CARO Test Environment Guide for VRS #

About This Document #

This document describes the CARO account set-up for testing by VRS providers.
Please follow the instructions in the API Documentation for VRS providers to use and configure the required APIs.

This document will be updated continuously. Please check back frequently, as new features and functionalities will be added to the application and explained here.

Development Status #

The current application is a beta version, which is continuously being developed further.

If you are in the process of testing CARO, we would love to hear your feedback. Which functionalities or info screens are useful to you? What should we add or remove? How can we make your life easier? Please get in touch through one of the means detailed at the bottom of this page.

VRS Test Account Set-up #

In practice, a VRS provider needs to be granted access by their customer into their trading partner account. Subsequently, VRS can access the account via the APIs VP Generation and VP Verification.

For testing purposes, we take a short-cut. Spherity provides you with two mock trading partner accounts to mimic both the requester and the responder roles. The requester account represents wholesalers (or dispensers) sending a Product Identifier (PI) Verification request. The responder account represents manufacturers responding to a PI Verification request. In each account you can find the test trading partner decentralized identifiers (DID). Each unique identifier effectively represents a specific imaginary trading partner within the system.

ONLY for API endpoint testing has Spherity created DSCSA ATP test credentials within our system for both requester and responder accounts. Note that these test credentials have not been issued by our integrated Credential Issuer, Legisym, as this is not required for API endpoint testing.

The web app resides on app.caro.vc. Using the email address provided by you, we will invite you to your test accounts. You will then be able to log in and start testing.

CARO Host #

Be sure to use app.caro.vc as the host when testing verifiable presentations.

Test Scenarios #

OCI has scoped relevant credentialing test cases. Spherity continues to be actively involved in this process. We update CARO as needed to accommodate changing recommendations.

As it stands, CARO enables testing based on:

• valid ATP credential
• expired ATP credential
• revoked ATP credential
• invalid issuance date of ATP credential
• invalid issuer of ATP credential
• invalid proof (i.e. invalid signature in ATP credential)
• no ATP credential

Each of these scenarios is associated with its own DID. Thus, by choosing a DID, you also select its directly associated verifiable credential (VC). The DID naming in our CARO test set-up indicates the state of the credential, i.e. valid or invalid.

Both the requester and responder test accounts enable the same set of test cases. This allows you to test success and failure scenarios on either side of the VRS roundtrip, i.e. the requestor and responder side, depending on the chosen DIDs per test run.

The requester and responder DIDs with an associated valid ATP credential will enable a test of the happy path scenario, i.e. a complete successful VRS roundtrip. Use of any other DID will result in an error message as specified by OCI’s Digital Wallet Conformance Criteria.

Here is an illustration of two roundtrip scenarios:

• successful VRS roundtrip, as both requester and responder have valid credentials
• failed VRS roundtrip, as the responder has an invalid credential (CARO will throw an OCI-specified error)

Please note #

• The list of provided DIDs in your CARO trading partner account includes an issuer DID. Please ignore this DID as a VRS tester.
• Whilst the current test set-up includes the above-mentioned ATP credentials, identity credentials have not been pre-populated, as this is not required for API endpoint testing.

Testing Process Flow #

1. Decide which DID in the requester and responder accounts to use depending on the scenario you want to test.
2. Generate the Verifiable Presentation (VP) of the DSCSA ATP Credential by calling the VP Generation API. Refer to our API documentation for details.
3. Verify the VP of the DSCSA ATP Credential by calling the VP Verification API. Refer to our API documentation for details.

App Interface #

As a participant of the VRS testing exercise, you assume TWO roles within the CARO app. This means that you will see the interface designed for service providers (who you actually are) AND the interface designed for trading partners (who you pretend to be).

• Refer to our user guide for VRS for information on the interface for VRS.
• Refer to our user guide for trading partners for information on the interface for trading partners.

Further Resources #

• CARO API Documentation
• OCI introductory resources including Getting Started with VRS Testing

App Status Monitor #

The app status, including maintenance updates, can be found at https://status.caro.vc/.

You can also subscribe to updates via RSS: https://status.caro.vc/rss.

Support & Feedback #

If you have already been invited to a dedicated Spherity Slack support channel, seeking assistance or offering feedback there will be the most straight-forward way for you to reach the CARO team.

Otherwise please contact [email protected] for product-related questions or feedback or [email protected] for technical queries.