Direct verification

Direct verification assumes you already have an out-of-band way of getting the credential from the holder, and you only need to verify it.

Compact Credentials

You can provide Compact or Compact Semantic Credentials for verification in one of two formats:

  • Signed credential encoded as a string. This will be the encoded element of the credential issuance response.
  • Signed credential encoded as a QR code and represented as a PDF document or an image file with the following limitations:
    • File size must be 1MB or under. Larger files are rejected with a 413 error.
    • Only the first page of PDF documents is processed.
    • Image files must contain a QR code of sufficient quality and resolution. This depends on many factors such as the size of the QR relative to the image, and whether the image was processed in any way.
    • For optimal performance, ensure that only a single QR code is present on the file.

The following standard checks are performed on all Compact or Compact Semantic Credentials verification requests:

  • Conformance of the string and encoded data.
  • All string representations of Compact Credentials must be prefixed with CSC/1.
  • All string representations of Compact Semantic Credentials must be prefixed with CSS/1.
  • Decoded payload structure is a valid Compact or Compact Semantic Credential.
  • Issuer DID can be used to resolve its DID document.
  • Public key from issuer's DID document validates the proof signature, confirming the credential has not been tampered with.

The following checks are optional and are defined as part of the verification request:

  • Credential was issued by a trusted issuer.
  • Current time is after the beginning of the credential validity period.
  • Current time is not after the end of the credential validity period.
  • Credential has not been revoked.

Additional resources

Guides

API Reference