Quickstart: Credential Verification

If you are looking to verify credentials on chain this guide will help you achieve that.

This Quickstart will walk you through:

• Setting up verification programs
• Verifying user credentials with zero-knowledge proofs
• Handling verification results

What You'll Build

By the end of this Quickstart, you will have:

• A verification program configured for your app
• Code that verifies credentials from users
• Application logic that reacts to verification results (e.g., grant/deny access)

Before Starting, Ensure You Have

• Completed or understood the Login & Sessions Quickstart (recommended but not mandatory)
• Completed the Credential Issuance Quickstart (to have credentials to verify)
• Node.js v16+ installed

Step 1: Install the AIR Kit

npm install @mocanetwork/airkit

Step 2: Get Your Partner ID

1. Go to the Developer Dashboard and login with your EOA wallet
2. Connect your wallet
3. Navigate to the Accounts section on the navigation bar on the left. Then go to the General section. Copy the Partner ID and Verifier DID from the partner account information and settings

Step 3: Setup JWT Authentication

To verify credentials, you need to set up JWT authentication similar to the issuance process.

JWT Setup Required

For detailed instructions on setting up JWT authentication, including JWKS configuration and token generation, please refer to the Partner Authentication guide.

Quick Setup:

1. Navigate to the Accounts tab and configure your JWKS URL
2. Generate JWT tokens using your private key for authentication

Step 4: Understanding Credential Verification

A verifiable credential is a secure, digital version of a credential record that can be verified using zero-knowledge proofs.

To start verifying a credential, you need to first set up a verification program and question set that validates the proof.

Example: Proving age > 18 without sharing full ID. Say you want to enter a bar and prove you are above 18 without showing your ID or sharing your birth date - you can leverage the age credential that was issued. You send the zero-knowledge proof (not your full passport) to the bar. The proof only answers the question: "Is this person over 18?" and nothing more.

Step 5: Prerequisites

• Go to the Faucet, connect your wallet, and get $MOCA test tokens
• Go to Developer Dashboard -> Verifier -> Fee wallet and deposit funds

Step 6: Setup Verification Program

• Navigate to the Verifier tab and click "Create Program"
• Select the schema configured for credential issuance (e.g., kyc_schema)
• Configure your query with question set, operator, and attribute values
• Add necessary details like Issuer ID and hit save. Your program will be created
• Now that you have the verifier program created, click on Details and Apply the program.
• Once applied the status of the program will change from Draft to Active

Step 7: Verifying Credentials Using the Example App

You can verify credentials using the Example app

• Generate a JWT token on the demo app interface

• Enter the verifier DID, verifier program ID and a custom redirect URL to issue credential (if required) and click on "Start Credential Verification"

• The widget will guide you through the verification process.

• Once completed you will be able to verify the result on the UI as compliant or non compliant. In this case the result of verification will be compliant as the age was 20 and location was netherlands [we were verfiying adult users outside of the USA].

• You can verify the credential verification under the records section in the Verifier Tab.

Step 8: Verifying Credentials Using the AIR Kit

After you've set up your verification program, you can verify credentials programmatically using the AIR Kit. This shows how to configure the verification flow, generate JWTs for authentication, and interact with the AIR SDK's verification API.

Configure Verification Parameters

We need the following key parameters and configs:

const [config, setConfig] = useState({
  verifierDid: env.VERIFIER_DID || "did:example:verifier123",
  programId: env.PROGRAM_ID || "c21hc030kb5iu0030224Qs",
  redirectUrlForIssuer: env.REDIRECT_URL_FOR_ISSUER || "http://localhost:8080/issue"
});

• verifierDid: The DID (Decentralized Identifier) of the verifier - identifies who is performing the verification.
• programId: The credential program being verified against. This must match the program ID on the Developer Dashboard.
• redirectUrlForIssuer: Used in cases when the credential doesnt exist and you want to redirect your user to claim a credential / issue one for them.

Authentication (JWT Handling)

const jwt = await generateJwt({ partnerId, privateKey });

// genearteJwt is a utility function. Refer to the link below to look at its implementation

• partnerId and privateKey come from environment variables.
• JWT is used for authorization when calling airService.issueCredential function. you can refer to Authentication (Partner JWT) on how to generate JWT tokens

  Tip: For production, generate JWTs on the backend to keep private keys secure.

• Private Key: Needed to sign JWTs, proving the verifier’s identity.
• Generated JWT: The signed token that authenticates API calls to AIR Service.

Verify the Credential

Call airService.verifyCredential to verify the credential:

const result = await airService.verifyCredential({
  authToken: jwt,
  programId: config.programId,
  redirectUrl: config.redirectUrlForIssuer
});

setVerificationResult(result);

• Verifier must have a properly initialized airService.
• Call airService.verifyCredential with: - authToken: the JWT generated above. - programId: ties verification to the specific credential program colnfigured on the Developer Dashboard. - redirectUrl: ensures redirect-based verification flows can complete.
  • Store Results: verificationResult is updated with the outcome (status + payload).

Status Handling

Helper functions map the verification status into colors, icons, and descriptions:

getStatusColor("Compliant"); // → green badge
getStatusIcon("Revoked"); // → 🚫
getStatusDescription("Expired"); // → "The credential has expired..."

You can refer to this Authentication (Partner JWT) for the implementation of these functions.

Summary of Verification Process

1. Set up verification program on the Developer Dashboard
2. Configure verifier DID, program ID, and redirect URL
3. Generate JWT for authentication
4. Call airService.verifyCredential to verify the credential
5. Handle verification results and display status

Example Implementation

For a complete working example, check out the AIR Credential Example repository which demonstrates:

• Full credential verification flow with React components
• Verification status handling and display
• Error handling and user feedback
• Complete integration with the AIR Kit's Credential Services

Next Steps

Now that you know how to verify credentials, you can:

• Issue credentials - Learn how to issue credentials in the Credential Issuance Quickstart