Verification is a crucial step in the process of handling Verifiable Credentials. To ensure a credential is valid, the following checks are performed:

  • Credential Structure: The credential should not be malformed. It must adhere to the correct structure as defined by the credential type .

  • Signature Validation: The credential’s signature must be valid and match the identity of the issuer. This ensures that the credential was indeed issued by the claimed issuer and hasn’t been tampered with.

  • Attribute Check: No additional attributes should have been added to the credential beyond what’s defined in its schema. This prevents unauthorized modifications to the credential.

  • Expiration Check: The credential should not have expired. Credentials often have a validity period after which they are no longer considered valid.

  • Revocation Check: The credential should not have been revoked by the issuer. Even if a credential is valid and hasn’t expired, it may have been revoked by the issuer for various reasons.

By performing these checks, we can ensure the authenticity and validity of a Verifiable Credential. Verifying a credential can happen either via the Crossmint API or SDK.

API

To verify a credential on the server-side use the Crossmint API and the following endpoint, passing the retrieved unencrypted credential JSON.

const options = {
    method: "POST",
    headers: {
        "X-API-KEY": "YOUR_API_KEY",
        "Content-Type": "application/json",
    },
    body: `{"credential": ${JSON.stringify(credential.unencryptedCredential)}}`,
};

fetch("https://staging.crossmint.com/api/v1-alpha1/credentials/verification/verify", options)
    .then((response) => response.json())
    .then((response) => console.log(JSON.stringify(response)))
    .catch((err) => console.error(err));
Verifying a credential via the API will require a Crossmint developer account.

SDK

With the Verifiable Credentials client-side SDK, the verification process is performed locally, eliminating the need for interaction with Crossmint. Consequently, there is no need for a Crossmint developer account to verify the credential.

Install the @crossmint/client-sdk-verifiable-credentials npm package and call the verifyCredential function passing a VerifiableCredential object, as shown below.

import * as sdk from '@crossmint/client-sdk-verifiable-credentials';

sdk.CrossmintAPI.init('YOUR_API_KEY');

const decryptedCredential = <CredentialObject>;

const verificationResult = await sdk.verifyCredential(decryptedCredential);

console.log('Verification result:', verificationResult);

Verifying the status of the NFT related to the credential requires connection to the internet in order to access blockchain state.

For details on the SDK functionality, review our SDK reference documentation.

Independent Verification

Since Crossmint’s Verifiable Credentials are based on the W3C standard, you can use any library that supports this standard to verify a credential.

The W3C Verifiable Credentials standard ensures interoperability across different platforms and systems, enhancing the reliability and security of the credential verification process.

Crossmint verification is stricter and performs additional checks that are not part of the W3C standard. For example, that no additional fields have been added to the credential.

API Reference

Test any API in seconds directly from the docs.

Talk to an expert

Contact our sales team for support.