# Download attestation by digest(gitoidSha256 or payload digest)

Endpoint: GET /gateway/ssca-manager/v2/orgs/{org}/projects/{project}/attestations/download/{digest}
Version: 1.0
Security: x-api-key

## Path parameters:

  - `org` (string, required)
    Harness organization ID

  - `project` (string, required)
    Harness project ID

  - `digest` (string, required)
    Attestation digest (gitoidSha256 or payload digest)

## Header parameters:

  - `Harness-Account` (string, required)
    Identifier field of the account the resource is scoped to. This is required for Authorization methods other than the x-api-key header. If you are using the x-api-key header, this can be skipped.

## Response 200 fields (application/json):

  - `payloadType` (string, required)
    MIME type of the payload
    Example: "application/vnd.in-toto+json"

  - `payload` (string, required)
    base64-encoded JSON payload (in-toto Statement)
    Example: "eyJfdHlwZSI6ICJod..."

  - `signatures` (array)

  - `signatures.keyid` (string)
    Identifier of the signing key
    Example: "harness-ci-signer"

  - `signatures.sig` (string)
    Base64-encoded signature
    Example: "MEUCIQ..."

  - `metadata` (object)
    optional metadata such as source / ingestedBy / timestamp


## Response 401 fields

## Response 404 fields

## Response 500 fields