Credential Flows
Urls#
- Mediator URL (all envs): https://ec2.protocol-dev.kiva.org/
- Backend Sandbox URL: https://sandbox-gateway.protocol-prod.kiva.org
- Backend QA URL: https://gateway.protocol-dev.kiva.org
Mobile flow issue#
Example integration tests for mobile flow. Form a connection with the entity
POST /v2/{ENTITY}/api/connection
Example ENTITY values: kiva, fsp, ncra, demo.
Authorization header: Auth0 Bearer token (Note if the future we’ll have specific user’s associated with specific entities so you can’t say use a ncra token to access the kiva controller) No request body
Response body:
Note that if you base64 encode the “invitation” field you can display it as a QR code. You can use the “conneciton_id” field to check in on the connection. Mobile app accepts connection (action on the user’s side)
Admin tool can monitor the status of the connection#
GET /v2/{ENTITY}/api/connection/{CONNECTION_ID)
Authorization header Auth0 Bearer token
Response body:
You can monitor the response body checking the state field. It’s ready when it switches to active or response.
Once connection is ready issue credential#
POST /v2/{ENTITY}/api/issue
Authorization header
Request body:
Response:
In the response the important fields are credential_exchange_id which will be used below, and the state. The mobile user needs to accept the credential, you can check the status.
Check Credential Status#
GET /v2/{ENTITY}/api/issue/{CREDENTIAL_EXCHANGE_ID}
This is a bit confusing but while you’re waiting for the mobile app to accept you will see the state, but as soon as the credential is accepted there’s not more “credential exchange” so there’s just a 400 response. This is what aries does under the hood, if it’s confusing I can see if there’s a way around it.
Response body:
Mobile flow verify#
If you want to use the FSP controller it’s
POST /v2/{ENTITY}/verify
Authorization header
Request body:
Response:
In the response the important fields are “presentation_exchange_id” which will be used below, and the “state”
GET v2/{ENTITY}/api/verify/{PRESENTATION_EXCHANGE_ID}
Authorization header
Response:
In the response the important fields are that the “state” attribute is verified and the “verified” attribute is “true”, and the values are inside Presentation.requested_proof.revealed_attrs.{attribute_name}.raw. NOTE: if the state is verified but the verified attribute is false that means the credential has been revoked
Guardianship flow:#
Example integration tests for guardianship flow.
Onboard into guardianship#
POST v2/{ENTITY}/api/guardian/onboard
Authorization header
Request body:
Response:
In the future we will start returning the credential id so the front end can keep track of how to revoke it. But for now the response isn’t important.
Verifying in guardianship to get SMS OTP#
POST v2/{ENTITY}/api/guardian/verify
Authorization header
Request body:
Response:
The response isn’t important, just the SMS sending
Verifying in guardianship withSMS OTP#
POST v2/{ENTITY}/api/guardian/verify
Authorization header
Request body:
Response:
The response will contain all the requested fields is the proof request went through
Fetch all stored admin credential data#
GET v2/{ENTITY}/api/records
Response:
This returns an array of all issued credentials. The entity data (ie employee data) is under the “entityData” attribute. The state can have the values: proposal_sent, proposal_recieved, offer_sent, offer_received, request_sent, request_received, credential_issued, credential_received, credential_acked
Revoke a credential#
POST v2/{ENTITY}/api/revoke
Authorization header
Request body:
OLD
NEW
Response:
The response on success doesn't contain anything important. If there is a failure then it will throw an exception (ie a 400 or 500 code)
Get all profiles, including proof requests#
GET v2/{ENTITY}/api/profiles
Authorization header
Request body:
Response: