API and Dashboard
Verify Credentials

Verify credentials

Just like it says on the tin, verifiable credentials are verifiable by design. They contain all the proof needed to enable the owner to answer verification requests directly, without third parties.

Once issued the holder of a credential can accept incoming proof requests to present information to a verifying party. In the same way that you would show a loyalty card to prove you are part of a loyalty program in the physical world, verifiable credentials can be used to prove information in a digital interaction.

This guide contains everything you need to know about verifying credentials with Paradym. It will show you how to to:

  1. Create a presentation template
  2. Use a presentation template to verify a credential
  3. View your ongoing verifications and their status

Let's get started! 🚀

Create a presentation template

To use Paradym to verify information from a holder you'll first need to create a presentation template. A presentation template defines what attributes and/or information the holder should present as proof. Once created, a template can be used to request as many presentations as you want.

When creating your presentation template you are basically making the blueprint for a presentation request that can be re-used. The main thing you need to know before creating a template are:

  • The credential format and type of the credential(s) you want to request
  • The allowed issuer(s)
  • The specific attributes you want to request
  • [Optional] Any requirements the specific attributes need to match

Note that it is currently not possible to combine multiple credential formats in a single presentation template. In the future this will be possible, but for now you have to decide which credential format to request, and this will also influence the exchange protocol to use for the request. Based on the format that is going to be used for issuance of the credential, you need to use the same format for verification of the credential:

We recommend to always set the allowed issuers on a presentation template, as EVERYONE can issue a credential based on a certain credential type. It is the issuer of the credential that determines whether you trust or accept it. If you don't configure the issuers on a presentation template, YOU MUST verify the issuer property of a submitted credential afterwards and ensure you trust the issuer of that credential. If you're verifying a credential from your own project, you can see what issuer method the credential template uses on the template (in the API or in the Dashboard), and then in the Settings -> Profile tab, or using the DID API (opens in a new tab) you can find the DID associated with the template.

If you're verifying a credential issued by one or more issuer(s) that is not yourself, you need to get hold of the following information to be able to verify credentials issued by them:

  • The credential format. Paradym supports anoncreds or sd-jwt-vc
  • The issuer value(s). Paradym supports did:cheqd:testnet, did:cheqd:mainnet and did:web DIDs.
  • The attributes of the credential. For Anoncreds you can request string and number values. For sd-jwt-vc you can also request date and boolean values.

Creating your first presentation template is easiest to do within the dashboard, especially if you want to create a presentation request using a credential template you've created. It guides you through configuring the elements of the presentation request. After you've created the presentation template in the dashboard you can retrieve it from the API (Retrieve Presentation Template (opens in a new tab)) and use that for creating a similar presentation template in the future. That said, it might be beneficial to create a presentation template using the API directly.

The easiest way to get started with the API is using the interactive API Reference (opens in a new tab). If you would like to follow along using a custom API client, make sure follow the Quickstart guide. You can read more on interacting with the API.

To create a presentation template in the API we will make a POST request to https://api.paradym.id/v1/projects/{projectId}/templates/presentations. For detailed information on the endpoint, refer to the create presentation template (opens in a new tab) page in the API reference.

SD JWT VC

For credentials with sd-jwt-vc format, we need to provide a type value. You can copy this from your credential template, or someone else can share this with you. Make sure to change the attributes based on your credential template.

{
  "name": "Verify membership status",
  "description": "This information is requested to verify if you are still and active member",
  "credentials": [
    {
      "description": "These attributes are requested to verify your paradym membership",
      "name": "Request for Paradym MemberCard",
      "format": "sd-jwt-vc",
      "type": "https://metadata.paradym.id/types/28dc88-MemberCard",
      "issuers": [
        "did:web:metadata.paradym.id:a04629bd-9be6-4892-8fd9-34fd7f250182"
      ],
      "attributes": {
        "first_name": {
          "type": "string",
          "value": "myValue"
        },
        "loyalty_points": {
          "type": "number"
        },
        "active": {
          "type": "boolean",
          "value": true
        }
      }
    }
  ]
}

Anoncreds

Requesting an Anoncreds credential in a presentation template is very similar to an SD-JWT VC, however there are some differences:

  • Anoncreds credentials only support string and number types. For boolean types you can use number with values 1 and 0. For date types you can use number and encode the date as yyyymmdd. This allows you to do range predicate checks, e.g. requesting that date_of_birth is less than 20001012 (before 12 october 2000).
  • You need to provide a schema instead of a type to indicate which credential type should be requested.
{
  "name": "Verify membership status",
  "description": "This information is requested to verify if you are still and active member",
  "credentials": [
    {
      "description": "These attributes are requested to verify your paradym membership",
      "name": "Request for Paradym MemberCard",
      "format": "anoncreds",
      "schema": "did:cheqd:testnet:fb8a3467-a72d-41d7-bde0-50c85febbef4/resources/efd5749c-fff5-4dfc-9e30-d75ec92f15da",
      "issuers": [
        "did:cheqd:testnet:fb8a3467-a72d-41d7-bde0-50c85febbef4"
      ],
      "attributes": {
        "first_name": {
          "type": "string"
        },
        "loyalty_points": {
          "type": "number",
          "minimum": 500
        },
        "active": {
          "type": "number",
          "value": 1
        }
      }
    }
  ]
}

The return value will be approximately the same as the payload you provided, with a few extra fields (such as id, createdAt, and updatedAt) added.

Use a presentation template to verify a credential

The Paradym API currently supports issuing and verifying SD-JWT credentials over OpenID4VC, or Anoncreds credentials over DIDComm. Read more about the different standards and protocols.

Based on the credential format you selected in the presentation template, you should either request a presentation over DIDComm or OpenID4VC:

To verify an sd-jwt-vc credential using OpenID4VCI based on the created template, we will make a POST request to https://api.paradym.id/v1/projects/{projectId}/openid4vc/verification/request. For detailed information on the endpoint, refer to create OpenID4VC verification request (opens in a new tab) in the API reference.

In the payload below we create a verification request, based on the presentation template we created earlier. Make sure to update the presentationTemplateId to the ID of the presentation template.

{
  "presentationTemplateId": "clu129ps200043eghxvhz22m1"
}

The payload that is returned will look as follows:

{
  "id": "clu6p64z80001c7xudvp2uvts",
  "authorizationRequestUri": "https://paradym.id/invitation?request_uri=https%3A%2F%2Fparadym.id%2Foid4vp%2Fa744eefb-f7e6-444d-8a38-24c0136e893e%2Fauthorization-requests%2F215d6f1a-14fd-47bc-86c8-2b707124718d",
  "status": "requested",
  "presentationTemplateId": "clu129ps200043eghxvhz22m1",
  "credentials": [],
  "createdAt": "2023-01-03T00:00:00.000Z",
  "updatedAt": "2023-01-03T00:00:00.000Z",
  "error": null
}

View your verification requests

You can retrieve your created OpenID4VC verification request by making a GET request to https://api.paradym.id/v1/projects/{projectId}/openid4vc/verification/{openId4VcVerificationId} using the id value from the result to the create verification request endpoint. For detailed information on the endpoint, refer to retrieve OpenID4VC verification session (opens in a new tab) in the API reference.

That's it! 🚀

That concludes this guide. You now know how to:

  1. Create a presentation template
  2. Use a presentation template to verify a credential
  3. View your ongoing verifications and their status

If you have any suggestions, remarks or questions, join the Paradym Community (opens in a new tab) and let us know. Happy building!

Issue CredentialsAdd projects and members