This tutorial describes how to verify that an account holds a valid credential on the XRP Ledger, which has different use cases depending on the type of credential and the meaning behind it. A few possible reasons to verify a credential include:
- Confirming that a recipient has passed a background check before sending a payment.
- Checking a person's professional certifications, after verifying their identity with a DID.
- Displaying a player's achievements in a blockchain-connected game.
By following this tutorial, you should learn how to:
- Fetch a Credential entry from the ledger.
- Recognize if a credential has been accepted and when it has expired.
To complete this tutorial, you should:
- Have a basic understanding of the XRP Ledger.
- Have an XRP Ledger client library, such as xrpl.js, installed.
- Know the issuer, subject, and credential type of the credential you want to verify. For purposes of this tutorial, you can use sample values of data that exists in the public network.
- For information on how to create your own credentials, see the Build a Credential Issuing Service tutorial.
You can find the complete source code for this tutorial's examples in the code samples section of this website's repository.
From the code sample folder, use npm to install dependencies:
npm iTo get started, import the client library and instantiate an API client. You also need to specify the details of the credential you want to verify.
import { Client, rippleTimeToISOTime, convertStringToHex } from "xrpl"
const client = new Client("wss://s.devnet.rippletest.net:51233")
await client.connect()
const SUBJECT_ADDRESS = "rsYhHbanGpnYe3M6bsaMeJT5jnLTfDEzoA"
const ISSUER_ADDRESS = "rEzikzbnH6FQJ2cCr4Bqmf6c3jyWLzkonS"
const CREDENTIAL_TYPE = convertStringToHex("my_credential").toUpperCase()Use the ledger_entry method to request the credential, using the latest validated ledger version. The response includes the Credential entry as it is stored in the ledger.
If the request fails with an entryNotFound error, then the specified credential doesn't exist in the ledger. This could mean you got one of the values wrong or the credential has been deleted.
// Look up Credential ledger entry --------------------------------------------
const ledgerEntryRequest = {
command: "ledger_entry",
credential: {
subject: SUBJECT_ADDRESS,
issuer: ISSUER_ADDRESS,
credential_type: CREDENTIAL_TYPE,
},
ledger_index: "validated",
}
console.log("Looking up credential...")
console.log(JSON.stringify(ledgerEntryRequest, null, 2))
let xrplResponse
try {
xrplResponse = await client.request(ledgerEntryRequest)
} catch (err) {
if (err.data?.error === "entryNotFound") {
console.error("Credential was not found")
} else {
console.error(err)
}
process.exit(1)
}
const credential = xrplResponse.result.node
console.log("Found credential:")
console.log(JSON.stringify(credential, null, 2))Since a credential isn't valid until the subject has accepted it, you need to check if the credential has been accepted to know if it's valid. The accepted status of a credential is stored as a flag in the Flags field, so you use the bitwise-AND operator to see if that particular flag is enabled.
// Check if the credential has been accepted ----------------------------------
const lsfAccepted = 0x00010000
if (!(credential.Flags & lsfAccepted)) {
console.log("Credential is not accepted.")
process.exit(2)
}If the credential has an expiration time, you need to confirm that it has not passed, causing the credential to expire. As with all expirations in the XRP Ledger, expiration is compared with the official close time of the previous ledger, so use the ledger method to fetch the ledger header and compare against the close time.
If the credential does not have an expiration time, then it remains valid indefinitely.
// Confirm that the credential is not expired ---------------------------------
if (credential.Expiration) {
const expirationTime = rippleTimeToISOTime(credential.Expiration)
console.log(`Credential has expiration: ${expirationTime}`)
console.log("Looking up validated ledger to check for expiration.")
const ledgerResponse = await client.request({
command: "ledger",
ledger_index: "validated",
})
const closeTime = rippleTimeToISOTime(ledgerResponse.result.ledger.close_time)
console.log(`Most recent validated ledger was at: ${closeTime}`)
if (new Date(closeTime) > new Date(expirationTime)) {
console.log("Credential is expired.")
process.exit(3)
}
}If the credential has passed all checks to this point, it is valid. In summary, the checks were:
- The credential exists in the latest validated ledger.
- It has been accepted by the subject.
- It has not expired.
// Credential has passed all checks -------------------------------------------
console.log("Credential is valid.")
client.disconnect()Now that you know how to use xrpl.js to verify credentials, you can try building this or related steps together into a bigger project. For example:
- Incorporate credential verification into a wallet application.
- Issue your own credentials with a credential issuing service.
- Verify Credentials in Python
- References:
- API methods:
- Ledger entries: