Receiving Verified Data

This article explains how to configure your credential verification service installation and your application to ensure that the verification results are accessible in your application.

Requirements

Before configuring you application to receive the credential verification service outputs you must:

Install the credential verification service
Create a presentation definition

This should suffice for your credential verification service to request custom verifiable presentations from wallets. The credential verification service will carry out the OID4VP verification protocol and output the result of the verification.

Receiving the credential verification service output

To integrate the credential verification service output into your application you must:

Set up your application to expose an endpoint capable of handling POST requests. The credential verification service will push the verification results and associated claims to this endpoint.
You must modify the destinationUrl field in your credential verification service's server.json configuration file to include your application's endpoint.
If necessary, specify the authentication method within the auth field. Currently, only API-KEYS are supported.

Example configuration file:

server.json (truncated)

{
  "port": 8081,
  "baseUrl": "http://docker:8081",
  "registryConfig": {
    "..."
  },
  "stateConfig": {
    "..."
  },
  "claimsConfig": {
    "destinationUrl": "https://example-application.com/verified-claims",
    "auth": {
      "mode": "API-KEY",
      "apiKey": "123"
    }
  }
}

Here is an explanation of the first-level fields in the claimsConfig field:

claimsConfig Configures where the verified claims should be pushed and the authentication method used (if any)
- destinationUrl The url where the verified claims are pushed to - this is the endpoint you must configure in your application
- auth Required if authentication is required for destinationUrl
  - mode Configure which authentication method should be used. Only API-KEYS are currently supported
  - apiKey If mode is set to API-KEY, this field is required and must be a valid API-KEY for the endpoint

Here's an example a POST request sent by the credential verification service:

curl -X 'POST' \
  'http://localhost:8090/presentation/verification-result' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer 5I90CwXlZoolopOSplVBOoV63qXSTEo4piJKJ0iizFau79HU6viEvzgGReWycN8V' \
  -d '{
  "request_id": "02d623f4d4bab3bdb01eb36b5222a65125db9458af",
  "verificationResult": true,
  "claims": [
    {
      "id": "studentId",
      "name": "Student ID",
      "value": 200014762
    }
  ]
}'

Updating your configuration

After updating your server.json file you must update your credential verification service installation to use the updated configuration. To do this, stop any docker container using your specified port and run the following command:

docker run -d -p 8000:8081 -v PATH_TO_YOUR_SERVER.JSON:/conf/server.json registry.gitlab.com/secata/platform/did/did-verifier-backend:latest

Navigate to http://localhost:8000/openapi to start interacting with the credential verification service.

You can interact with the credential verification service by calling the different endpoints through the user interface. As an example you can start a new presentation by calling the presentation/oid4vp/new-requestendpoint.

Now your credential verification service is configured to push any results to your application. Whenever a valid presentation is posted to the credential verification service you should get the results posted to your specified endpoint.