The purpose of this service is to issue and verify credentials. This service by itself does not take care of storing the credentials. If you'd like to store credentials, you would have to pair this service with secret-box-service. This service is also dependent on auth0-service
- Endpoint POST
/credentials/issue
- Accepts:
application/json
- Request Body: JSON object with following fields
attributes
- A json object with all the credential attributessubjectDid
- DID of the holder of the credentialtype
- A string representation of the credential type e.g. "PERSON" (optional)@context
- context of the issued credential (optional)expirationDate
- Date of expiration of the JWT (optional)
- Success Response Code: 200
- Invalid Request Response Code - 400
- Internal Error Response Code - 500
- Endpoint POST
/credentials/verify
- Accepts:
application/json
- Request Body: JSON object with following fields:
credential
- A verifiable credential or the JWT string
- Success Response Code - 200
- Invalid Request Response Code:
- 400: Bad request body
- 405: Wrong content type
- Internal Error Response Code - 500
- Endpoint:
/
(This endpoint redirects to the swagger api docs)
The application allows configuring the following parameters using environment variables.
MAINNET_RPC_URL
: RPC endpoint for cheqd mainnet. (Default:https://rpc.cheqd.net:443
)TESTNET_RPC_URL
: RPC endpoint for cheqd testnet. (https://rpc.cheqd.network:443
)RESOLVER_URL
: API endpoint for a DID Resolver endpoint that supportsdid:cheqd
.APPLICATION_BASE_URL
: URL of the application (external domain name)
The application supports two modes in which keys are managed: either just storing them in-memory while a container is running, or persisting them in a PostgresSQL database with Veramo SDK. Using an external Postgres database allows for "custodian" mode where identity and cheqd/Cosmos keys can be offloaded by client applications to be stored in the database.
DB_CONNECTION_URL
: Postgres database connection URL, e.g.postgres://<user>:<password>@<host>:<port>/<database>
DB_ENCRYPTION_KEY
: Secret key used to encrypt the Veramo key-specific database tables. This adds a layer of protection by not storing the database in plaintext.DB_CERTIFICATE
: Custom CA certificate required to connect to the database (optional).
By default, the application has API authentication disabled (which can be changed in configuration). If, however, you'd like to run the app with API authentication features, the following variables need to be configured.
We use a self-hosted version of LogTo, which supports OpenID Connect. Theoretically, these values could also be replaced with LogTo Cloud or any other OpenID Connect identity provider.
ENABLE_AUTHENTICATION
: Turns API authentication guards on/off. (Default:false
)LOGTO_ENDPOINT
: API endpoint for LogTo serverLOGTO_RESOURCE_URL
: API resource associated with applicationLOGTO_APP_ID
: Application ID from LogTo. For now, Application is supposed to be a TraditionalWebLOGTO_APP_SECRET
: Application secret. Also should encrypted in deploymentALLOWED_ORIGINS
: CORS allowed origins used in the appDEFAULT_CUSTOMER_ID
: Customer/user in LogTo to use for unauthenticated usersALL_SCOPES
: List of all scopes. Should be a string with scopes divided by whitespace, likeaccount:create account:read did:create
COOKIE_SECRET
: Secret for cookie encryption.
The app supports 3rd party connectors for credential storage and delivery.
The app's Verida Network connector can be enabled to deliver generated credentials to Verida Wallet.
ENABLE_VERIDA_CONNECTOR
: Turns Verida connector on/off. (Default:false
)VERIDA_NETWORK
: Verida Network type to connect to. (Default:testnet
)VERIDA_PRIVATE_KEY
: Secret key for Verida Network API.POLYGON_RPC_URL
: Polygon Network RPC URL for connections.POLYGON_PRIVATE_KEY
: Secret key for Polygon Network.
Initiate a Postgres database, in case you're using an external database.
docker pull postgres
docker run --name some-postgres -e POSTGRES_PASSWORD=mysecretpassword -d postgres
Construct the postgres url and configure the env variables mentioned above
Once configured, the app can be run using NPM:
npm start
Dependencies can be installed using NPM or any other node package manager.
npm install
npm run build
To build and run in Docker, use the Dockerfile provided.
docker build -t credential-service .
If you notice anything not behaving how you expected, or would like to make a suggestion / request for a new feature, please create a new issue and let us know.
The cheqd Community Slack is our primary chat channel for the open-source community, software developers, and node operators.
Please reach out to us there for discussions, help, and feedback on the project.