Verifiable Credentials Presentation and Issuance

Audience: Organizations

The short answer: Verifiable Credentials (VC) Presentation & Issuance lets your organization request cryptographically signed proof of a user's identity — like their name or age — through a single API redirect, without ever handling their raw identity data.


What It Does

Using the OpenID for Verifiable Credential Presentation (OID4VCP) and Issuance (OID4VCI) standards, your organization redirects users to Proof, where they authenticate and consent to share specific identity attributes — such as name, date of birth, or age verification. Proof returns a verifiable presentation (a vp_token) confirming the credential was presented, without your organization ever receiving the user's full underlying credential.

  • No credential infrastructure for your organization to build or maintain.
  • Users practice selective disclosure — sharing only what's needed for your use case (e.g., confirming "over 21" without sharing a full identity record).
  • The returned vp_token is machine-readable, enabling downstream compliance and business logic that a PDF identity report can't support.

How It Works

For your organization (the relying party) +

Configure an OAuth application in Proof with valid redirect URIs. Use the Identity Protocol API to create an identity transaction, then redirect the user to Proof. Once the user authenticates and consents, Proof returns a verifiable presentation (vp_token) to your redirect URI.

For the end user +

The experience feels like a standard OAuth login: the user is redirected to Proof, prompted for email and SMS authentication, and — if not previously enrolled — completes identity verification (credential analysis / KBA). A consent screen then shows exactly which attributes will be shared. Once the user consents, they're returned to your application.


Getting Access

This feature is available via API for eligible Business and Real Estate Premium tier organizations. It's on by default for Business Pro+ and above via API tools, and enabled by your CSM or Sales team.

Roles involved:

  • Owners and Admins — configure the OAuth application.
  • Signers and Recipients — complete the verification and consent flow.

To get set up, your organization will need:

  • The enable_identity_protocol Flag enabled on your organization.
  • A configured OAuth application with valid redirect URIs.
⚠️
Contact Proof Support to get your organization enabled and to configure your OAuth application.

What This Feature Doesn't Do

  • Doesn't transfer credentials wallet-to-wallet — the credential stays within Proof's infrastructure; your organization receives a verifiable presentation token, not the underlying credential.
  • Doesn't support offline presentation — requires an active Proof session and an internet connection.
  • Doesn't offer self-sovereign credential portability — users cannot export or carry their credential to third-party wallets.
  • Not available in any portal UI — this is an API integration only, with no Keystone or admin UI for organizations to manage presentations.

Developer Resources

For full technical implementation details, see the Verifiable Credential Presentation developer documentation.


Summary Checklist

  • Request a verifiable presentation of user identity attributes through a single API redirect.
  • Users share only what's needed via selective disclosure — no full identity handoff.
  • Requires the enable_identity_protocol flag and a configured OAuth application — contact your CSM or sales to get set up.
  • API integration only — no portal UI for organizations to manage presentations.
i
Still unsure? Contact Proof Support for help.

Updated

Was this article helpful?

0 out of 0 found this helpful