Identity / Names·cheqd · EVM (via bridges) · Off-chain
Dock (Truvera)
Dock — operating as Truvera since the 2024 rebrand — is a verifiable-credentials platform built on the cheqd network and the W3C VC Data Model. It provides a no-code dashboard, hosted REST API, and an open-source Credential SDK to issue, verify, revoke, and present DIDs and ZK / BBS+ credentials. Strong fit for enterprises issuing reusable digital IDs with biometrics + selective disclosure.
- 01enterprise verifiable credentials issuance
- 02reusable KYC / KYB across partners
- 03biometric-bound digital IDs
- 04BBS+ ZK credentials with selective disclosure
- 05cheqd / did:cheqd integrations
- pnpm add @docknetwork/credential-sdk
- pnpm add @docknetwork/dock-blockchain-api
| Variable | Scope | Description |
|---|---|---|
| TRUVERA_API_KEY | Server | Truvera (Dock) hosted API key for the issuer / verifier dashboard. |
| TRUVERA_API_URL | Server | Truvera API base URL (e.g. https://api-testnet.truvera.io or production). |
| TRUVERA_ISSUER_DID | Server | Fully qualified issuer DID (e.g. did:cheqd:mainnet:...) used to sign credentials. |
Use Dock / Truvera to issue and verify W3C verifiable credentials. From a server, issue a credential via the hosted API: `POST $TRUVERA_API_URL/credentials` with `{ anchor: false, persist: true, password: '...', credential: { name, type: ['VerifiableCredential', 'KYC'], issuer: $TRUVERA_ISSUER_DID, subject: { id: holderDid, ... } } }` and header `DOCK-API-TOKEN: $TRUVERA_API_KEY`. To verify a presentation a holder sends back, `POST /credentials/verify` with the signed VC/VP — the response includes `verified: true/false` and the revocation status. For ZK selective disclosure use BBS+ credentials and request a derived presentation with only the required attributes. Self-host the Credential SDK (`createDID`, `signCredential`, `verifyCredential`) when you don't want to depend on the hosted API.
- ⚑Branding churn: Dock's product is now 'Truvera' and the chain layer migrated from Dock's own substrate chain to cheqd. Older `@docknetwork/sdk` packages target the legacy chain and are deprecated — use `@docknetwork/credential-sdk` for new work.
- ⚑Revocation uses a registry on cheqd: revocation is an on-chain transaction (paid in CHEQ), and verifiers must check the registry status at verification time, not just the credential signature. A 'verified' result without a fresh revocation lookup is meaningless for compliance.
- ⚑PII handling: by default, credential subjects can include raw PII as JSON — issuers must explicitly use BBS+ / ZK schemas to avoid sending plaintext attributes to verifiers. Selective disclosure is opt-in, not the default.
- ⚑Issuer DID rotation is non-trivial: credentials reference the issuer DID and key version at issuance; rotating keys without proper DID Document update history will invalidate every previously-issued credential.
- ⚑Sybil bypass: VCs prove an attribute *was issued by issuer X*, not that the holder is unique. A single human can collect many KYC credentials from different issuers. Combine with a personhood layer (World ID, PoH) when uniqueness matters.
- ⚑Hosted API rate limits and per-credential pricing apply on production; budget accordingly and cache verification results with a short TTL keyed on `(credentialId, issuanceDate, revocationStatus)`.