Semantic CWT credentials

Verify a Semantic CWT credential

Verify a Semantic CWT credential by providing the encoded payload and specifying verification options.

You can provide a valid Semantic CWT credential as either an encoded string or a QR code in a PDF document or an image file.

Standard checks performed on all verification requests:

  • Conformance of the string and encoded data. All string representations of CWT credentials must be prefixed with CSC/1.
  • Decoded payload CWT structure and attributes can be validated.
  • Remote context schema can be resolved and validate claims can be dereferenced.
  • Issuer DID can be used to resolve its did.json document.
  • Public key from issuer's did.json document validates the proof signature, confirming the credential has not been tampered with.

Optional parameter checks:

  • Credential was issued by a trusted issuer.
  • Current time is after the beginning of the credential validity period.
  • Current time is not after the end of the credential validity period.
  • Credential has not been revoked.

Analytic events

  • CREDENTIAL_COMPACT_SEMANTIC_VERIFY_START
  • CREDENTIAL_COMPACT_SEMANTIC_VERIFY_SUCCESS
  • CREDENTIAL_COMPACT_SEMANTIC_VERIFY_FAIL
SecuritybearerAuth
Request
Request Body schema:
required
payload
required
string

The Semantic CWT credential to verify, represented as an encoded string.

trustedIssuers
Array of strings

When you include issuers' DIDs in this array, credentials will only be verified if their iss value matches one of these DIDs. You can include multiple trusted issuers, separated by commas.

assertValidFrom
boolean
Default: true

MATTR VII validates the credential's nbf (not before) field by default, so that credentials that have a future nbf date will not be verified. When this field is set to false, credentials can be verified even when their nbf date is in the future.

assertValidUntil
boolean
Default: true

MATTR VII validates the credential's exp (expiry) field by default, so that expired credentials will not be verified. When this field is set to false, credentials can be verified even when their exp date has passed.

checkRevocation
boolean
Default: true

MATTR VII checks the credential revocation status by default, so that revoked credentials will not be verified. When this field is set to false, credentials can be verified even when they had been revoked.

Responses
200

Verification completed

400

Bad Request

413

Payload Too Large

415

Unsupported Media Type

post/v2/credentials/compact-semantic/verify
Request samples
{
  • "payload": "CSS:/1/2KCE3IQEJB5DCMSLN5KWKZABE2QFRMFEAF4CIZDJMQ5HOZLCHIYDGOJUFUYTENJNGIZTOLJVGIWTCMJQFZXGO4TPNMXGS33COZR2G2CAMNXW45DFPB2IC6BGNB2HI4DTHIXS653XO4XHOMZON5ZGOLZSGAYTQL3DOJSWIZLOORUWC3DTF53DCZDUPFYGLALUKZSXE2LGNFQWE3DFINZGKZDFNZ2GSYLMOFRXEZLEMVXHI2LBNRJXKYTKMVRXJILENZQW2ZLEJJXWQ3QH3BAFAW2MIRFQDICFCSNL5EIX4IISCEIFDJRFHCRRLBALWFYDLUVEKXHERNWHUDGJI3DDNNXSFWIRHUASBHGB2I7UHGPZMJEB3SMOFMBL3PABL5HUFSQLLGNE7YRKSAM3OAQN7F4LG365HL67BU",
  • "trustedIssuers": [
    ],
  • "assertValidFrom": true,
  • "assertValidUntil": true,
  • "checkRevocation": true
}
Response samples
application/json
{
  • "verified": false,
  • "reason": [
    ],
  • "decoded": {}
}