Direct verification of Web Credentials

This guide will step through how to make a direct API call to verify a signed Web Credential. This request will trigger a set of standard checks to confirm the credential validity:

Standard checks performed on all verification requests:

• Issuer DID can be used to resolve its did.json document.

• Public key from issuer's did.json document validates the proof signature, confirming the credential has not been tampered with.

• JSON-LD context is valid for credential claims.

Optional parameter checks:

• The credential has not been revoked.

• The credential has not expired.

These checks apply to any credential provided, so the Issuer DID check and the revocation status check are not dependent on any setup in your tenant (unless the credential you are verifying is from your tenant).

Prerequisites

• Access to MATTR VII APIs. If you’re experiencing any difficulties, contact us.

• A signed Web Credential.

Request

Make a request of the following structure to verify a Web Credential:

1POST https://YOUR_TENANT_URL/v2/credentials/web-semantic/verify

1{
2    "payload": {
3        "type": [
4            "VerifiableCredential",
5            "EducationalOccupationalCredential",
6            "AlumniCredential"
7            ],
8//... rest of Web Credential
9}

• payload: Replace with the contents of the credential object from the response obtained when creating a Web Credential. Make sure you only include the contents of the credential object and not the entire response.

• assertExpiry: When set to true and the credential has a set expiry date, verification will fail if the expiry date has passed.

• checkRevocation: When set to true and the provided credential contains a revocation status list, verification will fail if the credential has been revoked.

Response

1{
2  "verified": true
3}

• verified: Indicates whether the verification status is true or false.

For responses that show the verified status to be false, a further error body is returned with more details about the error in a reason element:  

• The credential has been revoked.

• The Issuer DID cannot be resolved.

• The issuer public key is invalid.

• The credential JSON-LD context is invalid.

• The credential signature is invalid. Refer to Tamper proofing for more information.