Mint Attestation

POSThttps://sandbox-api.truthlocks.com/v1/attestations/mintAuth required

Creates a new cryptographically signed attestation. The attestation is signed using the specified issuer key and recorded in the transparency log with a unique log index for auditability. Supports JSON claims, documents (PDF), images (PNG, JPEG, WebP, TIFF), and video/audio files up to 50 MB. For document integrity verification, you can pass the SHA-256 hash via the document_hash field or embed it in claims.document.sha256 within the payload. If neither is provided, the system auto-computes a hash of the payload bytes. This stored hash allows verifiers to confirm the original document has not been altered.

Header Parameters

Idempotency-Keystringrequired

Ensures safe retries in case of network failures

Defaults to key_7y8i2p_abc

Body Parameters

issuer_idstringrequired

The UUID of the issuer creating the attestation

Defaults to 550e8400-e29b-41d4-a716-446655440000

kidstringrequired

Key identifier for the signing key

Defaults to ed-key-1

algstringrequired

Cryptographic algorithm used for signing

Defaults to Ed25519

schemastringrequired

Credential schema type (e.g. verifiable-id, passport, degree, aml-kyc). See full list below.

Defaults to verifiable-id

claimsobjectrequired

The structured claims for this credential. Fields depend on the selected schema. See schema catalogue below.

Defaults to { "full_name": "", "employee_id": "", "department": "", "title": "", "start_date": "" }

recipient_emailstring

Email address of the credential recipient. When provided, the platform sends a notification email with a link to view the attestation on the consumer portal (verify.truthlocks.com). If the recipient does not have a consumer portal account, they receive an invitation to sign up. This enables B2C credential delivery workflows.

document_hashstring

Hex-encoded SHA-256 hash of the document or file being attested. Used for document integrity verification — verifiers can recompute the hash of the original file and compare it against this stored value. If omitted, the system checks for claims.document.sha256 in the payload, and if that is also absent, auto-computes the SHA-256 of the raw payload bytes. For best results, compute the hash client-side before base64url-encoding the payload.

pack_idstring

UUID of the verification pack to link this attestation to. The pack must be in 'active' status. When provided, the pack's verifications_count is automatically incremented. Use this to organize attestations by verification program and track analytics per pack.

content_typestring

MIME type of the payload. Supported: application/json (default), application/pdf, image/png, image/jpeg, image/webp, image/tiff, video/mp4, video/webm, audio/mpeg, audio/wav, application/octet-stream. Max payload size: 50 MB.

Defaults to application/json

Responses

{
  "id": "660e8400-e29b-41d4-a716-446655440001",
  "issuer_id": "550e8400-e29b-41d4-a716-446655440000",
  "kid": "ed-key-1",
  "schema": "verifiable-id",
  "status": "VALID",
  "claims": {
    "full_name": "Jane Doe",
    "employee_id": "EMP-2024-001",
    "department": "Engineering",
    "title": "Senior Developer",
    "start_date": "2024-01-15"
  },
  "signature": "U2lnbmF0dXJl...",
  "log_index": 1056,
  "created_at": "2026-02-18T19:00:00Z"
}

Credential Schema Catalogue

The schema parameter determines the credential type and the expected claims JSON structure. Select a schema below to see its claims template and automatically update the request body in the code panel.

Identity

claims JSON for verifiable-id

{
  "full_name": "",
  "employee_id": "",
  "department": "",
  "title": "",
  "start_date": ""
}

All Available Schemas

Schema ID	Name	Category	Claim Fields
`verifiable-id`	Verifiable ID	Identity	full_name, employee_id, department, title, start_date
`passport`	Passport	Identity	full_name, nationality, passport_number, date_of_birth, expiry_date, issuing_country
`drivers-license`	Driver's License	Identity	full_name, license_number, state, class, expiry_date, date_of_birth
`government-id`	Government ID	Identity	full_name, id_number, id_type, issuing_authority, country, expiry_date
`self-sovereign-id`	Self-Sovereign ID	Identity	did, display_name, created_at
`employment-verification`	Employment Verification	Employment	employee_name, employer, position, department, employment_type, start_date, end_date
`professional-role`	Professional Role	Employment	full_name, title, organization, department, effective_date
`membership-card`	Membership Card	Employment	member_name, organization, membership_id, tier, valid_from, valid_to
`professional-certification`	Professional Certification	Employment	holder_name, certification_name, issuing_body, certification_id, issued_date, expiry_date
`license`	License	Employment	holder_name, license_type, license_number, issuing_authority, jurisdiction, issued_date, expiry_date
`accreditation`	Accreditation	Employment	entity_name, accreditation_body, standard, scope, valid_from, valid_to
`degree`	Degree	Education	student_name, institution, degree_type, field_of_study, graduation_date, honors
`completion-cert`	Completion Certificate	Education	participant_name, program_name, institution, completion_date, hours
`course-credit`	Course Credit	Education	student_name, course_name, institution, credits, grade, semester
`transcript`	Transcript	Education	student_name, institution, program, gpa, total_credits, issue_date
`micro-credential`	Micro-Credential	Education	earner_name, credential_name, issuer, skills, earned_date
`training-completion`	Training Completion	Education	trainee_name, training_program, provider, completion_date, score, certificate_id
`medical-license`	Medical License	Healthcare	practitioner_name, license_number, specialty, state, issued_date, expiry_date
`dea-registration`	DEA Registration	Healthcare	registrant_name, dea_number, schedules, business_activity, expiry_date
`board-certification`	Board Certification	Healthcare	physician_name, board, specialty, certification_date, expiry_date
`health-credential`	Health Credential	Healthcare	patient_name, credential_type, provider, date, details
`vaccination-record`	Vaccination Record	Healthcare	patient_name, vaccine_name, manufacturer, lot_number, date_administered, dose_number, site
`aml-kyc`	AML/KYC Check	Compliance	entity_name, check_type, result, risk_level, verified_by, verified_at
`security-clearance`	Security Clearance	Compliance	holder_name, clearance_level, granting_agency, granted_date, expiry_date
`sam-gov`	SAM.gov Registration	Compliance	entity_name, cage_code, uei, registration_status, expiry_date
`jurisdiction-approval`	Jurisdiction Approval	Compliance	entity_name, jurisdiction, approval_type, approved_date, conditions
`attestation-of-will`	Attestation of Will	Compliance	declarant_name, declaration, witness, date
`bank-verification`	Bank Verification	Financial	account_holder, bank_name, account_type, routing_number_last4, verified_date
`credit-attestation`	Credit Attestation	Financial	entity_name, credit_score_range, reporting_agency, assessment_date
`income-verification`	Income Verification	Financial	individual_name, employer, annual_income_range, verification_date, tax_year
`skill-badge`	Skill Badge	Skills & Training	earner_name, skill_name, proficiency_level, assessed_by, earned_date
`competency`	Competency Attestation	Skills & Training	individual_name, competency, level, assessor, assessment_date
`industry-cert`	Industry Certification	Skills & Training	holder_name, certification, issuing_body, cert_id, issued_date, expiry_date
`product-authenticity`	Product Authenticity	Supply Chain	product_name, sku, serial_number, manufacturer, manufactured_date, origin_country
`chain-of-custody`	Chain of Custody	Supply Chain	item_description, from_entity, to_entity, transfer_date, location, condition
`origin-verification`	Origin Verification	Supply Chain	product_name, origin_country, origin_region, certifying_body, verified_date
`custom`	Custom	Other	subject, type, details
`attestation`	Generic Attestation	Other	subject, claim, evidence

Supported Content Payloads

Attestations can be minted for any file type. Set the content_type parameter to match your payload. For file-based attestations, compute the SHA-256 hash of the original file and include it in the claims for integrity verification.

Maximum payload size: 50 MB. The base64url-encoded payload (payload_b64url) must not exceed 50 MB after encoding. For larger files, consider splitting or compressing before minting.

MIME Type	Extension	Category	Description
`application/pdf`	.pdf	Documents	PDF documents, contracts, reports, invoices
`application/json`	.json	Documents	Structured JSON claims (default)
`image/png`	.png	Images	PNG images, screenshots, scanned documents
`image/jpeg`	.jpg/.jpeg	Images	JPEG photos, ID scans, certificates
`image/webp`	.webp	Images	WebP images
`image/tiff`	.tiff	Images	TIFF images, high-resolution scans
`video/mp4`	.mp4	Video	MP4 video recordings, depositions, evidence
`video/webm`	.webm	Video	WebM video files
`audio/mpeg`	.mp3	Audio	MP3 audio recordings, voice attestations
`audio/wav`	.wav	Audio	WAV uncompressed audio
`application/octet-stream`	any	Other	Generic binary payload for any file type

Document Attestation Example

For document/file attestations, provide the SHA-256 hash so verifiers can confirm the original file is unaltered. There are three ways the hash is stored (in priority order):

claims.document.sha256 — Embed the hash inside the payload JSON (used by the console GUI).
document_hash — Pass the hex-encoded SHA-256 as a top-level request field (recommended for API users).
Auto-computed — If neither is provided, the system computes SHA-256 of the raw payload bytes automatically.

claims JSON for document attestation

{
  "document": {
    "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
    "name": "contract-v2.pdf",
    "size": 245780,
    "content_type": "application/pdf"
  },
  "subject": "Employment Contract",
  "signer": "Jane Doe",
  "signed_date": "2026-03-01"
}

Consumer Portal Email Delivery

Use the optional recipient_email parameter to deliver credentials directly to end-users via email. This powers B2C credential delivery workflows where issuers mint attestations on behalf of individuals.

How it works

Issuer mints with recipient_email

Include the recipient's email address in the mint request body.

Platform checks consumer account

The system looks up the email in the consumer portal database.

Existing user → Inbox notification

If the recipient already has an account, the attestation appears in their inbox and they receive an email notification with a direct link.

New user → Signup invitation

If no account exists, the recipient receives an email inviting them to create a free consumer portal account. The attestation is held pending and delivered upon signup.

Recipient views & verifies

The recipient can view, download, and share their verified credential from verify.truthlocks.com.

Example: Email Credential Delivery

POST /v1/attestations/mint

{
  "issuer_id": "550e8400-e29b-41d4-a716-446655440000",
  "kid": "ed-key-1",
  "alg": "Ed25519",
  "schema": "degree",
  "recipient_email": "jane.doe@example.com",
  "claims": {
    "student_name": "Jane Doe",
    "institution": "State University",
    "degree_type": "Bachelor of Science",
    "field_of_study": "Computer Science",
    "graduation_date": "2026-05-15",
    "honors": "Magna Cum Laude"
  }
}

Note: The recipient_email field is optional. If omitted, the attestation is created normally without email delivery. The issuer can still share the attestation link manually or via their own notification system.

POST/v1/attestations/mint

Language

CredentialsHEADER

Authorization

cURL Request

Examples ▾

curl --request POST \
  --url https://sandbox-api.truthlocks.com/v1/attestations/mint \
  --header 'accept: application/json' \
  --header 'content-type: application/json' \
  --data '{
  "issuer_id": "550e8400-e29b-41d4-a716-446655440000",
  "kid": "ed-key-1",
  "alg": "Ed25519",
  "schema": "verifiable-id",
  "claims": "{\n  \"full_name\": \"\",\n  \"employee_id\": \"\",\n  \"department\": \"\",\n  \"title\": \"\",\n  \"start_date\": \"\"\n}",
  "content_type": "application/json"
}'

Response

Click Try It! to send a real request, or view sample responses: