Base URLs
| Environment | Base URL |
|---|---|
| Sandbox | https://api.sandbox.mocachain.org/v1 |
| Production | https://api.mocachain.org/v1 |
Authentication
All API requests are authenticated with a Partner JWT passed in thex-partner-auth header. The JWT must be signed with your private key (RS256 or ES256) and include:
| Claim | Required | Description |
|---|---|---|
partnerId | Yes | Your Partner ID from the Developer Dashboard |
email | Yes | Target user’s email address |
scope | Yes | Operation scope (e.g. "issue") |
exp | Yes | Expiration timestamp (recommended: 5 minutes) |
kid (Key ID) matching a key in your JWKS endpoint and typ: "JWT".
For full setup instructions, key generation, and code examples see Partner Authentication.
API Playground: Requests from the Try it out playground are sent directly from your browser to the API. Your API must allow CORS from your docs origin (e.g. your Mintlify subdomain or custom domain) for the playground to work. If you see 403 from the playground, check that the API allows the request origin and that your Partner JWT is valid.
Available endpoints
Issue credential on behalf
Submit server-side credential issuance for a user without requiring their active session.
Check issuance status
Poll the status of an asynchronous credential issuance until it is confirmed on-chain.