04 — Credentials

What can a credential prove?

W3C Verifiable Credentials are the payload that DIDs carry. A credential proves something about its subject — KYB status, Travel Rule compliance, agent authorization, or issuer licensing — without revealing more than necessary.

Anatomy — Verifiable Credential Structure

Every Verifiable Credential has the same core anatomy: an issuer DID, a subject, a type, temporal bounds, a cryptographic proof, and a revocation status reference.

issuerThe DID of the entity that issued thcredentialSubjectThe entity the credential is abouttypeCredential type: KYBVerification, TrproofCryptographic proof (Ed25519SignaturcredentialStatusRevocation registry referencevalidFrom / validUntilTemporal validity boundsVerifiableCredentialissuer: did:subject: {..type: [...]proof: {...}status: {...valid: 2026.Hover a field to highlight its annotation and connection to the credential

Interactive Demo — Credential Inspector

Select a sample credential or paste your own JSON. The inspector parses, annotates, and color-codes each field by its compliance domain.

Raw Credential JSON

{
  "@context": [
    "https://www.w3.org/ns/credentials/v2"
  ],
  "type": [
    "VerifiableCredential",
    "KYBVerification"
  ],
  "issuer": "did:web:compliance-provider.com",
  "validFrom": "2026-01-15T00:00:00Z",
  "validUntil": "2027-01-15T00:00:00Z",
  "credentialSubject": {
    "id": "did:web:alpha-exchange.com",
    "legalName": "Alpha Exchange Inc.",
    "jurisdiction": "US-DE",
    "registrationNumber": "7891234",
    "businessType": "Money Services Business",
    "riskRating": "LOW"
  },
  "credentialStatus": {
    "type": "BitstringStatusListEntry",
    "statusListCredential": "https://compliance-provider.com/status/3",
    "statusListIndex": "94567",
    "statusPurpose": "revocation"
  },
  "proof": {
    "type": "DataIntegrityProof",
    "cryptosuite": "eddsa-rdfc-2022",
    "verificationMethod": "did:web:compliance-provider.com#key-1",
    "proofPurpose": "assertionMethod"
  }
}

Field Annotations

issuer
The DID of the entity that issued this credential
✓ Valid
did:web:compliance-provider.com
type
Credential type(s) describing what this credential proves
✓ Valid
["VerifiableCredential","KYBVerification"]
validFrom
Credential becomes valid at this timestamp
✓ Valid
2026-01-15T00:00:00Z
validUntil
Credential expires at this timestamp
✓ Valid
2027-01-15T00:00:00Z
credentialStatus
Reference to a revocation status list for this credential
✓ Valid
{
  "type": "BitstringStatusListEntry",
  "statusListCredential": "https://compliance-provider.com/status/3",
  "statusListIndex": "94567",
  "statusPurpose": "revocation"
}
credentialSubject
The subject about which claims are made
✓ Valid
{
  "id": "did:web:alpha-exchange.com",
  "legalName": "Alpha Exchange Inc.",
  "jurisdiction": "US-DE",
  "registrationNumber": "7891234",
  "businessType": "Money Services Business",
  "riskRating": "LOW"
}
proof
Cryptographic proof verifying the credential was issued by the issuer
✓ Valid
{
  "type": "DataIntegrityProof",
  "cryptosuite": "eddsa-rdfc-2022",
  "verificationMethod": "did:web:compliance-provider.com#key-1",
  "proofPurpose": "assertionMethod"
}

Credentials in the Stablecoin Stack

Verifiable Credentials sit at L4 in the identity stack — above the DID layer (L3) and below the application layer (L5). They are the bridge between cryptographic identity and human-readable compliance claims.

In the stablecoin context, credentials enable selective disclosure: a VASP can prove it's licensed without revealing its full registration details. An AI agent can prove it's authorized by a specific principal without exposing private keys.