We’re making it easier and faster to build Digital Credential apps by offering a new Credentials SaaS API service.
Co-authored by Ross Power (Product Manager), Ankur Banerjee (CTO/co-founder), and Alex Tweeddale (Product Manager & Governance).
cheqd is thrilled to introduce their latest product, it’s first Software-as-a-Service offering known as “Credential Service”. This solution allows customers to easily integrate identity solutions into their existing applications with just a few clicks. By abstracting away the complexity of the Digital Credentials stack, customers can effortlessly build Credential-based apps and Trusted Data Markets from scratch, even without prior knowledge of the underlying technology.
We are excited to announce our latest product — Credential Service — a hosted Software-as-a-Service (SaaS) API allowing developers to build identity solutions into their existing applications, in a few clicks. This is a landmark moment for cheqd, as it brings together a huge amount of work done across the Digital Credentials stack whilst abstracting away the complexity. As the need for a more trusted digital experience mounts, Decentralised Digital Identity becomes a stronger answer. However, much of the existing tooling remains cumbersome, time-consuming and challenging for newcomers, demonstrating the need for a secure, reliable and easy to use solution that can get a newbie up and running fast.
At its core, Credential Service is a collection of APIs for using cheqd’s identity functionality. Although the underlying tooling can be self-hosted and has been available since the end of last year, we’ve worked to convert this into a more streamlined, intuitive and accessible hosted SaaS API service; what we’re labelling as a “Credentials-as-a-Service” offering.
With these APIs, it simplifies the developer experience, helping customers build Trusted Data Markets from the ground up, with zero prior knowledge of the technology under the hood. All of cheqd’s existing open-source libraries remain available, and the Credential Service does not necessitate developers to switch their SSI stack in their entirety, but allows them to build into their existing toolings, for example alongside APIs such as the Universal Resolver.
Purpose: why now?
The SSI (Self-Sovereign Identity) industry is poised for widespread adoption, thanks to several positive shifts in the regulatory landscape. The emergence of eIDAS 2.0 represents a significant advancement in the field of digital identity and trust services. It builds upon the previous version of eIDAS to further enhance the regulatory landscape for electronic identification, authentication, and electronic signatures, allowing Verifiable Credentials to become a mechanism for establishing trust in digital interactions with a formal legal basis.
Moreover, the European Digital Identity (eID) framework has recently opted to include Electronic Ledgers as a qualified trust service within European Digital Identity ecosystems. This addition enhances data integrity, reduces reliance on centralised authorities, and paves the way for electronic ledgers such as cheqd to play a central role in the European digital identity landscape.
In order to support and complement the new Digital Identity framework, a clear goal of ours since our 2022 product vision has been to simplify the developer experience and build improved decentralized identity functionality.
For SSI to achieve its full potential, we recognize the importance of both increased revenue opportunities and a streamlined builder experience. To address both, the Credential Service has been developed to empower builders to create, verify and revoke digital credentials and decentralized identifiers in a few clicks or lines of code. It abstracts away the complexity of working with lower-level software development kits (SDKs), enabling builders to focus on leveraging the advantages offered by SSI technology. Additionally, the Credential Service will also be the easiest route to access Credential Payments / Payment Rails, cheqd first-of-a-kind feature enabling on-chain payments for off-chain trusted data, offering opportunities to make entirely new business models, which we envisage as Trusted Data Markets.
Features and benefits
The Credential Service directly leverages our Veramo SDK Plugin, making a wide array of features available from launch, including:
As we make more releases to Credential Service, we will continue to add more features, such as Trust Registries and Credential Payments — while also creating tiers for different users in conjunction with the feature set.
So why might you decide Credential Service is right for you? We see four keys areas Credential Service is unique:
1. Easy of use
The Credential Service is a simple to use Swagger page with well documented API guidance. Through this, builders can choose from basic parameters to create DIDs, issue Credentials or carry out other operations. The Credential Service then takes these request inputs and assembles the correct response format for the operation in the background, without the builder needing to understand how to properly format a DID Document or a Credential body. This is incredibly powerful because it hugely lowers the bar for adoption of SSI technology away from specialists and towards everyday developers. As many or as few of the APIs can be used, depending on the product requirements, making it easy to plug into existing services.
Another good example of the ease of use is the way we have simplified custody. Custodian mode enables cheqd to custody and manage keys on behalf of developers using Credential Service. This makes it easier for customers who are more new to digital identity or Web 3.0 to use the service without having to worry about key management. Through using the “custodian mode” users do not need to purchase or manage CHEQ tokens to use any identity functionality. The accounting and payments for identity operations are taken care of under the hood (since we provision the CHEQ account keys). Similarly, with this mode we’ve also made it possible for users to carry out their identity operations seamlessly and configure automated and programmatic issuance flows (since we provision the identity keys).
2. Simplified APIs
The Credential Service supports a range of APIs that make it easier to fire off requests on-chain. You give what is relevant, the Credential Service handles the rest. For example, if you’re looking to include a Credential Status in your app by making credentials revocable, the “/status-list/create” API allows you to easily create an on-ledger Status List in the format of Verifiable Credentials Status List 2021.
Or perhaps you’re interested in storing other resources needed for your application, such as Trust Registries, Visual representations for Verifiable Credentials, documents or logos. All of these can be sent to the cheqd ledger through the “/resource/create” API. Find out more about cheqd DID Linked Resources here.
3. Freedom to switch
No tool is ever going to be right forever. We strongly believe that for SSI to flourish, users need to be able to make decisions fast, without fear of being wedded to that decision forever. Therefore, with the Credential Service it’s easy to mix and match alongside SDKs. For example, you could blend the Credential Services APIs for resources, revocation and soon to be included payments alongside other SDKs already in use.
It’s also possible to self-host the Credential Service, so developers can have complete control over fundamental infrastructure, the data and where and how it is hosted, plus being able to move easily at their own will.
Third party alternatives to the Credential Service remain, in case you a concerned by vendor lock-in. We’re proud to have Walt.id’s SSI Kit and DanubeTech’s GoDiddy, both of which offer SaaS APIs for interacting with DIDs and Credentials on cheqd’s network.
No vendor lock-in. No problem.
4. Highly flexible & customizable
Offering a solution which empowers the user was a primary requirement in our development. We want to both make it easy to use, but also give freedom to customise and take more control of key security aspects. For this reason we developed two modes; custodian mode and client-managed mode.
Custodian mode enables cheqd to custody and manage keys on behalf of the Credential Service user. This makes it easier for customers who are more new to digital identity or Web 3.0 to use the service without having to worry about key management. Within Custodian mode, we store the users’ identity and CHEQ account keys in a secure database (Veramo Key Management Store) using encryption. We use similar techniques to Password Managers such as 1Password and Bitwarden to ensure that even if the database were to be compromised, the keys would remain encrypted and unusable.
Client-managed mode gives the Credential Service user the ability to utilise their own identity keys for signing identity transactions, while still allowing the Credential Service to manage the CHEQ account keys for writing to the cheqd network. This mode is intended to be used for more production environments where the user signs each identity transaction independently, affording a greater level of security and control to the client.
Additionally, Credential Service is using the “DID Registrar” / “Universal Registrar” making it easy to expand the reach of developers applications to other networks (beyond cheqd). The Universal Registrar is an open source application created by the Decentralized Identity Foundation (DIF) which aims to make it far easier to create, update and deactivate Decentralized Identifiers (DIDs) across a range of DID Methods without full integration. Learn more about the DID Registrar here.
Lower level SDKs are not going anywhere!
Needless to say, although the Credential Service SaaS offering provides an out of the box, pluggable experience for developers, we continue to offer all of our existing lower level SDKs for advanced developers who want even more customizability, so they choose a software stack that suits their needs. You can find a comparison of these, plus the image below, in our in our identity documentation (including the image below).
With a partnership network of over 45 SSI vendors, we are always eager to cater to their needs and aspirations. Continuing to improve ease of utilising the cheqd network has been a primary goal of ours since we launched, so the Credential Service is another step in the right direction for overall adoption.
We believe this release, in parallel to the strides being made towards Credential Payment Rails, will match up to a perfect storm for the cheqd Network, our partners, and ultimately the broader SSI industry as a whole, as we cement our firm belief in the need for customisable commercial models for credentials as a means of helping SSI reach more individuals, enabling them to take control of their data.
We’re also set on enabling non-SSI native companies to start to build Credentials into their business flows, and are excited to support and witness how Credential Service will help other big organisations issue Verifiable Credentials in an easier and faster way.
For more information visit our Credential Service documentation available here. Please also feel free to reach out directly to the product team to request a demo and have a more in-depth technical discussion to help you get started — [email protected].