Issuing Credentials

The issuer is the entity responsible for creating and issuing credentials within the AIR Credential ecosystem. It defines schemas, issues Verifiable Credentials, and manages the lifecycle of credentials.

As an Issuer, you are responsible for issuing Verifiable Credentials to users. Follow these steps to integrate and manage the credential issuance process.

Step 1: Set Up an Issuance Program

Use the Developer Dashboard to create an issuance program (Issuer -> Programs).
While creating the program, search for the schema for the credentials you intend to issue, and check the attributes to be included (e.g., name, age, nationality, etc.). It is highly recommended to search for an existing schema so that credentials are interoperable across platforms and can be recognized, displayed, or verified by any verifier. If there are no suitable schemas available, please contact us, or you may create your own schema.
Publish the program and take note of the program ID.

Step 2: Collect User Data

Securely authenticate and retrieve your user's data within your existing application.

Step 3: Generate Auth Token

Generate a Partner JWT securely with your backend server, and include scope=issue to limit its scope.

Step 4: Issue Credentials

To encrypt the user's data and create a verified credential on-chain, simply call the issueCredential() function in AIR Kit.

jsx

public async issueCredential({
    authToken,
    issuerDid,
    credentialId,
    credentialSubject,
}: {
    authToken: string;
    issuerDid: string;
    credentialId: string;
    credentialSubject: Record<string, unknown>;
}): Promise<void>

Parameter	Type	Description
`authToken`	`string`	Your signed Partner JWT, with scope=issue.
`issuerDid`	`string`	Your Issuer DID.
`credentialId`	`string`	Program ID for the credential being issued.
`credentialSubject`	`Record<string, unknown>`	Object containing the credential's claims and attributes for the subject.

Response: Throws an error if issuance fails.

Under the hood, AIR Kit generates a Verifiable Credential based on the issuance program and schema, pushes the VC on-chain, and stores the encrypted data in decentralized storage. During this process, the raw user data and private keys stay on the client side and are not exposed to Moca's servers.

Tips

Use the Developer Dashboard to view and manage issued credentials (Issuer -> Records). In cases where credentials need to be invalidated, use the Revoke function in the Dashboard.
Use the Chain Explorer to find the record of the on-chain transaction related to issuance (Credentials -> Issuance)

Best Practices for Issuers

Only issue credentials after thorough validation of submitted evidence or claims.
Minimize inclusion of personally identifiable information—issue privacy-preserving credentials whenever possible.
Adopt open, standardized schemas to maximize compatibility and reduce verification friction across apps.
Implement robust expiry and revocation processes, and ensure that holders and verifiers are informed of credential status.

Respect user sovereignty at all stages; credentials should be under full user control and portable across the ecosystem.

Issuing Credentials ​

Step 1: Set Up an Issuance Program ​

Step 2: Collect User Data ​

Step 3: Generate Auth Token ​