In-person verification

In-person verification is available for the following credential formats:

CWT credentials

mDocs

mDocs can be verified in-person using proximity based technologies such as Bluetooth Low Energy (BLE), and support offline verification, as defined in ISO/IEC 18013-5. Refer to mDocs proximity verification workflow for more information.

The following standard checks are performed on all mDocs verification requests:

Issuer IACA is valid.
Digital signature is valid.
Credential structure complies with ISO/IEC 18013-5.

The following checks are optional and defined as part of the verification request:

Current time is after the beginning of the credential validity period.
Current time is not after the end of the credential validity period.
Credential has not been revoked.

Additional resources

SDK Docs

React Native mDocs verifier SDK Docs iOS mDocs verifier SDK Docs Android mDocs verifier SDK Docs

CWT credentials

CWT and Semantic CWT credentials are verified via Direct verification. The holder physically presents the credential to a verifying device, which makes a direct API request to a MATTR VII endpoint with the credential enclosed in the request body. The endpoint then verifies the presented presented CWT or Semantic CWT credential and returns the verification result in the response.

CWT and Semantic CWT credentials can be provided for verification in one of two formats:

Signed credential encoded as a string. This will be the encoded element of the credential issuance response.
Signed credential encoded as a QR code and represented as a PDF document or an image file with the following limitations:
- File size must be 1MB or under. Larger files are rejected with a 413 error.
- Only the first page of PDF documents is processed.
- Image files must contain a QR code of sufficient quality and resolution. This depends on many factors such as the size of the QR relative to the image, and whether the image was processed in any way.
- For optimal performance, ensure that only a single QR code is present on the file.

The following standard checks are performed on all CWT or Semantic CWT credentials verification requests:

Conformance of the string and encoded data.
All string representations of CWT credentials must be prefixed with CSC/1.
All string representations of Semantic CWT credentials must be prefixed with CSS/1.
Decoded payload structure is a valid CWT or Semantic CWT credential.
Issuer DID can be used to resolve its DID document.
Public key from issuer’s DID document validates the proof signature, confirming the credential has not been tampered with.

The following checks are optional and are defined as part of the verification request:

Credential was issued by a trusted issuer.
Current time is after the beginning of the credential validity period.
Current time is not after the end of the credential validity period.
Credential has not been revoked.

Additional resources

Guides

Verify a CWT credential (Direct)

API Reference

Verify a CWT credential (Direct)Verify a Semantic CWT credential (Direct)

Credential verification Online