Verifier API

A public verify() endpoint for portable compliance.

Verifiers should not need a proprietary screen to trust a credential. The public API accepts VC-JWT, JSON-LD VC, SD-JWT VC and scoped presentations, then returns each check separately.

Open API schema Get a sample credential

Verifier checks

Signature

Ed25519 VC-JWT signature verification against the Thesmios issuer key.

Issuer

DID and verification-method checks against did:web:thesmios.com.

Status list

StatusList2021 revocation reference checks.

Selective disclosure

SD-JWT VC envelope inspection and disclosure count.

Presentation

Scoped Verifiable Presentation processing for recipient-bound shares.

POST /api/verifier/v1/verify

The result says what passed, what needs review, and why.

A verifier receives an overall status plus individual checks for format, signature, issuer, proof, status list, selective disclosure and presentation validity.

curl -X POST https://thesmios.com/api/verifier/v1/verify \
  -H "content-type: application/json" \
  -d '{"jwt":"<vc-jwt>","sdJwt":"<sd-jwt-vc>"}'

{
  "status": "verified",
  "checks": {
    "signature": { "status": "pass" },
    "statusList": { "status": "pass" },
    "selectiveDisclosure": { "status": "pass" }
  }
}

Why this matters

Interoperable

Uses OpenID4VC-style presentation concepts rather than a closed verifier flow.

Minimum necessary

Selective disclosures prove status without exposing underlying documents by default.

Developer friendly

OpenAPI schema, deterministic sample payloads and stable JSON responses for integration tests.