Skip to main content

Sharing a Proof Request

Sharing a proof request generates a URL that encodes everything the wallet needs to retrieve and respond to the request. This URL is typically presented to the holder as a QR code.

Share the proof request

curl -L -X POST '/api/proof-request/v1/{{PROOF-REQUEST-UUID}}/share' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

The system responds with the URL to share with the holder:

{
  "url": "{{PROOF-REQUEST-URL}}"
}

Encode this URL as a QR code and present it to the holder. The wallet scans the code, parses the request according to the verification protocol, and presents it to the holder for review.

Specify a client ID scheme

If your verification protocol is configured with multiple client ID schemes, the system uses the first compatible one by default. To specify a particular scheme, pass it in the request body:

curl -L -X POST '/api/proof-request/v1/{{PROOF-REQUEST-UUID}}/share' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-d '{
  "params": {
    "clientIdScheme": "redirect_uri"
  }
}'

Check supportedClientIdSchemes in your verification protocol configuration instance for available options.

What happens next

Once the holder scans the QR code the system handles the rest of the verification process. The system verifies the submitted presentation against the following checks — all must pass:

  • Authenticity — the credential signature is verified against the issuer's public key, confirming it has not been tampered with
  • Holder binding — the presentation signature is verified against the holder's key, confirming the presenter is the credential subject
  • Credential status — the credential is checked against its revocation method to confirm it has not been suspended or revoked
  • Schema validation — the presentation data is checked against the expected structure, required fields, and claim datatypes

If any check fails, the verification fails and returns an error.

After a successful verification, manage the shared claims data appropriately. See Managing Claim Data.