Getting Started

Introduction

Welcome to Trinsic. We make it easy to implement Self-sovereign Identity (SSI) based on Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs), a new digital identity standard. Our software is based on the open-source Hyperledger Aries project, to which we are a primary contributor.

Together with proper governance, SSI enables for the first time Trust over the IP stack (ToIP). Once trust can effectively be conveyed over IP, a tremendous number of opportunities arise in every industry vertical imaginable. We build the tools to help you capitalize on this opportunity.

Want to get started with SSI in 5 minutes? Try our tutorial to get a conceptual walkthrough of a common use case using the Trinsic Studio.

If you'd rather start by working directly with our API, continue below.

Set up your Trinsic account

The first step to Trinsic is to set up an account. The Trinsic Studio is the central location for all our SSI resources.

Navigate to https://studio.trinsic.id and create an account. (Stay tuned for authentication that's more idiomatic to SSI.)

Once you create an account you can register an organization, access your keys, manage your agency, and upgrade your subscription.

Demos and Examples

A few teams have used Trinsic to build demos to showcase the concepts of verifiable credentials in the context of their use case.

  • Verify your healthcare information to get a prescription with the Meta Digital demo
  • Become licensed as a Real Estate professional to log into industry services with the Merged RE Demo
  • To look at an example NodeJS project, check out our Business Card Demo

If you've built a demo with our API and want it showcased here, contact us.

Using the Trinsic Studio

Understanding your agency

An Agent is a software program that controls wallets, keys, credentials, and other information on your behalf. In order to use Trinsic in any capacity, whether as an organization issuing credentials or a person storing credentials, you'll need an agent.

In Trinsic, your Agency is the set of agents that you control. Your Trinsic account enables you to create as many agents as you'd like. We call institutional/enterprise agents (capable of issuing and verifying credentials 'Organizations'.

Register an organization

'Organization' is the term we use for an institutional/enterprise agent with the capability to issue and verify credentials.

To create an organization, log in to the Trinsic Studio and click the "+ Organization" button. Give your organization a name (will be visible to other agents you interact with), a logo (optional - a stock photo will be generated if you don't provide a logo), and select the network the agent will be configured to. An organization can only be configured to one network. Some networks are only available on paid subscriptions.

When you create an organization, the following things occur:

  • A cloud agent spins up on our enterprise-grade cloud infrastructure in a dedicated tenant
  • A public DID and Verkey are written to the network you specify
  • A wallet is created for your organization
  • A unique endpoint is created specifically for your agent

A UI element will be created on your screen for the organization you've created. It will display the name, image, and network you specified during the creation step. Click on that element to begin issuing credentials, get API keys, and more.

All actions you take through the Trinsic Studio and the Agency API are scoped to an organization.

Manage your account

From the Trinsic Studio dashboard, you'll see a graph of your DIDComm usage and a breakdown of your billing information.

Trinsic charges a low, usage-based fee for the services we provide. We measure your usage based on incoming and outgoing DIDComm, which is the protocol by which two or more SSI agents communicate. Every action our tools enable, whether it be creating secure connections or verifying a proof presentation, uses some number of DIDComm. You can read more about DIDComm and our pricing model, as well as available plans, here. Here are some resources to get started.

Use an Identity Wallet to Manage Credentials

There are several ways to get started with an Identity Wallet.

  1. Install the Trinsic Mobile Wallet
  • Released on the Apple App store and Google Play Store, our identity wallet has been created to help increase the adoption of Self-Sovereign Identity across the world. Our mobile wallet is build with the latest open source protocols and is used by several hundred people on a monthly basis.
  1. Use the Custodian API to create Cloud Wallets
  • Our Custodian Wallets guide is the best place to begin learning how to use the API to create cloud hosted wallets. You can integrate this API with a desktop or mobile application.
  1. Build Your Own Mobile Wallet
  • We have created a paid offering which includes a mobile starter kit and developer training program that can jumpstart your efforts to build a mobile wallet. Drop us a line if you are interested in this direction.
  1. Use the Open Source Options
  • You can build a mobile app from scratch using our open source SDK
  • An example mobile app built using our open source SDK is OSMA.

Consuming the API

Accessing your API keys in the Trinsic Studio

Before you can get API keys, you'll need to create an organization by clicking the "+ Organization" button. For more information about Organizations in Trinsic, see "Using the Trinsic Studio" above.

  1. Navigate to your Trinsic Studio dashboard
  2. Find the organization that you'd like to access the API
  3. Click on the organization card
  4. Next to your organization's logo, you'll see the API keys
  5. Click on the key to copy it to your clipboard

These keys are secrets used for access control to the API. Do not share the keys with anyone else and always make sure they are stored securely. Both keys are required in the header to make calls to the API.

Authentication

All API requests must be made over HTTPS to succeed. Requests made to the API are protected with OAuth 2.0 Bearer authentication. In order to authenticate properly, you must include both of the correctly formatted secrets listed above in the headers. Requests that are not properly authenticated will return a 401 error code.

How to Consume the API

Our API is accessed completely through RESTful services. There are few options to consume the API that we'll describe here.

  • Pre-built packages for
    • .NET Core via Nuget
    • Nodejs via NPM
  • Custom REST invocation
  • Playground using Swagger UI

Before you begin, please take note of the secrets you created in the Trinsic Studio. For more information, see "Accessing your API keys in the Trinsic Studio" above.

  • Access Token
  • Subscription Key

If using the playground using Swagger UI you will need to click on the Authorize button or any one of the open lock icons to add your Access Token and Subscription Key.

Get Started in your language of choice

Nuget and ASP.NET Core

Add a package reference to your project View our C# sample on Github

Install-Package Streetcred.ServiceClients
NPM and Nodejs

View our Nodejs sample on Github

npm install @streetcred.id/service-clients

Call the REST API directly

To call the REST API directly, add the Access Token and Subscription Token to each call in the request headers.

HeaderValueDescription
X-Streetcred-Subscription-Key<subscription key>Found in the Trinsic Studio in the organization details
AuthorizationBearer <access token>Found in the Trinsic Studio in the organization details
Python

We have just started offering support for python. Contact us at [email protected] if you want more information.

Versioning

When backwards-incompatible changes are made to the API, a new version is released. You will only need to specify a version if you would like to test a newer version of the API without doing a full upgrade. See our API Changelog for a full list of breaking changes.

Errors

Trinsic uses RESTful HTTP response codes to indicate the result of each API request. Each endpoint has documented error codes if specific numbers mean something unique. In general 2xx indicates success, 4xx indicates an input error, and 5xx indicates an error on Trinsic's end. If a 5xx error occurs, please let us know and we'll fix it.

Webhooks

Webhooks are an easy way to get notified of events and interactions that happen with your organizations. For example, when a user sends a credential request to one of your organizations, an event object of type credential_request will be created. If you have a registered Notification Webhook then that event will be sent to the saved endpoint.

You can view and create webhooks on the Trinsic Studio. See our page on webhooks for more details on how to integrate and a full list of webhook events.