🛡 VALIDIRIS

API & integration

A thin REST API over HTTPS. Issuing and revoking need your API key; verification and badges are public and unauthenticated. Base URL: https://validiris.ordinisonline.com.

1. Authentication

Send your key as Authorization: Bearer vdr_… (or X-API-Key: vdr_…). We issue the key once when we activate your organisation and store only a hash — keep it secret. Quick check that your key is live:

curl -X POST https://validiris.ordinisonline.com/credentials \
  -H "Authorization: Bearer $VALIDIRIS_KEY" \
  -H "Content-Type: application/json" \
  -d '{"holder":"connectivity test","cred_type":"<one-of-your-types>"}'

2. Issue a credential — key required

curl -X POST https://validiris.ordinisonline.com/credentials \
  -H "Authorization: Bearer $VALIDIRIS_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "holder": "Name or subject of the credential",
    "cred_type": "PublicationProof",        # must be one of your allowed types
    "claims": { "title": "Investigation X", "url": "https://…" },
    "expires_at": null                        # ISO date, or null for no expiry
  }'

# → { "ok": true, "credential": {
#       "id": 42, "status": "active",
#       "vc_jwt": "eyJhbGciOiJFZERTQS0…",     # signed W3C Verifiable Credential
#       "issued_at": "2026-…" } }

Validiris signs it (Ed25519) and records your organisation as the issuer. Keep the returned id — it's what people verify.

3. Verify a credential — public, no key

curl https://validiris.ordinisonline.com/credentials/42/verify

# → { "ok": true, "verification": {
#       "valid": true, "reason": "ok",
#       "signature_ok": true, "revoked": false, "expired": false,
#       "holder": "…", "cred_type": "PublicationProof", "issuer": "did:web:trust.pulsecore.be" } }

Human-readable page: https://validiris.ordinisonline.com/verify?id=42

4. Embeddable badge — public, no key

<a href="https://validiris.ordinisonline.com/verify?id=42">
  <img src="https://validiris.ordinisonline.com/badge/42.svg" alt="Validiris verification status">
</a>

Live SVG, cached ~5 min. Shows Validiris Verified (green), or Revoked / Not valid (red) automatically as status changes.

5. Revoke a credential — key required

curl -X POST https://validiris.ordinisonline.com/credentials/42/revoke \
  -H "Authorization: Bearer $VALIDIRIS_KEY" \
  -H "Content-Type: application/json" \
  -d '{"reason":"superseded"}'

# → { "ok": true, "revoked": true }
# verification now returns valid:false, reason:"revoked"; the badge turns red.

6. Common errors

401	Missing/invalid API key, or your issuer is suspended. Check the `Authorization` header.
403	`cred_type` is not in your approved types. Ask us to add it.
400	Missing `holder` or `cred_type`, or malformed JSON.
404	No credential with that id (verify returns `reason:"not_found"`).
429	Rate limited — slow down and retry shortly.

Every response is JSON with an ok boolean; on failure, error carries a message.

Request access →

Validiris is the trust layer of Pulse Core — an intelligence & trust system. Trust by Validiris · Intelligence by Pulse Core.
Terms · Privacy / GDPR · Trust & Verification Policy · draft, pending legal review