Verifiable Credentials
Issue, fetch, validate, and format ACDC credentials.
Methods for issuing credentials to AIDs and working with credentials held by an AID. The three methods marked pure do not hit the network and are safe to call on the hot path.
issueCredential
Issue an ACDC credential to an AID. The AID must already be connected via connectToAid.
issueCredential(params: IssueCredentialParams): Promise<{
success: boolean;
data: string;
}>Parameters
params.schemaSaidstringrequiredSAID of the schema the credential should conform to. Every credential type in Masumi is identified by its schema SAID.
params.aidstringrequiredAID that will receive the credential. Must have been connected via
connectToAid first.
params.attributesRecord<string, unknown>Custom attributes to embed in the credential's sad.a block. Shape is
schema-dependent — only fields defined in the schema are honored.
Returns
success—truewhen the credential was issued.data— credential SAID or a server status message.
Example
const result = await identity.issueCredential({
schemaSaid: "EJ1gXWfzLyW2u0-YY5Z...", // Agent Verification schema
aid: "EHpH79tPZoSl7VJZ7xMi3JWF4rH9wZ2ntGvKABd9N14z",
attributes: {
agentId: "agent-42",
name: "Trip Planner",
},
});
if (!result.success) {
throw new Error(`Credential issuance failed: ${result.data}`);
}getCredentialsForAid
Fetch all credentials the credential server has issued to an AID.
getCredentialsForAid(aid: string): Promise<Credential[]>Example
const creds = await identity.getCredentialsForAid(
"EHpH79tPZoSl7VJZ7xMi3JWF4rH9wZ2ntGvKABd9N14z",
);
console.log(`Agent holds ${creds.length} credential(s)`);validateCredential
🔒 pure — no network call
Validate a credential's issuance status, revocation status, and expiration window.
validateCredential(
credential: Credential,
options?: CredentialValidationOptions,
): CredentialValidationResultParameters
credentialCredentialrequiredThe credential to validate. See the Credential type.
options.expirationDaysnumberdefault: 365How many days after issuance a credential is considered expired. Defaults to 365.
Returns
A CredentialValidationResult with isValid, status ("issued" / "revoked" / "expired" / "unknown"), message, and optional details.
Example
const result = identity.validateCredential(cred, { expirationDays: 90 });
if (!result.isValid) {
throw new Error(`Credential not trusted: ${result.status} — ${result.message}`);
}formatCredential
🔒 pure — no network call
Project a raw Credential into a structured, display-friendly shape.
formatCredential(credential: Credential): FormattedCredentialExample
const formatted = identity.formatCredential(cred);
console.log(formatted.credentialType); // "AgentVerification"
console.log(formatted.issueeAid); // "E..."
console.log(formatted.issuanceDateTime); // "2026-04-20T..."
console.log(formatted.status); // "issued" | "revoked" | "expired"
console.log(formatted.attributes); // { agentId: "agent-42", name: "..." }findCredentialBySchema
🔒 pure — no network call
Find the first credential in an array matching a given schema SAID.
findCredentialBySchema(
credentials: readonly Credential[],
schemaSaid: string,
): Credential | undefinedExample
const allCreds = await identity.getCredentialsForAid(aid);
const agentVerification = identity.findCredentialBySchema(
allCreds,
"EJ1gXWfzLyW2u0-YY5Z...", // Agent Verification schema SAID
);
if (!agentVerification) {
throw new Error("Agent is not Masumi-verified");
}See also
- Standalone equivalents of the pure helpers are exported directly — see Utilities.