Documentation

1. Register as an Issuer

Connect your wallet at /register and provide your organization name and website.

2. Generate an API Key

Go to /settings and create an API key for programmatic access.

3. Issue Certificates

Use the dashboard or the REST API to issue certificates to passport holders.

Issue a single certificate.

curl -X POST https://certs.chitin.id/api/v1/certs \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "issuerAddress": "0x...",
    "recipientAddress": "0x...",
    "certType": "achievement",
    "title": "ETH Denver 2026 Winner",
    "evidence": "https://ethdenver.com/results/...",
    "tags": ["hackathon", "2026"]
  }'

{
  "success": true,
  "data": {
    "tokenId": 1,
    "txHash": "0x...",
    "arweaveTxId": "abc123..."
  }
}

Issue multiple certificates at once (max 100).

curl -X POST https://certs.chitin.id/api/v1/certs/batch \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "issuerAddress": "0x...",
    "certs": [
      { "recipientAddress": "0x...", "certType": "achievement", "title": "Winner" },
      { "recipientAddress": "0x...", "certType": "capability", "title": "Verified" }
    ]
  }'

Verify a certificate. No authentication required.

curl https://certs.chitin.id/api/v1/verify/1

{
  "success": true,
  "data": {
    "tokenId": 1,
    "issuer": "0x...",
    "recipient": "0x...",
    "certType": "achievement",
    "arweaveTxId": "abc123...",
    "issuedAt": 1738972800,
    "revoked": false,
    "metadata": { ... }
  }
}

Get on-chain details for a certificate by token ID. No authentication required.

List all certificates for a passport address.

List all certificates issued by an address.

Returns the calldata needed to revoke a certificate on-chain. The issuer must sign and submit the transaction directly — revocation requires msg.sender == issuer.

{
  "success": true,
  "data": {
    "message": "Revoke must be executed by the issuer directly on-chain",
    "contractAddress": "0x9694Fd...",
    "functionName": "revoke",
    "args": [1],
    "issuer": "0x..."
  }
}

Returns the on-chain SVG image for a certificate. Used by NFT marketplaces and wallets for thumbnail display. No authentication required.

Create and list certification events (e.g., “ETH Denver 2026”). Events group related certificates together.

Register webhook URLs to receive real-time notifications when certificates are minted or revoked. Supported events: cert.minted, cert.revoked, cert.flagged, issuer.verified.

curl -X POST https://certs.chitin.id/api/v1/webhooks \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "issuerId": "iss_...",
    "url": "https://your-server.com/webhook",
    "events": ["cert.minted", "cert.revoked"]
  }'

Signature Verification — Each delivery includes an X-Chitin-Signature header. Verify it using the secret returned at registration:

// Node.js verification example
const [tPart, v1Part] = req.headers['x-chitin-signature'].split(',');
const timestamp = tPart.replace('t=', '');
const expected = crypto
  .createHmac('sha256', YOUR_WEBHOOK_SECRET)
  .update(`${timestamp}.${JSON.stringify(req.body)}`)
  .digest('hex');
const received = v1Part.replace('v1=', '');
if (expected !== received) throw new Error('Invalid signature');

API KEY

Include your API key in the Authorization header:

WALLET

The web dashboard uses wallet-based authentication via Coinbase Smart Wallet or any injected wallet (MetaMask, etc.).