Build a verifier

You run the admissions side: ask the applicant's wallet to present their diploma, then verify the proof — over the same VCALM exchange loop the wallet speaks.

You'll do exactly 3 things

Expose an interaction URL that advertises vcapi.
When the wallet POSTs to start, respond with a verifiablePresentationRequest describing the diploma you need.
Receive the verifiablePresentation and verify its proof, challenge, and domain.

1. Request the diploma

When the wallet POSTs an empty body to your exchange URL, respond with a QueryByExample asking for the credential type you need:

{
  "verifiablePresentationRequest": {
    "query": [{
      "type": "QueryByExample",
      "credentialQuery": [{
        "reason": "Please present your university degree to continue your application.",
        "example": {
          "@context": [
            "https://www.w3.org/ns/credentials/v2",
            "https://w3id.org/education/v2"
          ],
          "type": "UniversityDegreeCredential"
        },
        "trustedIssuer": [{
          "required": true,
          "issuer": "did:web:university.example"
        }]
      }]
    }],
    "challenge": "3182bdea-63d9-11ea-b6de-3b7c1404d57f",
    "domain": "admissions.example"
  }
}

The challenge and domain are what you'll verify in the returned proof — they stop a captured presentation from being replayed. Use trustedIssuer to require a degree from a specific institution.

2. Receive the presentation

The wallet POSTs the signed presentation back to the same exchange URL:

{
  "verifiablePresentation": {
    "@context": ["https://www.w3.org/ns/credentials/v2"],
    "type": ["VerifiablePresentation"],
    "holder": "did:example:graduate123",
    "verifiableCredential": [{ "...": "the diploma VC" }],
    "proof": {
      "challenge": "3182bdea-63d9-11ea-b6de-3b7c1404d57f",
      "domain": "admissions.example",
      "...": "holder signature"
    }
  }
}

3. Verify the proof

Before you trust the diploma, check all of the following:

The presentation proof is valid and the challenge / domain match what you sent.
Each credential's proof is valid and the issuer is one you trust.
The credential is not revoked or suspended (check its status).
The credential is unexpired and the type matches your request.

That's it

A conformant education verifier is this exchange: request, receive, verify. The cryptographic verification itself is your verifier instance's job — the coordinator just runs the exchange.

Prefer a library to raw HTTP?

Verifier-side helpers live in Digital Bazaar's Bedrock VC modules. A dogfooded standalone VCALM client is planned; until it ships, the HTTP flow above is the supported path.

Go deeper

← Back to roles