In this tutorial, you'll create and test your first verifier instance in Vidos. You'll learn how to configure the verifier, test credential verification, and manage its operational state. By the end, you'll have a working verifier instance that can validate Verifiable Credentials (VCs) and Verifiable Presentations (VPs) for your applications.
This tutorial is aimed at developers or technical product owners who are familiar with web APIs and basic cryptography but are new to decentralised identity. It takes you from creating an account to verifying your first credential, highlighting common pitfalls along the way.
Before you begin, make sure you have:
If you need more help with account creation, see the official guide Create a Vidos Account.
Vidos services require API keys for authenticated calls.
The step‑by‑step guide Create API Keys explains these options in more detail.
For more details, see Manage Verifier Instances.
The dashboard provides sample credentials you can use for testing.
We'll use curl to send the sample credential to your verifier. Replace <YOUR_SECRETwith the API secret you copied and <ENDPOINTwith your instance ID from step 3.
curl -X POST
https://.verifier.service.eu.vidos.id/w3c-ccg/vc-api/v0.0.3/credentials/verify
-H "Authorization: Bearer <YOUR_SECRET>"
-H "Content-Type: application/json"
-d '{
"verifiableCredential": <PASTE_THE_SAMPLE_CREDENTIAL_JSON_HERE>,
"options": {
"checks": ["format", "notBefore", "notAfter", "proof"],
"returnCredential": true
}
}'
When the credential is valid, the response will include a checks array and no errors.
If you encounter issues during this tutorial, check the following:
verifiableCredential
object and uses a supported proof suiteCongratulations! You've successfully:
To continue your journey with Vidos verifiers:
Verify Credentials via API
Goal: Learn how to call a Vidos Verifier instance programmatically to validate a verifiable credential (VC) or verifiable presentation (VP).
Overview
A verifier service performs cryptographic checks on credentials. To call it successfully you need:
Sample call
Replace <ENDPOINTand <SECRETwith your verifier's instance ID and API secret. Paste your verifiable credential in place of <VC_JSON>.
curl -X POST
https://.verifier.service.eu.vidos.id/w3c-ccg/vc-api/v0.0.3/credentials/verify
-H "Authorization: Bearer "
-H "Content-Type: application/json"
-d '{
"verifiableCredential": <VC_JSON>,
"options": {
"checks": ["proof"],
"returnCredential": true
}
}'
Request fields
To verify a presentation (VP), change the endpoint path to /presentations/verify and use verifiablePresentation in place of verifiableCredential.
Tips
For more details, see the Verifier API Reference.
Troubleshooting Verifier API Errors
Even experienced developers run into errors when calling a verifier. Here are common messages and how to resolve them.
Error message Likely cause How to fix
{"type":"missing_authorization_header"} The Authorization header is absent. Include -H "Authorization: Bearer " in your request.
{"type":"invalid_authorization_header"} The bearer token is malformed or uses the wrong value (e.g., the key ID instead of the secret). Use the secret generated when creating the API key. There should be a space after Bearer and no quotes around the secret.
{"type":"unsupported-format"} The credential isn't wrapped in verifiableCredential or uses an unsupported proof suite. Wrap your credential as shown in the Verify Credentials via API guide and ensure you're using a supported proof (e.g., Ed25519Signature2020).
… CRYPTOGRAPHIC_SECURITY_ERROR The credential was modified after it was signed, so the signature no longer matches the content. Always use the credential exactly as issued. Changing type, context or other fields will invalidate the proof. Ask the issuer to re‑issue the credential if you need a different structure.
Expected property name or '}' in JSON at position … The JSON payload is malformed (e.g., stray commas, comments or unmatched braces). Validate your JSON with a linter or place it in a separate file and use --data @file.json in your curl command.
If you run into other issues not covered here, the Vidos Support portal and the Verifier API Reference provide additional help.
Why You Can't Modify a Signed Credential
When a verifiable credential is issued, the issuer's private key is used to sign a canonicalised version of the credential. This signature (often contained in a proof section) mathematically binds the signature to the exact content of the credential.
If you alter any part of the signed data — even seemingly minor changes like converting a string to an array or adding a new property — the cryptographic hash of the credential changes. As a result, the verifier cannot match the signature to the content and will raise a cryptographic security error.
Implications for developers
For a deeper dive into the data‑integrity proofs and why signatures are fragile to modification, consult the Verifiable Credentials Data Model specification.