We are excited to launch the world’s first product built specifically for self-sovereign identity (SSI) providers. Beta testers of the Provider API call it “a game-changer for companies building SSI solutions.” It’s a turnkey way for companies to programmatically create and manage credential issuers/verifiers (which we’ll call “organizations” — they’re also known as “cloud agents”¹). Through this important release, Trinsic became the first decentralized identity provider to open up its platform to any company wishing to provide SSI solutions.
Story of the Provider API
Vendors in the decentralized identity space, including Trinsic, have historically focused on credential issuers, holders, and verifiers² (see image below). And that worked well, as long as the verifier could trust the issuer of the credential.
But trusting the issuer shouldn’t be taken for granted. In early SSI initiatives, the verifiers knew who the issuers were, and visa-versa. But in order to scale this model, trust gets more complex. Suppose there are 10,000 issuers of the credential that you’d like to verify. How will you manage to maintain a relationship, and therefore trust, with each of them?
This problem is solved by scalable governance and innovative SSI providers. The Trust over IP Foundation was formed (and Trinsic joined as a founding member) to create scalable governance. Trinsic’s Provider API solves the other half of the equation; enabling providers of trust solutions with the world’s most scalable SSI platform.
“The largest trust networks in the world work in exactly this way,”³ and a perfect case study is illustrated in the primer deck for the Trust over IP Foundation: payments networks. As you can see in the image below, merchants don’t need to trust the issuing banks, they trust a credit card provider like Mastercard. Mastercard builds out a platform, provides governance, and ensures the system can be trusted. With the Trust over IP governance stack and the Trinsic platform (complete with the new Provider API), this trust model can be generalized and scaled to any industry.
We’re working with several SSI providers who are deploying verifiable credential solutions into various markets. Before we developed the Provider API, they had three options:
- Use the Trinsic Studio to create organizations manually, one-by-one. This was the preferred option but still was not as powerful or flexible as it should be.
- Use open source reference Aries agents to create organizations one-by-one. These reference codebases are extremely useful for learning the protocols or playing around with one or two organizations. But to scale to hundreds or thousands of verifiers, for example, requires a herculean development effort fraught with scaling, security, and cost-related obstacles. (Trust us, we’ve been there!)
- Use another vendor with similarly clunky or manual processes.
Now, with the Provider API in hand, these SSI providers can create organizations programmatically as a part of their application or workflow. Last week, one of our beta testers created 13,000 verifiers for their client with a single script!
We can’t wait to see how you use the Trinsic platform, including the new Provider API. To get your creative juices flowing, see how the Provider API has been used over the last few months by our beta testers.
- Build a platform: With the Provider API in hand, you have everything you need to build your own SSI platform. In fact, you could build a product exactly like Trinsic Studio if you want to — all the functionality we expose in the Studio is now accessible through our APIs.
- Tackle a market: With the Provider API, you can focus on building a solution for a specific market like governments, health care institutions, financial services, etc. You’ll never need to redirect your customers to create a Trinsic account or ask them to install special software.
- Provide SSI internally: The Provider API enables enterprises to make individual departments, branches, and/or locations into issuers. For example, a university could create a credential issuer for their Registrar’s Office, College of Humanities, and Tuition and Loans Office. Or a franchiser could create a credential verifier point-of-sale system for each of its franchisees.
- Create an ecosystem: If you’re creating an ecosystem for a specific geography, industry, or cause, you can easily equip each participant with the ability to issue and verify credentials.
The world’s most advanced SSI platform
With the addition of the Provider API, Trinsic now has three turnkey APIs that give you the tools you need to build a successful SSI solution. These APIs were built with feedback from scores of developers to make them easy to use and are architected with security and scalability top-of-mind.
The Provider API creates and manages organizations. Organizations can do two things:
- Use the Credentials API (formerly Agency API) to issue, verify, revoke, and manage verifiable credentials. This API also enables secure communications via DIDComm-based connections and messaging.
- Use the Wallet API (formerly Custodian API) to create and manage secure cloud wallets that they control on behalf of holders.
Trinsic’s products are designed to be accessible, so the Credential API and Wallet API are free to integrate. The Provider API is a paid feature. First, navigate to the Trinsic Studio and make sure you’re subscribed to a paid plan. Then simply navigate to the upper-right-hand account button and select “Provider Key.” The token you generate will enable you to authenticate to the API. See the video below for step-by-step instructions on how to get started.
The best demonstration of the powerful API platform we support is the Trinsic Studio, which is built entirely on our own platform, including the Provider API. The Studio provides a simple way to get started with SSI without a single line of code and to access API keys and manage billing and analytics for your plan.
At Trinsic, we believe that a host of valuable companies will be built upon the Trust over IP stack. We hope companies intending on providing SSI solutions to your respective industries will find value in our platform, including the Provider API, and help us make the world a safer, more accessible place through SSI.
- For the sake of simplicity, we refer to credential issuers and verifiers as “organizations” throughout our core products (Trinsic Studio and Trinsic Wallet). For folks familiar with technical terminology, “enterprise agents” or “institutional agents” are other synonymous term since credential issuers and verifiers control wallets, keys, credentials, and other information on your behalf. For more definitions, refer to Trinsic’s terminology in our documentation.
- Issuers, holders, and verifiers are the roles defined in the W3C Verifiable Credential spec.
- Quote from Drummond Reed in a webinar hosted by Northern Block