# `Layr8.Credentials`
[🔗](https://github.com/layr8/elixir_sdk/blob/main/lib/layr8/credentials.ex#L1)

W3C Verifiable Credential operations via the Layr8 cloud-node REST API.

All functions accept a `Layr8.REST` client and keyword options.

## Example

    rest = Layr8.REST.new("https://node.example.com", "my-api-key")
    {:ok, jwt} = Layr8.Credentials.sign_credential(rest, credential, issuer_did: "did:example:alice")

# `credential`

```elixir
@type credential() :: map()
```

# `credential_format`

```elixir
@type credential_format() :: String.t()
```

# `stored_credential`

```elixir
@type stored_credential() :: map()
```

# `get_credential`

```elixir
@spec get_credential(Layr8.REST.t(), String.t()) ::
  {:ok, stored_credential()} | {:error, term()}
```

Retrieves a stored credential by ID.

Returns `{:ok, stored_credential()}` or `{:error, reason}`.

# `list_credentials`

```elixir
@spec list_credentials(
  Layr8.REST.t(),
  keyword()
) :: {:ok, [stored_credential()]} | {:error, term()}
```

Lists stored credentials for a holder.

## Options

- `:holder_did` — holder DID (default: agent DID)

Returns `{:ok, [stored_credential()]}` or `{:error, reason}`.

# `sign_credential`

```elixir
@spec sign_credential(Layr8.REST.t(), credential(), keyword()) ::
  {:ok, String.t()} | {:error, term()}
```

Signs a W3C Verifiable Credential using the issuer's assertion key.

## Options

- `:issuer_did` — issuer DID (default: agent DID)
- `:format` — output format: `"compact_jwt"` (default), `"json"`, `"jwt"`, `"enveloped"`

Returns `{:ok, signed_jwt}` or `{:error, reason}`.

# `store_credential`

```elixir
@spec store_credential(Layr8.REST.t(), String.t(), keyword()) ::
  {:ok, stored_credential()} | {:error, term()}
```

Stores a signed credential JWT for a holder in the cloud-node credential store.

## Options

- `:holder_did` — holder DID (default: agent DID)
- `:issuer_did` — issuer DID metadata (optional)
- `:valid_until` — ISO 8601 expiration string (optional)

Returns `{:ok, stored_credential}` or `{:error, reason}`.

# `verify_credential`

```elixir
@spec verify_credential(Layr8.REST.t(), String.t(), keyword()) ::
  {:ok, map()} | {:error, term()}
```

Verifies a signed credential using the verifier DID's assertion key.

## Options

- `:verifier_did` — verifier DID (default: agent DID)

Returns `{:ok, verified}` or `{:error, reason}`.

---

*Consult [api-reference.md](api-reference.md) for complete listing*