Managing Credentials
Within a tbDEX network, Verifiable Credentials (VC) play a critical role in establishing trust and ensuring regulatory compliance during transactions.
VCs are digital proofs that may be required by PFIs in order to verify your customers. So, your application will serve as an agent who presents a customer's credentials to a PFI as part of the transaction flow.
One of the most common credentials required during transactions via tbDEX are ones used to adhere to Know Your Customer (KYC) regulations. Learn how to request a Known Customer Credential that your customers can use with PFIs.
Storing Credentials​
As part of a customer's profile, your application can choose to store credentials that have been issued to them.
Signed VCs are converted into a JSON Web Token (JWT), which is a compact, URL-safe means of representing claims to be transferred between two parties. JWT format is used to encode the credentials, making them both secure and easily transmissible.
Storing your customers' credentials in this format is sufficient for use on a tbDEX network.
Required Claims​
PFI Offerings contain a requiredClaims section that provides a definition of the credentials that must be presented as part of the RFQ message.
You can obtain the requiredClaims from an Offering via:
In the following example of a requiredClaims section of an Offering, the PFI has specified that the customer must provide a VC of type SanctionsCredential:
{
'id': '6bdaec32-e511-489d-b2fd-27a051bd819b',
'input_descriptors': [
{
'id': '65752b5a-a454-4605-85de-7f159b22ce01',
'purpose': 'We need to know if you are a sanctioned individual',
'constraints': {
'fields': [
{
'path': [ '$.type[*]' ],
'filter': {
'type': 'string',
'const': 'SanctionsCredential'
}
}
]
}
}
]
}
Obtain Eligible Offerings​
With a network of multiple PFIs, there will likely be several Offerings that match your customer's desired currency pairing. You can narrow these options down even further by filtering for the ones where the customer's existing VCs satisfy the Offering's requirements:
Here, we skip offerings where the customer's VCs do not satisfy the Offering's requirements. However, your application may choose to include these in the matched Offerings and still present them to the customer, indicating that they'd need to obtain the necessary credentials to satisfy the Offering's requirements.
Your application could even apply for certain credentials on behalf of the customer, or issue credentials that you have the credibility to do so.
Select Credentials that Satisfy Requirements​
Once your customer selects the Offering they'd like to request a quote for, you'll need to choose the credentials needed for the RFQ.
In the section above, we checked across all of the customer's VCs to see if they meet the PFI's specified combined criteria. However, you'll only want to select the ones that are actually required.
To do so, pass the customer's credentials and the requiredClaims section of the Offering to selectCredentials():
The selectedCredentials will be a part of the RFQ that you create on behalf of your customer.
Was this page helpful?
Connect with us on Discord
Submit feedback: Open a GitHub issue
Edit this page: GitHub Repo
Contribute: Contributing Guide