CWT credentials

Verify a CWT credential

Verify a CWT credential by providing the encoded payload and specifying verification options.

You can provide a valid CWT credential as either an encoded string or a QR code in a PDF document or an image file.

Standard checks performed on all verification requests:

Conformance of the string and encoded data. All string representations of CWT credentials must be prefixed with CSC/1.
Decoded payload structure is a valid CWT credential.
Issuer DID can be used to resolve its did.json document.
Public key from issuer's did.json document validates the proof signature, confirming the credential has not been tampered with.

Optional parameter checks:

Credential was issued by a trusted issuer.
Current time is after the beginning of the credential validity period.
Current time is not after the end of the credential validity period.
Credential has not been revoked.

Analytic events

CREDENTIAL_COMPACT_VERIFY_START
CREDENTIAL_COMPACT_VERIFY_SUCCESS
CREDENTIAL_COMPACT_VERIFY_FAIL

SecuritybearerAuth

Request

Request Body schema:
application/json
required

payload required	string The CWT credential to verify, represented as an encoded string.
trustedIssuers	Array of strings When you include issuers' DIDs in this array, credentials will only be verified if their `iss` value matches one of these DIDs. You can include multiple trusted issuers, separated by commas.
assertValidFrom	boolean Default: true MATTR VII validates the credential's `nbf` (not before) field by default, so that credentials that have a future `nbf` date will not be verified. When this field is set to `false`, credentials can be verified even when their `nbf` date is in the future.
assertValidUntil	boolean Default: true MATTR VII validates the credential's `exp` (expiry) field by default, so that expired credentials will not be verified. When this field is set to `false`, credentials can be verified even when their `exp` date has passed.
checkRevocation	boolean Default: true MATTR VII checks the credential revocation status by default, so that revoked credentials will not be verified. When this field is set to `false`, credentials can be verified even when they had been revoked.

Responses

200

Verification completed

400

Bad Request

413

Payload Too Large

415

Unsupported Media Type

post/v2/credentials/compact/verify

Request samples

{"payload": "CSC:/1/2KCE3IQEJB5DCMSLN5KWKZABE2QFQRVDAF4CIZDJMQ5HOZLCHIYDGOJUFUYTENJNGIZTOLJVGIWTCMJQFZXGO4TPNMXGS33ENZQW2ZLEJJXWQ3QH3BAFB3LISHKGQ2KBJ6Q35NXZFD6LGZ2YIAYHZAKCF7NKTIUZUTZQ3PWDBALAWVRG5XL2H4P4WFK25X3Y5X5RTN7NOZUST67KLCEFS3EPXQU5KM7VUGOPXJLQ6K5U676PMQNWRZCZ",
"trustedIssuers": ["did:web:organization.com"
],
"assertValidFrom": true,
"assertValidUntil": true,
"checkRevocation": true
}

Response samples

application/json

{"verified": true,
"decoded": {"iss": "did:web:organization.com",
"nbf": 1645743759,
"exp": 1646743759,
"iat": 1645743759,
"jti": "6tVMmKodQNaLywW6NGA2aA",
"type": "CredentialType",
"property1": "...",
"property2": "..."
},
"error": {"type": "string",
"message": "string",
"details": { }
}
}

➔ Next to Semantic CWT credentials

CWT credentials

Verify a CWT credential

Analytic events

Request Body schema: application/jsonmultipart/form-dataapplication/jsonrequired

Request Body schema:
application/json
required