> ## Documentation Index
> Fetch the complete documentation index at: https://docs.moca.network/llms.txt
> Use this file to discover all available pages before exploring further.
# Issue on Behalf
> Issue AIR Kit credentials server-side without an active user session — push credentials to user AIR Accounts on backend events like KYC pass or tier change.
**Issue on Behalf** flips this. Your **backend server** issues a credential directly to a user's AIR Account without requiring any action from the user at the time of issuance. The user doesn't need to be in a session, open a wallet, or interact with any UI.
This enables **zero-friction, invisible credential issuance** for use cases like:
* Issuing a KYC credential the moment a user passes identity verification
* Issuing an attendance credential when a venue scan detects a fan's check-in
* Issuing a subscriber tier credential at the end of each billing cycle
* Issuing a loyalty credential triggered by a purchase event
The user simply benefits from the credential next time they interact with a verifier.
**Feature Activation Required**
Issue on Behalf must be enabled for your partner account before use. Enable it in the Developer Dashboard (Accounts → General).
## When to Use It vs. Standard Issuance
| Scenario | Use Standard Issuance | Use Issue on Behalf |
| ------------------------------------------- | --------------------- | ------------------- |
| User initiates credential claim themselves | Yes | No |
| Credential is triggered by a backend event | No | Yes |
| User is actively logged in at issuance time | Yes | Either |
| User is offline / not in session | No | Yes |
| Zero-friction UX is a requirement | No | Yes |
| KYC completion triggers credential | No | Yes |
| Attendance / purchase / billing events | No | Yes |
| User explicitly clicks "Claim Credential" | Yes | No |
**Rule of thumb:** If the credential is triggered by something the user *did* (not something the user *initiated in-app*), use Issue on Behalf.
## How It Works
1. A backend event fires — KYC passed, purchase confirmed, check-in scanned.
2. Your server retrieves the target user's email and signs a Partner JWT.
3. Your server calls the Issue on Behalf API endpoint.
4. AIR Kit verifies the JWT and queues the credential for on-chain processing.
5. Issuance is **asynchronous** — your server polls a status endpoint until the credential is confirmed on-chain.
6. The user presents the credential later at any verifier; no action needed at issuance time.
## Prerequisites
Before using Issue on Behalf you need:
1. **Feature activation** — Enable Issue on Behalf for your partner account in the Developer Dashboard (Accounts → General).
2. **Partner ID and Issuer DID** — From the Developer Dashboard (Accounts → General).
3. **Issuance program** — A published credential program in the dashboard (Issuer → Programs).
4. **JWKS endpoint** — A public URL serving your RSA public key for JWT verification. See [Partner Authentication](/airkit/usage/partner-authentication).
5. **User email** — The email address of the AIR Account receiving the credential.
## Auth
Issue on Behalf authenticates via a **Partner JWT** attached to each request. The JWT must include the target user's email as a signed claim. For full setup, key generation, and examples see [Partner Authentication](/airkit/usage/partner-authentication).
## Next Steps
* [Issue on Behalf API & Examples](/airkit/usage/credential/issue-on-behalf-api)
* [Partner Authentication](/airkit/usage/partner-authentication)
* [Issuing Credentials (SDK)](/airkit/usage/credential/issuing-credentials)