search
Inrupt WebsiteSupport Center

/verify Endpoint

ESS supports an authorization mechanism based on Access Requests and Grants.

ESS serializes the Access Requests and Grants as Verifiable Credentials (VCs) and provides a verification endpoint for these VCs.

hashtag
/verify Endpoint

The ESS Access Grant Service provides the following endpoint for Access Request/Grant VC verification:

https://vc.<ESS Domain>/verify

To verify an Access Request/Grant, clients can send the verification request to the endpoint:

Method

POST

Content-Type

application/json

Endpoint

https://vc.<ESS Domain>/verify

Payload

Verification request object. See Input: Access Request/Grant VC for details.

The /verify endpoint (also referred to as the Verifier on this page) implements the verify portion of the VC API specificationarrow-up-right.

circle-info

The VC API specificationarrow-up-right is in Draft status. Features based on draft specifications are subject to change.

hashtag
Verification Checks

The Verifier performs the following verification checks on the Access Request/Grant VCs:

  • Checks the authenticity of the VCs . Specifically, the Verifier performs Ed25519 signature suite 2020arrow-up-right verifications.

  • Checks that the VCs have not been revoked.

  • Checks that the VCs is active; specifically:

    • Checks that the VCs effective period has started (i.e., has a future issuance date).

    • Checks that the VCs have not expired (i.e., has a past expiration date).

In addition, the Verifier performs the following Solid checks on the Access Request/Grant VCs :

Field
Description

type

When validating a Solid access request, the VC’s type field must include "SolidAccessRequest". When validating a Solid access grant, the VC’s type field must include "SolidAccessGrant".

credentialSubject.id

The VC’s credentialSubject.id field must be a WebID.

proof.domain

The VC’s proof.domain field must be set to solid.

hashtag
Input: Access Request/Grant VC

The Verifier endpoint ( /verify ) accepts a document of the form:

  • verifiableCredential accepts a VC JSON-LD document.

For details, see: VC Verifier API (OpenAPI specification)arrow-up-right

hashtag
Output: Verification Results

The Verifier returns a JSON object:

  • checks lists the checks performed during verification.

    {% hint style="info" %} Note The expirationDate check only occurs if an expiration date is present in the VC. {% endhint %}

  • errors lists any errors that occurred during verification.

  • warnings lists any warnings that occurred during verification.

hashtag
Example

The following is a sample Access Request VC:

To verify the VC, post the following payload, where the "verifiableCredential" field is set to the VC to be verified, to the Verifier endpoint ( /verify ):

Upon successful verification, the endpoint returns the following:

circle-info

Note Since the expirationDate is not present in the input VC, the expirationDate check did not occur, and thus is omitted from the output.

Previous/issue EndpointNext/status Endpoint

Last updated