Skip to content

Requesting Verifiable Presentations

The credential verification process involves the customer application, Partisia's credential verification service, and the holder's wallet, each with a specific role in enabling credential verification.

The credential verification service handles the specifics of verifying a credential presentation. Your application remain responsible for managing the process of requesting a verifiable presentation from the holder, and forwarding it to the credential verification service.

This section describes the communication flows and configuration requirements for initiating the verifiable presentation submission as well as the reception of the verification results from the credential verification service.

verification diagram

1. Start interaction

The process begins when the holder interacts with your application, usually by opening a website or a mobile app. The application recognizes the holder's input and responds, initiating the engagement.

2. Application starts verification

Your application initiates the presentation process by sending an API POST request to the credential verification service. To create a new request you must provide the ID of a presentation definition as an input. If no presentation definition is specified, the credential verification service will return a Bad Request response.

This initial request signals the credential verification service to prepare for the interaction but does not include any personal information about the holder. For example:

Example

curl -X 'POST' \
    'URL_to_your_credential_verification_service/presentation/oid4vp/new-request' \
    -H 'accept: application/json' \

Once the credential verification service receives the POST request, it creates a new verification request. The returned request_id is later used by the wallet to interact with the correct verification request.

3. Credential verification service returns verification session info

Once the presentation session is set up, the credential verification service responds to the initial POST request with a Request URI. This response from the credential verification service also includes the request ID. For example:

{
    "request_id": "029f3095d16a55ea59ef2ae18e9d2233d6be825838",
    "request_uri": "http://localhost:8081/presentation/oid4vp/authorization-request/029f3095d16a55ea59ef2ae18e9d2233d6be825838"
}

4. Application forwards request URI to wallet

After receiving a response from the credential verification service, your application must forward the request URI to the holder's wallet. This can be achieved through various methods, such as generating a QR code for the user to scan with their wallet, or sending the URI via email or another communication channel.

The customer application is responsible for ensuring the URI is shared in a format supported by the wallet. Misalignment here—such as using a communication method the wallet does not recognize—can disrupt the presentation flow.

5. Verification Black Box

The following steps are carried out by Partisia's credential verification service, which carry out the rest of the OID4VP protocol. If you have configured your application correctly, the results will be pushed to the correct endpoint in your application (see next point).

In short, the credential verification service receives the verifiable presentation from the holder's wallet and verifies the wallet's signature of the presentation and the issuer's signature of the credential. See a detailed explanation of the verification flow here.

6. Credential verification service pushes results to application

Once the presentation is validated, the credential verification service sends the verification result and verified claims to the application via a POST request to a pre-configured endpoint.

The customer application must ensure its application endpoint is correctly configured and that the credential verification service is configured to send the data to that endpoint. If the endpoint is missing or misconfigured, the result cannot be delivered. Upon receiving the data, the customer application can process the information as needed.

Here's an example a POST request sent by the credential verification service:

curl -X 'POST' \
  'http://localhost:8090/presentation/verification-result' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer 5I90CwXlZoolopOSplVBOoV63qXSTEo4piJKJ0iizFau79HU6viEvzgGReWycN8V' \
  -d '{
  "request_id": "02d623f4d4bab3bdb01eb36b5222a65125db9458af",
  "verificationResult": true,
  "claims": [
    {
      "id": "studentId",
      "name": "Student ID",
      "value": 200014762
    }
  ]
}'