Identity / Names·Off-chain · EVM (via Code Connect) · Hyperledger Indy
Trinsic
Trinsic is a verifiable-credentials platform and reusable-identity network. It provides hosted Wallet, Credentials, and Provider APIs plus white-label mobile/web wallet SDKs so apps can launch identity verification widgets, issue W3C VCs, and accept reusable identity across hundreds of issuers (mDL, eIDAS, KYC providers) without rebuilding integrations per partner.
- 01reusable KYC / age verification across providers
- 02white-label identity wallets
- 03mDL (mobile driver's license) acceptance
- 04ecosystem operators issuing+verifying VCs
- 05enterprise SaaS identity flows with one API
- pnpm add @trinsic/sdk
- pnpm add @trinsic/web
| Variable | Scope | Description |
|---|---|---|
| TRINSIC_ACCESS_TOKEN | Server | Server-side access token from the Trinsic dashboard (scoped to an Ecosystem). |
| TRINSIC_ECOSYSTEM_ID | Server | Trinsic Ecosystem identifier under which sessions, credentials, and providers are managed. |
| NEXT_PUBLIC_TRINSIC_PUBLIC_API_KEY | Client | Public client key for the browser widget / launcher (safe to expose). |
Use Trinsic to launch reusable-identity verification flows. From your server, create a session with the v2 SDK: `const trinsic = new TrinsicService({ authToken: TRINSIC_ACCESS_TOKEN }); const session = await trinsic.sessions.create({ ecosystemId: TRINSIC_ECOSYSTEM_ID, verification: { providerId: 'trinsic-id-document', fields: ['firstName', 'lastName', 'dateOfBirth'] } });` — return `session.launchUrl` to the client. In the browser, mount `<TrinsicLauncher launchUrl={launchUrl} onSuccess={onSuccess} onCancel={onCancel} />` from `@trinsic/web` (or use the iframe / native deep-link). After completion, your server fetches the result with `trinsic.sessions.get({ sessionId })`; the response contains the issued/verified credential JSON, which you store and re-verify on subsequent visits to skip re-KYC.
- ⚑Trinsic moved from the original 'streetcred.id' Hyperledger Indy stack to a new Sessions / Ecosystems API in v2 — sample code older than 2024 mostly doesn't work; pin to `@trinsic/sdk` v2 and the Sessions endpoints.
- ⚑Verification 'providers' (Onfido, Veriff, Persona, etc.) are run by Trinsic on your behalf; PII flows through Trinsic, which is a regulated data processor. Sign a DPA before going to production and disclose the sub-processor chain in your privacy policy.
- ⚑Reusability only works inside an ecosystem you control or partner with — a credential issued in Ecosystem A cannot be presented in Ecosystem B without explicit trust setup, so 'reusable' is bounded by your network topology.
- ⚑Revocation semantics depend on the underlying issuer: some Trinsic providers only return ephemeral verification results (no revocable VC), others issue revocable W3C VCs. Always check `credential.credentialStatus` exists before relying on revocation.
- ⚑Sybil bypass: Trinsic verifies a real document, but a single human can present multiple legitimate documents (driver's license + passport) — uniqueness across providers is not guaranteed. Combine with a personhood layer for 1-human-1-account.
- ⚑Mobile launches require URL scheme registration and (on iOS) Universal Links; misconfigured deep-linking is the most common production bug — test on a clean device build, not just a simulator.