ceven

Truvera

Issues and verifies decentralized identities and credentials to eliminate manual KYC and identity fraud in real time.

Try Truvera in Ceven

Ask Ceven anything
Standard

Why use Ceven?

  1. AI native Truvera integration

    • Describe the outcome and Ceven picks the right Truvera calls, fills the parameters, and checks the result.
    • Structured, agent friendly tool schemas so each call runs reliably instead of by guesswork.
    • Rich coverage for reading, writing, and querying your Truvera data, across all 15 of its actions.

  2. Managed auth

    • Built in OAuth with automatic token refresh and rotation.
    • One place to manage, scope, and revoke Truvera access.
    • Per user and per environment credentials instead of shared keys.

  3. Agent optimized design

    • Actions are tuned from real success and error rates so reliability climbs over time.
    • Full execution logs so you always know what ran in Truvera, when, and on whose behalf.
    • The agent pauses and asks when Truvera is unclear instead of plowing ahead.

  4. Enterprise grade security

    • Fine grained access so you control which agents and people can reach Truvera.
    • Least privilege by default, read scopes first and only the writes a workflow needs.
    • A full audit trail of every Truvera action to support review and sign off.

Supported tools

Every action Ceven's agents can run on Truvera, and when to use it.

Create API Key
Use this to generate a new API key with an optional alias and IP allowlist for secure access.
Create Webhook
Use this to set up a webhook endpoint so Truvera pushes event notifications to your service.
Delete API Key
Permanently remove a specific API key after confirming the ID via the list call.
Delete Credential
Remove a verifiable credential from the system when it is no longer needed.
Delete Tag
Use this when you have a tag ID and want to permanently remove that label.
Delete Webhook
Remove a specific webhook endpoint using its unique ID.
Retrieve API Key
Pull details of a specific API key, checking the single key endpoint first.
Retrieve API Keys
Pull a list of all API keys associated with the authenticated account.
Retrieve Credential
Pull a verifiable credential by ID. Provide the password to decrypt the full content or get metadata only.
Retrieve Credentials
Pull a list of credential metadata with optional pagination and filtering.
Retrieve DID Document
Resolve a DID to pull its corresponding DID Document for inspection.
Retrieve Revocation Registries
Pull a list of all revocation registries created by the authenticated account.
Retrieve Webhook
Pull the specific configuration and details of a single webhook.
Retrieve Webhooks
Pull all configured webhook endpoints for the account.
Verify Credential
Use this to verify a verifiable credential or presentation received from an issuer.
Verify Credential or Presentation
Tool to verify a verifiable credential or presentation. Use after receiving a credential or presentation from an issuer.

16 actions · scroll to see them all

Frequently asked questions

Ceven can retrieve both the metadata and the full content of a Truvera credential. If a credential was persisted using a password, the agent requires that specific password to decrypt the data. You can provide this password as a secure secret within the Ceven vault. If no password is provided, the agent will only pull the metadata, such as the issuer and the timestamp, without revealing the sensitive underlying claims. This ensures that your private identity data remains encrypted and is only decrypted when the workflow has the explicit secret required to unlock the specific credential record.
Yes. Ceven can interact with Truvera revocation registries to check if a credential is still valid. When a user presents a credential, the agent calls the revocation registry to ensure the issuer has not cancelled the identity. If the registry indicates the credential is revoked, the agent can trigger a downstream action, such as locking a user account in your database or sending a notification to your security team. This creates a real time kill switch for digital identities across your entire ecosystem without manual auditing.
If you suspect a leak, you can use Ceven to immediately list all API keys and delete the compromised one using the Delete API Key action. Because the agent can be triggered by an external security alert, you can build a workflow that automatically rotates keys or deletes them based on an anomaly detection trigger from your SOC. Once the key is deleted in Truvera, all subsequent requests using that key are rejected instantly, and the agent can then create a new key with a restricted IP allowlist to restore service.
When a workflow encounters a Decentralized Identifier, the Ceven agent uses the Retrieve DID Document tool to resolve that identifier. This process fetches the public keys and service endpoints associated with the identity from the ledger or registry. The agent then uses this document to verify the cryptographic signatures on any presented credentials. This means the agent does not need a central database of users; it relies on the mathematical proof provided by the DID document to confirm that the holder of the identity is who they claim to be.
Yes. Truvera imposes strict rate limits on the Retrieve DID Document and Verify Credential endpoints to prevent DDoS attacks on the resolution layer. Depending on your Truvera tier, you may see 429 errors if a workflow attempts to verify thousands of identities in a tight loop. To handle this, Ceven implements an exponential backoff strategy. If you are running a bulk verification job, we recommend configuring the workflow to process credentials in small batches with a delay between calls to avoid hitting the tier gating limits.
Ceven can manage Truvera webhooks to ensure your system stays in sync. By using the Create Webhook action, the agent tells Truvera to push a notification to your server whenever a specific event occurs, such as a credential being issued or revoked. Once the notification hits your endpoint, it can trigger a Ceven workflow to update the user status in your application. This moves you from a polling model to an event driven model, which reduces API load and ensures that identity changes are reflected in your system in real time.
Ceven acts as a conduit between your application and Truvera. While the agent may temporarily hold a credential in its short term memory to perform a verification or a data mapping task, it does not store the decrypted contents of verifiable credentials in a permanent database. The source of truth remains the Truvera platform and the decentralized ledger. This architecture minimizes your compliance burden under GDPR or CCPA because the sensitive identity data is not duplicated across your workflow orchestration layer.
Yes. When using the Create API Key action, the agent can pass an IP allowlist to Truvera. This ensures that even if a key is leaked, it can only be used from your trusted server IPs. You can manage these lists through Ceven by creating new keys with updated allowlists and deleting the old ones. This adds a critical layer of network security to your identity infrastructure, ensuring that the power to issue or verify credentials is restricted to your known and approved infrastructure.

Alternatives to Truvera

Other tools that solve a similar problem. Ceven supports these too, so you can switch or run more than one at once.

Cheqd logoCheqdDock logoDockMattr logoMattr

Try Ceven on your stack

Plug Ceven on top of the tools you already run. Connect Truvera and the rest of your stack, describe the outcome, and its agents handle the work end to end, days of it in minutes.

Get started for free