Links

Verify Credential

Verify a Credential using Credential Service
Once you have issued your credential and have a JWT as part of the credential proof, you can use the /credential/verify API to check that the JWT has not been tampered.

Step 1: Obtain Credential to Verify

To verify a Credential, you can either pass the full Credential body or the JWT proof. These can be either obtained from a Credential that has been issued or from a Verifiable Presentation presented to the user.

Step 2: Configure Verification Parameters

The user is able to set verification parameters to filter whether they want to verify certain aspects of a Credential, including:
verifyStatus
  • true (indicates that the user wants to verify the Credential Status, requiring a credentialStatus property to be present in the Credential)
  • false (Default. Indicates that the user does not want to verify the Credential Status.
fetchRemoteContexts
When dealing with JSON-LD type Verifiable Credentials you also MUST provide the proper contexts within a Credential body. Set this to true ONLY if you want the @context URLs to be fetched in case they are a custom context.
  • true
  • false (default)

Step 3: Pass the Credential to the API

Simply paste the JWT or the full credential body into the request field of the /credential/verify API, and the API will give you a response including the following verification policies:
  1. 1.
    Whether the Credential has been tampered
  2. 2.
    Whether the Credential has a valid issuance date
  3. 3.
    Whether the Credential has expired
  4. 4.
    Whether the Credential Status is valid
post
/credential/verify
Verify a Verifiable Credential.

This endpoint verifies a Verifiable Credential passed to it. As input, it can take the VC-JWT as a string or the entire credential itself.

Parameters
Query
verifyStatus
boolean
If set to `true` the verification will also check the status of the credential. Requires the VC to have a `credentialStatus` property.
fetchRemoteContexts
boolean
When dealing with JSON-LD you also MUST provide the proper contexts. Set this to `true` ONLY if you want the `@context` URLs to be fetched in case they are a custom context.
allowDeactivatedDid
boolean
If set to `true` allow to verify credential which based on deactivated DID.
Body
Example
Schema
{
"credential": {},
"policies": {
"issuanceDate": true,
"expirationDate": true,
"audience": false
}
}
application/x-www-form-urlencoded
Responses
200: OK
The request was successful.
400: Bad Request
A problem with the input fields has occurred. Additional state information plus metadata may be available in the response body.
401: Unauthorized
Access token is missing or invalid
500: Internal Server Error
An internal error has occurred. Additional state information plus metadata may be available in the response body.