LogoLogo
  • Platform Overview
  • 🗺️Guides
    • Getting Started
    • Users
      • Integrate the User SDK
      • Registration
      • Authentication
      • SDK Releases
      • API Reference
    • Entitlements
      • Administrative API
        • Integrating the Administrative API
        • Entitlement Definitions
        • Managing Entitlements Sets
        • Managing Entitlements Sequences
        • Managing User Entitlements
        • API Schema
      • End-user API
        • Integrate the Entitlements SDK
        • Redeeming Entitlements
        • Retrieving Entitlements
        • SDK Releases
        • API Reference
    • Sudos
      • Integrate the Sudo Profiles SDK
      • Sudo Entitlements
      • Manage Sudos
      • SDK Releases
      • API Reference
    • Telephony
      • Integrate the Telephony SDK
      • Manage Phone Numbers
      • Text Messaging
      • Voice Calling
      • Telephony Simulator
      • SDK Releases
      • API Reference
    • Email
      • Integrate the Email SDK
      • Email Entitlements
      • Manage Email Addresses
      • Sending & Receiving Email
      • Manage Email Folders
      • Draft Email Messages
      • Manage Email Address Blocklists
      • Email Address Public Information
      • Pagination
      • Caching
      • Configuration Data
      • Email Notifications
      • SDK Releases
      • API Reference
    • Decentralized Identity
      • Edge Agent
        • Relay SDK
          • Integrate the Relay SDK
          • Relay Entitlements
          • Manage Relay Postboxes
          • Manage Relay Messages
          • Receiving Messages
          • SDK Releases
        • Edge Agent SDK
          • Integrate the Edge Agent SDK
          • Agent Management
          • Manage Wallets
          • Establishing Connections
          • Manage Connections
          • Messaging
          • Manage DIDs
          • Accepting New Credentials
          • Manage Credentials
          • Present Credentials for Verification
          • Utilize Alternative Cryptography Providers
          • SDK Releases
          • Standards and Protocols
      • Cloud Agent
        • Cloud Agent Admin API
          • Integrate the Cloud Agent Admin API
          • Aries Interop Profile (AIP)
            • Connection Exchanges
            • Credential Exchanges
            • Proof Exchanges
          • Connections
          • Basic Messages
          • Credentials
            • Anoncreds Credentials
              • Schemas
              • Credential Definitions
            • W3C Credentials
          • Audit Logs
          • API Schema
          • Error Codes
          • Standards and Protocols
    • Virtual Cards
      • Integrate the Virtual Cards SDK
      • Virtual Cards Entitlements
      • Virtual Cards Transaction Velocity Constraints
      • Key Management
      • Manage Funding Sources
      • Manage Virtual Cards
      • Manage Transactions
      • Configuration Data
      • Pagination
      • Caching
      • SDK Releases
      • API Reference
    • Virtual Cards Simulator
      • Integrate the Virtual Cards Simulator SDK
      • Simulate Authorizations
      • Simulate Debits
      • Simulate Refunds
      • Simulate Reversals
      • Merchants and Currencies
      • SDK Releases
      • API Reference
    • Virtual Private Network
      • Integrate the VPN SDK
      • VPN Entitlements
      • Manage Servers
      • Manage Connection
      • Observe VPN Related Events
      • SDK Releases
      • API Reference
      • Frequently Asked Questions
    • Secure ID Verification
      • Integrate the Secure ID Verification SDK
      • List Supported Countries
      • Verify an Identity
      • Check Secure ID Verification Status
      • Use the Secure ID Verification Simulator
      • SDK Releases
      • API Reference
    • Password Manager
      • Integrate the Password Manager SDK
      • Accessing the Password Manager
      • Managing Password Vaults
      • Managing Password Vault Items
      • Vault Import and Export
      • Password Utilities
      • Password Manager Entitlements
      • Password Vault Security
      • SDK Releases
      • API Reference
    • Ad/Tracker Blocker
      • Integrate the Ad/Tracker Blocker SDK
      • Manage Rulesets
      • Blocking Ads and Trackers
      • Manage Exceptions
      • SDK Releases
      • API Reference
    • Site Reputation
      • Integrate the Site Reputation SDK
      • Use the Site Reputation SDK
      • SDK Releases
      • API Reference
  • 💡Concepts
    • Sudo Digital Identities
  • 🧱Development
    • Versioning
  • 🏢Administration
    • Admin Console Roles
  • ❓Get Help
    • Request a Demo
    • Report an Issue
Powered by GitBook
On this page
  • Proof Exchange Roles & States
  • Role
  • State
  • Summary
  • Supported credential presentation formats
  • Request proof
  • View received proof requests
  • Accept a proof request
  • Delete a proof exchange
  1. Guides
  2. Decentralized Identity
  3. Cloud Agent
  4. Cloud Agent Admin API
  5. Aries Interop Profile (AIP)

Proof Exchanges

Manage proof exchanges, also known as presentation exchanges, using Aries protocols

A proof exchange, represented by AIPProofExchange, is an encapsulation of the cloud agent's progress in either sending or receiving a credential presentation over an established DIDComm connection.

Proof Exchange Roles & States

An AIPProofExchange has a role (known as myRole) and a state associated with it.

Role

The role indicates which role the cloud agent plays in the proof exchange protocol. The role is fixed for the lifetime of the proof exchange.

Role is either:

VERIFIER or PROVER

State

The state indicates the current state of the cloud agent in the proof exchange protocol. The state transitions over time in a forward direction and cannot transition to previous states.

State transitions to success:

REQUEST -> PRESENTED -> DONE

PROPOSAL -> REQUEST -> PRESENTED -> DONE

Summary

The following table provides a description of each role and each role+state combination.

Role
State
Description

VERIFIER

The cloud agent is acting as the verifier of the credential presentation.

PROPOSAL

The connection proposed that it send a presentation to the cloud agent for verification.

REQUEST

The cloud agent sent a proof request (also known as a presentation request) to the connection. If this state was preceded by PROPOSAL, then the request may be based on the connection's proposal.

PRESENTED

The cloud agent received the presentation from the connection.

DONE

Terminal state for a successful proof exchange. The received presentation has undergone verification. Note that this state does not indicate the result of the verification. To check the verification result, see verificationResult on the AIPProofPresentation message which is embedded within the AIPProofExchange.

ABANDONED

Terminal state for an unsuccessful proof exchange. The cloud agent did not receive a presentation from the connection.

PROVER

The cloud agent is acting as the prover (also known as the holder or the presenter). The cloud agent will generate and send a verifiable presentation using one or more of its held credentials as a base.

PROPOSAL

The cloud agent proposed that it send a presentation to a connection for verification.

REQUEST

The cloud agent received a proof request (also known as a presentation request) from the connection. If this state was preceded by PROPOSAL, then the request may be based on the cloud agent's proposal.

PRESENTED

The cloud agent sent the presentation to the connection.

DONE

Terminal state for a successful proof exchange. Note that the cloud agent with the role of PROVER does not receive any indication of the verification result.

ABANDONED

Terminal state for an unsuccessful proof exchange. The cloud agent did not send a presentation to the connection.

Supported credential presentation formats

The cloud agent supports proof exchanges for both Anoncreds Verifiable Presentations and W3C Verifiable Presentations. The credential presentation format for the specific proof exchange is specified using the format nested object.

Request proof

The cloud agent creates a new AIPProofExchange with role VERIFIER and send a proof request to the specified connectionId. The format input object must be filled with the details of the presentation to request.

A referent must be included for each set of attributes requested. The referent acts as an identifier for a set of attributes, and the prover must reference it in their subsequent presentation. If more than one referent appears in the same proof request, the prover will be able to present a different credential per referent.

mutation MyMutation {
  sendAipProofRequest(
    connectionId: "001fe530-3562-41d6-a631-3df9c7ae1f38"
    request: {
      format: {
        # INSERT DETAILS OF THE PRESENTATION TO REQUEST
      }
    }
  ) {
    id
    myRole
    state
    connectionId
  }
}

If instead the cloud agent receives a proof request, a new AIPProofExchange is created with role PROVER.

View received proof requests

View proof exchanges in any state, with pagination and filtering options. Returns a nextToken which can be passed into the same query in order to fetch subsequent pages.

As an example, the filter options can be used to find received proof requests, even from a specific connection.

query MyQuery {
  aipProofExchanges(
    page: {
      nextToken: null
    }
    filter: {
      myProofExRole: PROVER
      proofExStates: [REQUEST]
      connectionIds: ["001fe530-3562-41d6-a631-3df9c7ae1f38"]
    }
  ) {
    items {
      id
      myRole
      state
      messages {
        request {
          comment
          format {
            __typename
            ... on AnoncredsProofRequest {
              attributeGroups {
                referent
                attributeNames
                restrictions {
                  schemaId
                  schemaIssuerId
                  schemaName
                  schemaVersion
                  credDefId
                  issuerId
                  attributeNames
                  attributeValues {
                    name
                    value
                  }
                  nonRevoked {
                    from
                    to
                  }
                  predicate {
                    operator
                    threshold
                  }
                }
              }
            }
            ... on W3CProofNegotiation {
              attributeGroups {
                referent
                attributes {
                  attributePaths
                  valueRestrictions {
                    dataFormat
                    pattern
                    inSet
                    notInSet
                    equal
                    notEqual
                    minLength
                    maxLength
                    lessThan
                    lessThanOrEqual
                    greaterThan
                    greaterThanOrEqual
                  }
                  isHolderSubject
                  presentationType
                }
              }
              submissionRequirementJsons
            }
          }
        }
      }
      connectionId
    }
    nextToken
  }
}

Alternatively, view a single proof exchange, referenced by its unique ID.

query MyQuery {
  aipProofExchange(
    proofExId: "44269eb7-0288-46ad-ab59-e646ad010202"
  ) {
    id
    myRole
    state
    connectionId
  }
}

Accept a proof request

mutation MyMutation {
  credentialsForAipProofExchange(
    proofExId: "44269eb7-0288-46ad-ab59-e646ad010202"
  ) {
    credentialsForReferents {
      referent
      credentialIds
    }
  }
}

The cloud agent accepts the request by generating the presentation and sending it to the connection. The input param proofExId must match the ID of an AIPProofExchange which has the PROVER role and is in the REQUEST state. Once the cloud agent with PROVER role has accepted a proof request, there is nothing left for it to do in the exchange.

mutation MyMutation {
  acceptAipProofRequest(
    proofExId: "44269eb7-0288-46ad-ab59-e646ad010202"
    presentation: {
      format: {
        # INSERT DETAILS OF THE PRESENTATION TO SEND
      }
    }
  ) {
    id
    myRole
    state
    connectionId
  }
}

Delete a proof exchange

Delete a proof exchange. This will send a "problem report" to the associated connection to inform them that the cloud agent has abandoned the proof exchange.

mutation MyMutation {
  deleteAipProofExchange(
    credExId: "44269eb7-0288-46ad-ab59-e646ad010202"
  )
}
PreviousCredential ExchangesNextConnections

Last updated 7 months ago

Before accepting the proof request, the cloud agent must select which credentials to use in the presentation. The following call can be used to quickly identify held which are valid for selection. The returned referent maps each set of credential IDs to a referent in the proof request. The array of returned credentialIds will be empty if the cloud agent does not possess any valid credential for that referent.

🗺️
credentials