Documentation

API Reference

Programmatic access to issue, verify, and manage credentials at scale.

Authentication

All API requests require a valid API key. Generate keys from your dashboard under Developer → API Keys.

Request header

Authorization: Bearer cv_live_<your_api_key>

API keys have scoped permissions. Create separate keys for read-only, write, and revoke access.

REST API

Base URL: https://credverse.live/api/v1

GET/credentials

List credentials. Supports pagination and filtering.

curl -H "Authorization: Bearer cv_live_..." \
  "https://credverse.live/api/v1/credentials?limit=50&status=active"
POST/credentials

Issue a credential. Costs 1 credit. Returns W3C Verifiable Credential.

curl -X POST "https://credverse.live/api/v1/credentials" \
  -H "Authorization: Bearer cv_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "group_id": "uuid",
    "holder_email": "recipient@example.com",
    "holder_name": "Jane Doe",
    "skills": ["Python", "AI"]
  }'
PATCH/credentials/:id

Revoke a credential by ID.

curl -X PATCH "https://credverse.live/api/v1/credentials/uuid" \
  -H "Authorization: Bearer cv_live_..." \
  -H "Content-Type: application/json" \
  -d '{"status": "revoked"}'

Webhooks

Receive HTTP POST notifications when credentials are issued, revoked, claimed, or expire. Configure webhooks from your dashboard under Developer → Webhooks.

Available Events

credential.issuedcredential.revokedcredential.claimedcredential.expiredcredential.viewedgroup.createdgroup.updatedcredits.lowcredits.purchasedorganization.member_addedorganization.member_removed

Signature verification

// HMAC-SHA256 signature in X-CredVerse-Signature header
// Format: t=timestamp,v1=signature
// Verify with: HMAC-SHA256(webhook_secret, timestamp + "." + payload)

W3C Verifiable Credentials

Every credential is cryptographically signed with an Ed25519 Data Integrity proof. Third-party verifiers can verify credentials offline without trusting the database.

GET/api/verify/:hash

Returns the full W3C VC 2.0 JSON-LD document with Data Integrity proof.

curl "https://credverse.live/api/verify/abc123..." -H "Accept: application/ld+json"
GET/api/status-list/:orgId

Returns the W3C Status List 2021 revocation registry for an organization.

SCIM 2.0 User Provisioning

Automate user lifecycle management. Configure your IdP (Okta, Azure AD, OneLogin) to provision and deprovision users via SCIM.

SCIM endpoint

POST https://credverse.live/api/scim/v2/Users