API Reference
Programmatic access to issue, verify, and manage credentials at scale.
Authentication
All API requests require a valid API key. Generate keys from your dashboard under Developer → API Keys.
Request header
Authorization: Bearer cv_live_<your_api_key>API keys have scoped permissions. Create separate keys for read-only, write, and revoke access.
REST API
Base URL: https://credverse.live/api/v1
/credentialsList credentials. Supports pagination and filtering.
curl -H "Authorization: Bearer cv_live_..." \ "https://credverse.live/api/v1/credentials?limit=50&status=active"
/credentialsIssue a credential. Costs 1 credit. Returns W3C Verifiable Credential.
curl -X POST "https://credverse.live/api/v1/credentials" \
-H "Authorization: Bearer cv_live_..." \
-H "Content-Type: application/json" \
-d '{
"group_id": "uuid",
"holder_email": "recipient@example.com",
"holder_name": "Jane Doe",
"skills": ["Python", "AI"]
}'/credentials/:idRevoke a credential by ID.
curl -X PATCH "https://credverse.live/api/v1/credentials/uuid" \
-H "Authorization: Bearer cv_live_..." \
-H "Content-Type: application/json" \
-d '{"status": "revoked"}'Webhooks
Receive HTTP POST notifications when credentials are issued, revoked, claimed, or expire. Configure webhooks from your dashboard under Developer → Webhooks.
Available Events
credential.issuedcredential.revokedcredential.claimedcredential.expiredcredential.viewedgroup.createdgroup.updatedcredits.lowcredits.purchasedorganization.member_addedorganization.member_removedSignature verification
// HMAC-SHA256 signature in X-CredVerse-Signature header // Format: t=timestamp,v1=signature // Verify with: HMAC-SHA256(webhook_secret, timestamp + "." + payload)
W3C Verifiable Credentials
Every credential is cryptographically signed with an Ed25519 Data Integrity proof. Third-party verifiers can verify credentials offline without trusting the database.
/api/verify/:hashReturns the full W3C VC 2.0 JSON-LD document with Data Integrity proof.
curl "https://credverse.live/api/verify/abc123..." -H "Accept: application/ld+json"
/api/status-list/:orgIdReturns the W3C Status List 2021 revocation registry for an organization.
SCIM 2.0 User Provisioning
Automate user lifecycle management. Configure your IdP (Okta, Azure AD, OneLogin) to provision and deprovision users via SCIM.
SCIM endpoint
POST https://credverse.live/api/scim/v2/Users