclave attestation is valid and secure",
    "All PCR measurements match expected values",
    "Certificate chain verification successful"
  ],
  "verifiedAt": "2024-12-15T10:30:00Z"
}

Search Docker Hub or get repository tags

get

/api/docker/search

Search Docker Hub for images or get tags for a specific repository

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

qstringOptional

Search query for Docker images

Example: hello-world

repostringOptional

Repository name to get tags for (e.g., 'library/node')

Example: library/node

Responses

200

Search results or repository tags

application/json

or

400

Missing required query parameter (q or repo)

application/json

500

Internal server error or Docker Hub API error

application/json

get

/api/docker/search

GET /api/docker/search HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "count": 150,
  "results": [
    {
      "name": "hello-world",
      "description": "Hello World! (an example of minimal Dockerization)",
      "stars": 1500,
      "official": true,
      "automated": false,
      "owner": "library"
    }
  ]
}

Get available providers

get

/api/providers

Retrieve all available enclave providers or a specific provider by ID

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

idstringOptional

Specific provider ID to retrieve

Example: aws-nitro

Responses

200

Provider(s) retrieved successfully

application/json

or

404

Provider not found (when requesting specific provider)

application/json

500

Internal server error

application/json

get

/api/providers

GET /api/providers HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "providers": [
    {
      "id": "aws-nitro",
      "name": "AWS Nitro Enclaves",
      "description": "Secure isolated compute environments using AWS Nitro technology",
      "regions": [
        "us-east-1",
        "us-west-2",
        "eu-west-1"
      ],
      "configSchema": {
        "dockerImage": {
          "type": "string",
          "label": "Docker Image",
          "required": true,
          "description": "Container image to deploy"
        },
        "cpuCount": {
          "type": "number",
          "label": "CPU Count",
          "defaultValue": 2,
          "validation": {
            "min": 1,
            "max": 8
          }
        }
      }
    }
  ]
}

Initiate GitHub OAuth flow

get

/api/github/auth

Get GitHub OAuth authorization URL

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

statestringOptional

Optional state parameter for OAuth flow

Responses

200

GitHub OAuth URL generated

application/json

authUrlstring · uriOptionalExample: https://github.com/login/oauth/authorize?client_id=...

statestringOptionalExample: abc123

500

GitHub client ID not configured

application/json

get

/api/github/auth

GET /api/github/auth HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "authUrl": "https://github.com/login/oauth/authorize?client_id=...",
  "state": "abc123"
}

Exchange OAuth code for access token

post

/api/github/auth

Exchange GitHub OAuth authorization code for access token

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

codestringRequired

OAuth authorization code from GitHub

Example: abcdef123456

statestringOptional

State parameter from OAuth flow

Example: abc123

Responses

200

Access token obtained successfully

application/json

access_tokenstringOptionalExample: gho_xxxxxxxxxxxxxxxxxxxx

400

Invalid authorization code or other OAuth error

application/json

500

GitHub OAuth not configured or internal error

application/json

post

/api/github/auth

POST /api/github/auth HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 40

{
  "code": "abcdef123456",
  "state": "abc123"
}

{
  "access_token": "gho_xxxxxxxxxxxxxxxxxxxx",
  "user": {
    "id": 12345,
    "login": "username",
    "name": "John Doe",
    "avatar_url": "https://avatars.githubusercontent.com/u/12345"
  }
}

GitHub OAuth callback

get

/api/github/callback

Handle GitHub OAuth callback and redirect to platform

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

codestringOptional

OAuth authorization code

statestringOptional

OAuth state parameter

errorstringOptional

OAuth error if any

Responses

302

Redirect to platform page with success or error parameters

get

/api/github/callback

GET /api/github/callback HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

302

Redirect to platform page with success or error parameters

No content

Get user repositories

get

/api/github/repositories

Fetch GitHub repositories for authenticated user

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

tokenstringRequired

GitHub access token

Example: gho_xxxxxxxxxxxxxxxxxxxx

Responses

200

List of repositories

application/json

400

Access token required

application/json

401

Invalid access token

application/json

500

Internal server error

application/json

get

/api/github/repositories

GET /api/github/repositories?token=gho_xxxxxxxxxxxxxxxxxxxx HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "repositories": [
    {
      "id": 123456,
      "name": "my-repo",
      "fullName": "username/my-repo",
      "description": "A sample repository",
      "private": false,
      "defaultBranch": "main",
      "language": "TypeScript",
      "updatedAt": "2024-01-15T00:00:00Z",
      "htmlUrl": "https://github.com/username/my-repo"
    }
  ]
}

Get repository branches

post

/api/github/repositories

Fetch branches for a specific repository

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

accessTokenstringRequiredExample: gho_xxxxxxxxxxxxxxxxxxxx

repositorystringRequiredExample: username/repo-name

Responses

200

List of branches

application/json

400

Missing required fields

application/json

401

Invalid access token

application/json

500

Internal server error

application/json

post

/api/github/repositories

POST /api/github/repositories HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 76

{
  "accessToken": "gho_xxxxxxxxxxxxxxxxxxxx",
  "repository": "username/repo-name"
}

{
  "branches": [
    {
      "name": "main",
      "commit": {
        "sha": "abc123def456",
        "url": "https://api.github.com/repos/username/repo/commits/abc123def456"
      }
    }
  ]
}

Get API keys

get

/api/api-keys

Retrieve all API keys for the authenticated user

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

walletstringRequired

Wallet address to filter API keys

Example: 0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB

Responses

200

List of API keys

application/json

400

Missing wallet address

application/json

500

Internal server error

application/json

get

/api/api-keys

GET /api/api-keys?wallet=0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "apiKeys": [
    {
      "id": "key_123456",
      "name": "Production API Key",
      "key": "api_key_example_12345",
      "keyHash": "sha256_hash_of_key",
      "permissions": [
        "enclaves:read",
        "tasks:read"
      ],
      "status": "active",
      "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB",
      "createdAt": "2024-01-15T00:00:00Z",
      "updatedAt": "2024-01-15T00:00:00Z",
      "lastUsed": "2024-01-15T12:30:00Z"
    }
  ]
}

Create API key

post

/api/api-keys

Create a new API key with specified permissions

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

namestringRequiredExample: Production API Key

walletAddressstringRequiredExample: 0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB

Responses

201

API key created successfully

application/json

400

Missing required fields or invalid permissions

application/json

500

Internal server error

application/json

post

/api/api-keys

POST /api/api-keys HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 135

{
  "name": "Production API Key",
  "permissions": [
    "enclaves:read",
    "tasks:read"
  ],
  "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB"
}

{
  "apiKey": {
    "id": "key_123456",
    "name": "Production API Key",
    "key": "api_key_example_12345",
    "keyHash": "sha256_hash_of_key",
    "permissions": [
      "enclaves:read",
      "tasks:read"
    ],
    "status": "active",
    "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB",
    "createdAt": "2024-01-15T00:00:00Z",
    "updatedAt": "2024-01-15T00:00:00Z",
    "lastUsed": "2024-01-15T12:30:00Z"
  }
}

Update API key

put

/api/api-keys

Update an existing API key

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

idstringRequiredExample: key_123456

namestringOptionalExample: Updated API Key Name

statusstring · enumOptionalExample: activePossible values:

walletAddressstringRequiredExample: 0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB

Responses

200

API key updated successfully

application/json

400

Missing required fields or invalid permissions

application/json

404

API key not found or access denied

application/json

500

Internal server error

application/json

put

/api/api-keys

PUT /api/api-keys HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 177

{
  "id": "key_123456",
  "name": "Updated API Key Name",
  "permissions": [
    "enclaves:read",
    "enclaves:write"
  ],
  "status": "active",
  "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB"
}

{
  "apiKey": {
    "id": "key_123456",
    "name": "Production API Key",
    "key": "api_key_example_12345",
    "keyHash": "sha256_hash_of_key",
    "permissions": [
      "enclaves:read",
      "tasks:read"
    ],
    "status": "active",
    "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB",
    "createdAt": "2024-01-15T00:00:00Z",
    "updatedAt": "2024-01-15T00:00:00Z",
    "lastUsed": "2024-01-15T12:30:00Z"
  }
}

Delete API key

delete

/api/api-keys

Delete an existing API key

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

idstringRequired

API key ID to delete

Example: key_123456

walletstringRequired

Wallet address for authorization

Example: 0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB

Responses

200

API key deleted successfully

application/json

messagestringOptionalExample: API key deleted successfully

400

Missing required parameters

application/json

404

API key not found or access denied

application/json

500

Internal server error

application/json

delete

/api/api-keys

DELETE /api/api-keys?id=key_123456&wallet=0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "message": "API key deleted successfully"
}

Submit ZK proof for KYC verification

post

/api/kyc/proof

Submit a zero-knowledge proof for KYC verification. The proof is validated, stored in DynamoDB, and optionally submitted to the blockchain for immutable verification.

Authentication: None required (open endpoint)

Rate Limiting: Recommended 10 requests/hour per IP

Security: Cryptographic proof validation prevents fake submissions

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

userIdstringRequired

User identifier

Example: user_abc123

Responses

201

Proof submitted successfully

application/json

400

Invalid request or proof verification failed

application/json

500

Internal server error

application/json

post

/api/kyc/proof

POST /api/kyc/proof HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 352

{
  "userId": "user_abc123",
  "proof": {
    "commitment": "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
    "proof": "0x1234567890abcdef...proof_data_here...987654321fedcba",
    "publicInputs": [
      "0x1234567890abcdef",
      "0xfedcba0987654321"
    ],
    "timestamp": "2024-12-15T10:30:00Z",
    "algorithm": "Pedersen-SHA256"
  },
  "deviceInfo": {
    "platform": "iOS",
    "version": "17.0"
  }
}

{
  "proofId": "550e8400-e29b-41d4-a716-446655440000",
  "blockchainProofId": "0x1234567890abcdef",
  "verificationUrl": "/api/kyc/proof/550e8400-e29b-41d4-a716-446655440000",
  "expiresAt": "2024-12-22T10:30:00Z",
  "chainTxHash": "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
}

Get proof details

get

/api/kyc/proof/{proofId}

Retrieve details for a specific KYC proof by ID. By default returns public data only.

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

proofIdstring · uuidRequired

Proof ID (UUID)

Example: 550e8400-e29b-41d4-a716-446655440000

Query parameters

includePrivatebooleanOptional

Include private proof data (requires authentication)

Default: falseExample: true

Responses

200

Proof details retrieved successfully

application/json

proofIdstring · uuidRequired

Unique proof identifier

Example: 550e8400-e29b-41d4-a716-446655440000

commitmentstringRequired

Commitment hash

Example: 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef

publicInputsstring[]Required

Public inputs

Example: ["0x1234567890abcdef","0xfedcba0987654321"]

algorithmstringRequired

Algorithm used

Example: Pedersen-SHA256

verifiedAtstring · date-timeRequired

Verification timestamp

Example: 2024-12-15T10:30:00Z

expiresAtstring · date-timeRequired

Expiration timestamp (7 days after verification)

Example: 2024-12-22T10:30:00Z

proofstringOptional

Proof signature (only included when includePrivate=true)

Example: 0x1234567890abcdef...proof_signature_here...

timestampstring · date-timeOptional

Original proof timestamp (only included when includePrivate=true)

Example: 2024-12-15T10:30:00Z

404

Proof not found

application/json

500

Internal server error

application/json

get

/api/kyc/proof/{proofId}

GET /api/kyc/proof/{proofId} HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "proofId": "550e8400-e29b-41d4-a716-446655440000",
  "commitment": "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
  "publicInputs": [
    "0x1234567890abcdef",
    "0xfedcba0987654321"
  ],
  "algorithm": "Pedersen-SHA256",
  "verifiedAt": "2024-12-15T10:30:00Z",
  "expiresAt": "2024-12-22T10:30:00Z",
  "proof": "0x1234567890abcdef...proof_signature_here...",
  "timestamp": "2024-12-15T10:30:00Z"
}

Verify a proof by ID

get

/api/kyc/proof/{proofId}/verify

Verify the validity of a KYC proof, checking expiration and blockchain status

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

proofIdstring · uuidRequired

Proof ID (UUID)

Example: 550e8400-e29b-41d4-a716-446655440000

Responses

200

Verification result

application/json

proofIdstring · uuidOptionalExample: 550e8400-e29b-41d4-a716-446655440000

isValidbooleanOptional

Whether the proof is valid and not expired

Example: true

publicInputsstring[]Optional

Public inputs used in the proof

Example: ["0x1234567890abcdef","0xfedcba0987654321"]

verifiedAtstring · date-timeOptional

Timestamp when proof was originally verified

Example: 2024-12-15T10:30:00Z

chainVerifiedbooleanOptional

Whether the proof was verified on blockchain

Example: true

expiresAtstring · date-timeOptional

Proof expiration timestamp

Example: 2024-12-22T10:30:00Z

404

Proof not found

application/json

410

Proof expired

application/json

500

Internal server error

application/json

get

/api/kyc/proof/{proofId}/verify

GET /api/kyc/proof/{proofId}/verify HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "proofId": "550e8400-e29b-41d4-a716-446655440000",
  "isValid": true,
  "publicInputs": [
    "0x1234567890abcdef",
    "0xfedcba0987654321"
  ],
  "verifiedAt": "2024-12-15T10:30:00Z",
  "chainVerified": true,
  "expiresAt": "2024-12-22T10:30:00Z"
}

Get tasks

get

/api/tasks

Retrieve tasks for the authenticated user, optionally filtered by enclave

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

walletstringRequired

Wallet address to filter tasks

Example: 0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB

enclavestringOptional

Optional enclave ID to filter tasks

Example: enc_123456

Responses

200

List of tasks

application/json

400

Missing wallet address

application/json

500

Internal server error

application/json

get

/api/tasks

GET /api/tasks?wallet=0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "tasks": [
    {
      "id": "task_123456",
      "name": "Daily Price Monitor",
      "description": "Monitor cryptocurrency prices and send alerts",
      "enclaveId": "enc_123456",
      "status": "pending",
      "schedule": "0 9 * * *",
      "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB",
      "createdAt": "2024-01-15T00:00:00Z",
      "updatedAt": "2024-01-15T00:00:00Z",
      "lastRun": "2024-01-15T09:00:00Z"
    }
  ]
}

Create task

post

/api/tasks

Create a new task within an enclave

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

namestringRequiredExample: Daily Price Monitor

descriptionstringRequiredExample: Monitor cryptocurrency prices and send alerts

enclaveIdstringRequiredExample: enc_123456

schedulestringRequired

Cron-style schedule expression

Example: 0 9 * * *

walletAddressstringRequiredExample: 0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB

Responses

201

Task created successfully

application/json

400

Missing required fields

application/json

500

Internal server error

application/json

post

/api/tasks

POST /api/tasks HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 201

{
  "name": "Daily Price Monitor",
  "description": "Monitor cryptocurrency prices and send alerts",
  "enclaveId": "enc_123456",
  "schedule": "0 9 * * *",
  "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB"
}

{
  "task": {
    "id": "task_123456",
    "name": "Daily Price Monitor",
    "description": "Monitor cryptocurrency prices and send alerts",
    "enclaveId": "enc_123456",
    "status": "pending",
    "schedule": "0 9 * * *",
    "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB",
    "createdAt": "2024-01-15T00:00:00Z",
    "updatedAt": "2024-01-15T00:00:00Z",
    "lastRun": "2024-01-15T09:00:00Z"
  }
}

Update task

put

/api/tasks

Update an existing task

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

idstringRequiredExample: task_123456

namestringOptionalExample: Updated Task Name

descriptionstringOptionalExample: Updated task description

schedulestringOptionalExample: 0 */6 * * *

statusstring · enumOptionalExample: runningPossible values:

walletAddressstringRequiredExample: 0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB

Responses

200

Task updated successfully

application/json

400

Missing required fields

application/json

404

Task not found or access denied

application/json

500

Internal server error

application/json

put

/api/tasks

PUT /api/tasks HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 193

{
  "id": "task_123456",
  "name": "Updated Task Name",
  "description": "Updated task description",
  "schedule": "0 */6 * * *",
  "status": "running",
  "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB"
}

{
  "task": {
    "id": "task_123456",
    "name": "Daily Price Monitor",
    "description": "Monitor cryptocurrency prices and send alerts",
    "enclaveId": "enc_123456",
    "status": "pending",
    "schedule": "0 9 * * *",
    "walletAddress": "0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB",
    "createdAt": "2024-01-15T00:00:00Z",
    "updatedAt": "2024-01-15T00:00:00Z",
    "lastRun": "2024-01-15T09:00:00Z"
  }
}

Delete task

delete

/api/tasks

Delete an existing task

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

idstringRequired

Task ID to delete

Example: task_123456

walletstringRequired

Wallet address for authorization

Example: 0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB

Responses

200

Task deleted successfully

application/json

messagestringOptionalExample: Task deleted successfully

400

Missing required parameters

application/json

404

Task not found or access denied

application/json

500

Internal server error

application/json

delete

/api/tasks

DELETE /api/tasks?id=task_123456&wallet=0x4B0897b0513fdc7C541B6d9D7E929C4e5364D2dB HTTP/1.1
Host: app.trezalabs.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "message": "Task deleted successfully"
}

hashtagGet user enclaves

hashtagCreate new enclave

hashtagUpdate enclave

hashtagDelete enclave

hashtagGet specific enclave

hashtagDelete specific enclave

hashtagManage enclave lifecycle

hashtagGet enclave logs

hashtagGet enclave attestation

hashtagGet verification status

hashtagVerify attestation document

hashtagSearch Docker Hub or get repository tags

hashtagGet available providers

hashtagInitiate GitHub OAuth flow

hashtagExchange OAuth code for access token

hashtagGitHub OAuth callback

hashtagGet user repositories

hashtagGet repository branches

hashtagGet API keys

hashtagCreate API key

hashtagUpdate API key

hashtagDelete API key

hashtagSubmit ZK proof for KYC verification

hashtagGet proof details

hashtagVerify a proof by ID

hashtagGet tasks

hashtagCreate task

hashtagUpdate task

hashtagDelete task

Get user enclaves

Create new enclave

Update enclave

Delete enclave

Get specific enclave

Delete specific enclave

Manage enclave lifecycle

Get enclave logs

Get enclave attestation

Get verification status

Verify attestation document

Search Docker Hub or get repository tags

Get available providers

Initiate GitHub OAuth flow

Exchange OAuth code for access token

GitHub OAuth callback

Get user repositories

Get repository branches

Get API keys

Create API key

Update API key

Delete API key

Submit ZK proof for KYC verification

Get proof details

Verify a proof by ID

Get tasks

Create task

Update task

Delete task