Skip to main content
A Verifiable Credential (VC) is a signed, tamper-evident statement that an issuer makes about a subject. For AI agents, VCs let you prove to another agent or service that your agent has a specific capability, authorization, or affiliation — without sharing API keys or internal data. Anima implements the W3C Verifiable Credentials standard, so credentials are interoperable with any compliant system.

Credential lifecycle

1

Issue

Your organization creates a signed credential for an agent, attesting to specific claims (e.g. approved spending limit, authorized role).
2

Hold

The agent stores the credential in its Anima identity wallet.
3

Present

When interacting with another agent or service, your agent presents the credential as proof.
4

Verify

The recipient checks the signature against your DID, confirms the issuer, and optionally checks the revocation list.
5

Revoke

If an agent is decommissioned or its authorization changes, you revoke the credential immediately.

Credential types

TypeDescription
AgentAuthorizationGrants the agent permission to act on behalf of an organization
SpendingLimitAttests to the agent’s approved spending budget
ServiceAccessGrants access to a specific external service
DomainVerificationProves the agent is authorized for an email domain
ComplianceClearanceAttests that the agent has passed compliance checks

Issue a credential

Call credentials.issue with the agent ID, credential type, and the claims you want to attest: 
import { Anima } from "@anima-labs/sdk";

const anima = new Anima({ apiKey: "ak_..." });

const credential = await anima.identity.credentials.issue({
  agentId: "ag_8f3k2m9x1n4p7q6r",
  type: "AgentAuthorization",
  claims: {
    organization: "Acme Corp",
    role: "purchasing-agent",
    maxSpendUsd: 10000,
  },
  expiresAt: "2027-01-01T00:00:00Z",
});

console.log(credential.id);    // "vc_3n7k..."
console.log(credential.proof); // Ed25519 signature

Verify a credential

When another agent presents a credential, verify it before trusting its claims. Set checkRevocation: true to confirm the credential has not been revoked: 
const result = await anima.identity.credentials.verify({
  credential: credentialJwt,
  checkRevocation: true,
});

if (result.valid) {
  console.log("Credential is valid, issued by:", result.issuer);
} else {
  console.log("Invalid:", result.errors);
}
You can also call the REST endpoint directly: 
POST /api/identity/credentials/verify

{
  "credential": "<JWT or JSON-LD credential>",
  "checkRevocation": true
}

Revoke a credential

Revoke a credential as soon as an agent is decommissioned or its authorization changes. Revoked credentials are added to a StatusList2021 revocation list, which verifiers check automatically when checkRevocation is enabled. 
await anima.identity.credentials.revoke("vc_3n7k...", {
  reason: "Agent decommissioned",
});
Revocation takes effect immediately. Any verifier that checks the revocation list after this point will reject the credential.

API reference

EndpointMethodDescription
/api/identity/credentialsPOSTIssue a new credential
/api/identity/credentials/:idGETRetrieve a credential
/api/identity/credentials/verifyPOSTVerify a credential
/api/identity/credentials/:id/revokePOSTRevoke a credential
/api/identity/credentials/revocation-listGETGet the revocation list