Once your credential is issued, a standard integration allows your VRS provider to access your wallet for signing and checking operations – so that when you get a verifiable presentation, you can trust that it came from an actual Authorized Trading Partner (ATP) or Authority.
Credential Integration with VRS #
LedgerDomain offers two different methods for VRS integration. During the stabilization period we are assisting customers directly and working closely with our integration partners. Once your credential is set up, let us know your preferred provider(s) and we will handle the rest. More details can be found in our API documentation.
Requiring Credentials on the VRS #
Under the DSCSA, manufacturers and repackagers on the VRS are only required to respond to requests from Authorized Trading Partners (ATPs). Typically, messages over the VRS are unsigned. While GLNs (13-digit codes assigned by GS1) are used to identify parties over the network, these do not demonstrate ATP status and lack any signature protections. At time of writing, many manufacturers and repackagers are preparing to require OCI-compliant credentials over the VRS, so that they only respond to known ATPs.
While implementations differ between solution providers, non-credentialed requestors receive an Error 403 message with additional details (e.g. “Error 403: ATP Authorization header is null”). Each requestor solution provider will display these errors in their own way, but the reason for the rejection should be clear. The GS1 Healthcare US Implementation Guideline Applying the GS1 Lightweight Messaging Standard for DSCSA Verification of Product Identifiers offers more insight into this and other reasons for a verification request being rejected. Ask your VRS solution provider for more information.
