Skip to main content

Verifiable Credentials

Anima supports W3C Verifiable Credentials (VCs) so agents can prove capabilities, authorizations, and affiliations to other agents or services without exposing underlying secrets.

Credential Lifecycle

  1. Issuance — An issuer (your organization) creates a signed credential for an agent
  2. Holding — The agent stores the credential in its identity wallet
  3. Presentation — The agent presents the credential to a verifier
  4. Verification — The verifier checks the signature, issuer, and revocation status
  5. Revocation — The issuer can revoke a credential at any time

Credential Types

TypeDescription
AgentAuthorizationGrants the agent permission to act on behalf of an org
SpendingLimitAttests to the agent’s approved spending budget
ServiceAccessGrants access to a specific external service
DomainVerificationProves the agent is authorized for an email domain
ComplianceClearanceAttests the agent has passed compliance checks

Issuing Credentials

import { Anima } from "@anima-labs/sdk";

const anima = new Anima({ apiKey: "ak_..." });

const credential = await anima.identity.credentials.issue({
  agentId: "ag_8f3k2m9x1n4p7q6r",
  type: "AgentAuthorization",
  claims: {
    organization: "Acme Corp",
    role: "purchasing-agent",
    maxSpendUsd: 10000,
  },
  expiresAt: "2027-01-01T00:00:00Z",
});

console.log(credential.id);        // "vc_3n7k..."
console.log(credential.proof);     // Ed25519 signature

Verifying Credentials

POST https://api.useanima.sh/api/identity/credentials/verify
{
  "credential": "<JWT or JSON-LD credential>",
  "checkRevocation": true
}
const result = await anima.identity.credentials.verify({
  credential: credentialJwt,
  checkRevocation: true,
});

if (result.valid) {
  console.log("Credential is valid, issued by:", result.issuer);
} else {
  console.log("Invalid:", result.errors);
}

Revoking Credentials

POST https://api.useanima.sh/api/identity/credentials/:credentialId/revoke
await anima.identity.credentials.revoke("vc_3n7k...", {
  reason: "Agent decommissioned",
});
Revoked credentials are added to a StatusList2021 revocation list. Verifiers automatically check this list when checkRevocation is enabled.

API Reference

EndpointMethodDescription
https://api.useanima.sh/api/identity/credentialsPOSTIssue a new credential
https://api.useanima.sh/api/identity/credentials/:idGETRetrieve a credential
https://api.useanima.sh/api/identity/credentials/verifyPOSTVerify a credential
https://api.useanima.sh/api/identity/credentials/:id/revokePOSTRevoke a credential
https://api.useanima.sh/api/identity/credentials/revocation-listGETGet the revocation list

Configuration

VariableDefaultDescription
ANIMA_VC_ISSUER_DIDautoDID used to sign issued credentials
ANIMA_VC_DEFAULT_EXPIRY365dDefault credential expiration
ANIMA_VC_REVOCATION_CHECKtrueCheck revocation on verification

Next Steps