Decentralized Identity
Reusable KYC Credentials
Issue portable, verifiable KYC credentials that users store in their wallet and share across organizations — eliminating redundant verification.
POST
Reusable KYC lets a user verify their identity once and reuse the result everywhere. After an approved verification, you issue a portable credential that the user stores in the Verilock Wallet app. When another organization needs to verify them, they present the credential instead of redoing the entire KYC flow.
Impact: Onboarding on the 2nd and 3rd service drops from 5 minutes to under 10 seconds. Conversion rate increases by 30%.
Impact: Sellers activate on partner platforms in seconds. Reduces seller onboarding friction and increases supply-side growth.
Impact: Age verification only happens once. Every subsequent purchase is frictionless and free (verify calls are free).
Impact: Contractors start work on day 1 without delays. Client companies save $2-5 per contractor on redundant verification.
Retrieve credential details (only accessible by the issuing organization).
Verify a credential token and retrieve the shared identity data. This endpoint can be called by any organization with a valid API key.
Possible
Permanently revoke a credential. Only the issuing organization can revoke.
This page covers the lightweight token-based credential system. For W3C-standard Verifiable Credentials with selective disclosure and DID-based verification, see Verifiable Credentials.
Why Reusable KYC?
| Traditional KYC | With Reusable Credentials |
|---|---|
| User re-verifies for every service | Verify once, reuse across organizations |
| 3-5 min onboarding flow each time | Credential check in under 2 seconds |
| $1-3 per verification, per service | Issue once ($0.10), verify unlimited (free) |
| High drop-off at repeated KYC steps | Frictionless onboarding, higher conversion |
| Full PII collected by every provider | Only shared fields are disclosed |
How It Works
User completes KYC
The user goes through the standard Verilock verification flow (document upload, liveness check, AML screening) and receives an approved decision.
You issue a credential
Your backend calls
POST /v1/credentials with the approved session ID and the fields you want to include. Verilock returns a portable token.User stores in wallet
The credential appears in the user’s Verilock Wallet app (iOS & Android). The wallet stores the token locally, encrypted and PIN-protected.
User presents credential
When another organization requests KYC, the user opens their wallet, scans a QR code, reviews the fields being shared, and consents to disclosure.
The Verilock Wallet
The Verilock Wallet is a mobile app (iOS & Android) that gives users full control over their identity credentials.Key Features
- Encrypted local storage — credentials are stored on-device with AES-256 encryption, protected by a 6-digit PIN and optional biometrics (Face ID / fingerprint)
- Consent-based sharing — users review exactly which fields are being requested and approve or deny each disclosure
- QR code presentation — scan a verifier’s QR code to initiate a credential presentation, no manual token copy-paste
- Offline signature verification — the wallet verifies credential signatures locally using Ed25519, even without an internet connection
- Revocation checks — the wallet periodically checks credential status and flags any revoked or expired credentials
- Backup & restore — encrypted backup to recover credentials on a new device
- Multi-credential support — users can hold credentials from multiple organizations and choose which one to present
Use Cases
1. Multi-Service Fintech Ecosystem
A fintech group operates a neobank, an investment platform, and an insurance product. A user verifies once on the neobank and reuses the credential for the other two services.2. Marketplace Seller Verification
An e-commerce marketplace verifies sellers at sign-up. When a seller also wants to sell on a partner marketplace, they present the same credential instead of uploading documents again.3. Age-Restricted Purchases (Alcohol, Tobacco, Gaming)
An online retailer verifies age at account creation and issues a lightweight credential. On every subsequent purchase, the credential is checked — no repeated age verification.4. Recurring Contractor Onboarding (Gig Economy)
A staffing agency verifies contractor identity once. When contractors are placed at different client companies, the client verifies the credential instead of running a separate background check.5. Multi-Jurisdiction Compliance (EU ↔ UK)
A payment processor operating across the EU and UK verifies users once and issues credentials scoped to each jurisdiction’s requirements.API Reference
Create Credential
The ID of an approved verification session.
Fields to include. Default:
["full_name", "date_of_birth", "document_type", "nationality"].Available: full_name, first_name, last_name, date_of_birth, nationality, document_type, document_number, expiry_date, address, gender.Validity in days (1–365). Default:
365.Get Credential
Verify Credential
The 64-character credential token.
reason values: not_found, expired, revoked.
Revoke Credential
Pricing
| Operation | Cost |
|---|---|
| Issue credential | $0.10 |
| Verify credential | Free (unlimited) |
| Revoke credential | Free |
Going Further
W3C Verifiable Credentials
Need selective disclosure and DID-based verification? Issue W3C-standard credentials that are interoperable with any conforming wallet or verifier.
Zero-Knowledge Proofs
Prove claims like “over 18” or “AML clear” without revealing any personal data. Maximum privacy for sensitive use cases.

