User Guide — Holders

Verification Flow

View as Markdown

Verification is the process by which a Verifier cryptographically validates a Verifiable Credential or Verifiable Presentation.

Verification Flow Overview

Proof Request

A verifier initiates verification by sending a proof request to the holder:

1{
2  "type": "https://didcomm.org/present-proof/3.0/request-presentation",
3  "id": "proof-req-001",
4  "from": "did:adi:verifier001...",
5  "to": ["did:adi:holder001..."],
6  "body": {
7    "goal_code": "verify.degree",
8    "will_confirm": true,
9    "presentation_definition": {
10      "id": "degree-verification",
11      "input_descriptors": [
12        {
13          "id": "degree-credential",
14          "name": "University Degree",
15          "purpose": "Verify the applicant holds a bachelor's degree",
16          "constraints": {
17            "fields": [
18              {
19                "path": ["$.credentialSubject.degree.type"],
20                "filter": { "type": "string", "const": "BachelorDegree" }
21              },
22              {
23                "path": ["$.credentialSubject.degree.university"],
24                "filter": { "type": "string" }
25              }
26            ]
27          }
28        }
29      ]
30    }
31  }
32}

This follows the DIF Presentation Exchange v2 format.

Verify a Credential

Request

1POST /api/v1/credentials/verify
2Content-Type: application/json
3
4{
5  "credential": {
6    "@context": ["https://www.w3.org/2018/credentials/v1", "..."],
7    "type": ["VerifiableCredential", "UniversityDegreeCredential"],
8    "issuer": "did:adi:issuer001...",
9    "issuanceDate": "2026-03-28T10:00:00Z",
10    "credentialSubject": { "..." },
11    "credentialStatus": { "..." },
12    "proof": { "..." }
13  }
14}

Response

1{
2  "verified": true,
3  "checks": {
4    "proof": {
5      "status": "valid",
6      "type": "Ed25519Signature2020",
7      "verificationMethod": "did:adi:issuer001...#key-1"
8    },
9    "issuer": {
10      "status": "valid",
11      "did": "did:adi:issuer001...",
12      "active": true
13    },
14    "schema": {
15      "status": "valid",
16      "schemaId": "did:adi:schema:university-degree-v1"
17    },
18    "expiration": {
19      "status": "valid",
20      "expirationDate": "2030-12-31T23:59:59Z"
21    },
22    "revocation": {
23      "status": "valid",
24      "revoked": false,
25      "checkedAt": "2026-03-28T12:00:00Z"
26    }
27  },
28  "warnings": []
29}

Verify a Presentation

Request

1POST /api/v1/presentations/verify
2Content-Type: application/json
3
4{
5  "presentation": {
6    "@context": ["https://www.w3.org/2018/credentials/v1"],
7    "type": ["VerifiablePresentation"],
8    "holder": "did:adi:holder001...",
9    "verifiableCredential": [ { "..." } ],
10    "proof": {
11      "type": "Ed25519Signature2020",
12      "challenge": "abc123-verifier-nonce",
13      "domain": "https://verifier.example.com",
14      "proofValue": "z4Abc123..."
15    }
16  },
17  "challenge": "abc123-verifier-nonce",
18  "domain": "https://verifier.example.com"
19}

Response

1{
2  "verified": true,
3  "presentationChecks": {
4    "holderProof": "valid",
5    "challenge": "matched",
6    "domain": "matched"
7  },
8  "credentialResults": [
9    {
10      "index": 0,
11      "type": "UniversityDegreeCredential",
12      "verified": true,
13      "checks": {
14        "proof": "valid",
15        "issuer": "valid",
16        "schema": "valid",
17        "expiration": "valid",
18        "revocation": "valid"
19      }
20    }
21  ]
22}

Verification Checks Explained

1. Proof Integrity

The cryptographic signature is verified:

  • Resolve the verificationMethod from the issuer’s DID Document
  • Extract the public key
  • Verify the signature over the canonicalized credential data

2. Issuer DID Resolution

  • Resolve the issuer DID from the ADI blockchain
  • Confirm the DID is not deactivated
  • Confirm the verification method exists in the DID Document
  • Confirm the key is listed in the assertionMethod relationship

3. Schema Compliance

  • Fetch the schema from the Schema Registry
  • Validate credentialSubject attributes against the schema

4. Expiration

  • Compare expirationDate against current time
  • If expired, the credential is invalid

5. Revocation

  • Query the Revocation Registry using credentialStatus
  • Check the specific statusListIndex in the StatusList2021 bitstring
  • If the bit is set, the credential has been revoked

Selective Disclosure Verification

For BBS+ credentials, the verifier receives a derived proof:

1POST /api/v1/presentations/verify
2Content-Type: application/json
3
4{
5  "presentation": {
6    "verifiableCredential": [
7      {
8        "credentialSubject": {
9          "id": "did:adi:holder001...",
10          "degree": {
11            "type": "BachelorDegree",
12            "university": "MIT"
13          }
14        },
15        "proof": {
16          "type": "BbsBlsSignatureProof2020",
17          "nonce": "verifier-nonce",
18          "proofValue": "DerivedProof123..."
19        }
20      }
21    ]
22  }
23}

The verifier only sees the disclosed attributes (type and university), but can verify they were part of a validly signed credential.

Verification Failures

FailureDescriptionMitigation
INVALID_SIGNATUREProof signature does not verifyCredential may be tampered
ISSUER_DEACTIVATEDIssuer DID is deactivatedContact issuer for re-issuance
CREDENTIAL_EXPIREDCurrent time > expirationDateRequest updated credential
CREDENTIAL_REVOKEDCredential is in revocation listCredential is no longer valid
SCHEMA_MISMATCHClaims do not match schemaPossible schema version mismatch
CHALLENGE_MISMATCHVP challenge does not matchPossible replay attack
KEY_NOT_FOUNDVerification method not in DID DocKey may have been rotated