# /verify Endpoint ESS supports an [authorization mechanism based on Access Requests and Grants](https://docs.inrupt.com/security/authorization/access-requests-grants). ESS serializes the Access Requests and Grants as [Verifiable Credentials (VCs)](https://docs.inrupt.com/reference/glossary#verifiable-credential) and provides a verification endpoint for these VCs. ## `/verify` Endpoint The ESS [Access Grant Service](https://docs.inrupt.com/ess/latest/services/service-access-grant) provides the following endpoint for Access Request/Grant VC verification: ```json https://vc./verify ``` To verify an Access Request/Grant, clients can send the verification request to the endpoint:
MethodPOST
Content-Typeapplication/json
Endpointhttps://vc.<ESS Domain>/verify
PayloadVerification request object. See Input: Access Request/Grant VC for details.
The **`/verify`** endpoint (also referred to as the Verifier on this page) implements the verify portion of the [VC API specification](https://w3c-ccg.github.io/vc-api/#verifying). {% hint style="info" %} The [VC API specification](https://w3c-ccg.github.io/vc-api/#issue-credential) is in Draft status. Features based on draft specifications are subject to change. {% endhint %} ## Verification Checks The Verifier performs the following verification checks on the Access Request/Grant VCs: * Checks the authenticity of the VCs . Specifically, the Verifier performs [Ed25519 signature suite 2020](https://w3c-ccg.github.io/lds-ed25519-2020/) verifications. * Checks that the VCs have not been revoked. * Checks that the VCs is active; specifically: * Checks that the VCs effective period has started (i.e., has a future issuance date). * Checks that the VCs have not expired (i.e., has a past expiration date). In addition, the Verifier performs the following Solid checks on the Access Request/Grant VCs :
FieldDescription
typeWhen validating a Solid access request, the VC’s type field must include "SolidAccessRequest".
When validating a Solid access grant, the VC’s type field must include "SolidAccessGrant".
credentialSubject.idThe VC’s credentialSubject.id field must be a WebID.
proof.domainThe VC’s proof.domain field must be set to solid.
## Input: Access Request/Grant VC The Verifier endpoint ( **`/verify`** ) accepts a document of the form: ```json { "verifiableCredential": , "options": } ``` * **`verifiableCredential`** accepts a VC JSON-LD document. For details, see: [VC Verifier API (OpenAPI specification)](https://w3c-ccg.github.io/vc-api/verifier.html#operation/verifyCredential) ## Output: Verification Results The Verifier returns a JSON object: ```json { "checks": [ "issuanceDate", "proof", "expirationDate", "credentialStatus" ], "errors": [], "warnings": [] } ``` * **`checks`** lists the checks performed during verification. {% hint style="info" %} **Note**\ The **`expirationDate`** check only occurs if an expiration date is present in the VC. {% endhint %} * **`errors`** lists any errors that occurred during verification. * **`warnings`** lists any warnings that occurred during verification. ## Example The following is a sample Access Request VC: ```json { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://schema.inrupt.com/credentials/v2.jsonld", "https://w3id.org/security/data-integrity/v1", "https://w3id.org/vc-revocation-list-2020/v1", "https://w3id.org/vc/status-list/2021/v1", "https://w3id.org/security/suites/ed25519-2020/v1" ], "id": "https://vc./vc/bee01024-9cf8-4e4a-b70a-03242a980cce", "credentialStatus": { "id": "https://vc./status/SkbE#0", "revocationListCredential": "https://vc./status/SkbE", "revocationListIndex": "0", "type": "RevocationList2020Status" }, "credentialSubject": { "hasConsent": { "mode": [ "http://www.w3.org/ns/auth/acl#Read" ], "hasStatus": "https://w3id.org/GConsent#ConsentStatusRequested", "isConsentForDataSubject": "https://id./owliverowner", "forPersonalData": [ "https://storage.//getting-started/readingList/myList" ] }, "id": "https://id./requestingrabbit", }, "id": "https://vc./vc/xxxxxx...", "issuanceDate": "2021-10-25T03:21:58.512Z", "expirationDate": "2023-05-08T04:36:25.609Z", "issuer": "https://vc.", "proof": { "created": "2021-10-25T03:21:58.708Z", "domain": "solid", "proofPurpose": "assertionMethod", "proofValue": "xxxxxx........", "type": "Ed25519Signature2020", "verificationMethod": "https://vc./key/xxxxx...." }, "type": [ "VerifiableCredential", "SolidAccessRequest" ] } ``` To verify the VC, post the following payload, where the **`"verifiableCredential"`** field is set to the VC to be verified, to the Verifier endpoint ( **`/verify`** ): ```json { "verifiableCredential": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://w3id.org/security/suites/ed25519-2020/v1", "https://w3id.org/vc-revocation-list-2020/v1", "https://vc./credentials/v1" ], "credentialStatus": { "id": "https://vc./status/SkbE#0", "revocationListCredential": "https://vc./status/SkbE", "revocationListIndex": "0", "type": "RevocationList2020Status" }, "credentialSubject": { "hasConsent": { "mode": [ "http://www.w3.org/ns/auth/acl#Read" ], "hasStatus": "https://w3id.org/GConsent#ConsentStatusRequested", "isConsentForDataSubject": "https://id./owliverowner", "forPersonalData": [ "https://storage.//getting-started/readingList/myList" ] }, "id": "https://id./requestingrabbit", }, "id": "https://vc./vc/xxxxxx...", "issuanceDate": "2021-10-25T03:21:58.512Z", "issuer": "https://vc.", "proof": { "created": "2021-10-25T03:21:58.708Z", "domain": "solid", "proofPurpose": "assertionMethod", "proofValue": "xxxxxx........", "type": "Ed25519Signature2020", "verificationMethod": "https://vc./key/xxxxx...." }, "type": [ "VerifiableCredential", "SolidAccessRequest" ] } } ``` Upon successful verification, the endpoint returns the following: ```json { "checks": [ "issuanceDate", "proof", "credentialStatus" ], "errors": [], "warnings": [] } ``` {% hint style="info" %} **Note**\ Since the **`expirationDate`** is not present in the input VC, the **`expirationDate`** check did not occur, and thus is omitted from the output. {% endhint %}