Skip to main content
← Back to Docs

Trust Verification Spec

TrustGraph issues signed credentials that verify anywhere. Every credential includes an Ed25519 signature, a SHA-256 inputs hash, and a public verification endpoint.

Credential Structure

{
  "@context": "https://www.w3.org/2018/credentials/v1",
  "type": [
    "VerifiableCredential",
    "TrustBadge"
  ],
  "issuer": "did:web:collectiqhq.com",
  "issuanceDate": "2026-03-28T14:22:02Z",
  "credentialSubject": {
    "id": "did:web:collectiqhq.com:workspace:ws_abc123",
    "trustScore": 87,
    "tier": "Gold",
    "signals": {
      "responseRate": 0.96,
      "fulfillmentRate": 0.94,
      "disputes": 0
    }
  },
  "proof": {
    "type": "Ed25519Signature2020",
    "verificationMethod": "https://collectiqhq.com/api/v1/trust/public-key#key-ed25519-001",
    "inputsHash": "sha256:a3f8b2c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0"
  }
}

Verification Flow

  1. Retrieve the public key from the verificationMethod URL
  2. Recompute the SHA-256 hash of the credential inputs
  3. Verify the Ed25519 signature against the public key and hash
  4. Check issuance date is within the 90-day validity window

Public Endpoint

GET /api/v1/trust/verify/:credentialId

Response:
{
  "valid": true,
  "issuer": "did:web:collectiqhq.com",
  "subject": "ws_abc123",
  "trustScore": 87,
  "tier": "Gold",
  "issuedAt": "2026-03-28T14:22:02Z",
  "expiresAt": "2026-06-26T14:22:02Z"
}