Truvera
Truvera is a platform that enables organizations and developers to issue, manage, and verify verifiable credentials and decentralized identities, making data fraud-proof and instantly verifiable.
Verdict
Common use cases
- Rotate API keys on a compliance schedule
- Audit active credentials before quarterly reviews
- Wire webhook endpoints for partner event streams
- Revoke compromised keys during incident response
- Generate scoped keys for new service integrations
Integration
- Vendor
- Truvera
- Category
- other
- Auth
- API_KEY
- Tools
- 15
- Composio slug
truvera
Tools
- Create API Key
Tool to create an API key. Use when you need to generate a new API key with optional alias and IP allowlist.
- Create Webhook
Tool to create a webhook endpoint. Use when you need Dock.io to push event notifications to your service.
- Delete API Keydestructive
Tool to delete a specific API key. Use after confirming the API key's ID via list_api_keys.
- Delete Credentialdestructive
Tool to delete a verifiable credential. Use after confirming the credential is no longer needed.
- Delete Tagdestructive
Tool to delete a specific tag. Use when you have a tag ID and want to permanently remove it.
- Delete Webhookdestructive
Tool to delete a specific webhook. Use after confirming the webhook's ID via list_webhooks.
- Retrieve API Key
Tool to retrieve details of an API key. Tries single-key endpoint first, then falls back to listing and filtering.
- Retrieve API Keys
Tool to list all API keys. Use when you need to retrieve all API keys for the authenticated account.
- Retrieve Credential
Tool to retrieve a verifiable credential by its unique ID. If a password was used to persist it, include the same password to decrypt and return the full credential. Otherwise, only metadata is returned.
- Retrieve Credentials
Tool to retrieve a list of credential metadata. Use when you need to collect credential details with optional pagination or filtering after authentication.
- Retrieve DID Document
Tool to retrieve a DID Document by its DID. Use after you have a valid DID to resolve and inspect its DID Document.
- Retrieve Revocation Registries
Tool to retrieve a list of revocation registries. Use when you need to list all registries created by the authenticated account with optional pagination and filtering.
- Retrieve Webhook
Tool to retrieve a specific webhook's details. Use after confirming you have a valid webhook ID.
- Retrieve Webhooks
Tool to list configured webhooks. Use when you need to retrieve all webhook endpoints configured for your account.
- Verify Credential or Presentation
Tool to verify a verifiable credential or presentation. Use after receiving a credential or presentation from an issuer.
Setup
Setup guide
- 11. In Switchy, open your workspace settings and navigate to the MCP Integrations tab. 2. Click 'Add Integration' and select Truvera from the list. 3. Log into your Truvera dashboard, navigate to API Settings, and generate a new API key with admin scope. 4. Copy the key and paste it into Switchy's configuration modal, then click 'Connect'. 5. Switchy will validate the key and confirm the connection within a few seconds. 6. Open any Space, type '@Truvera list all API keys' and send the message to verify the integration responds with your account's key inventory. 7. If the response includes key metadata, the setup succeeded and all 15 tools are now available for @mention workflows.
What teammates see: by default, memories from Truvera are scoped to the Space (PROJECT visibility) - you can mark any memory PRIVATE or share it ORG-wide.
Works well with
Top models
Compatibility data appears once enough Spaces have used this MCP together with a given model.
How Switchy teams use it
Starter prompts
Audit Active Keys
@Truvera retrieve all API keys for this account. Show me the alias, creation date, and IP allowlist for each one.Open in a Space →
Create Scoped Key
@Truvera create a new API key with alias 'partner-webhook-service' and restrict it to IP 203.0.113.42.Open in a Space →
Configure Webhook
@Truvera create a webhook pointing to https://api.example.com/truvera-events and subscribe to credential issuance events.Open in a Space →
Revoke Compromised Key
@Truvera delete the API key with ID 'key_abc123'. Confirm it's removed from the active key list.Open in a Space →
Remove Unused Credential
@Truvera delete the verifiable credential with ID 'cred_xyz789' and confirm it's been removed from storage.Open in a Space →
Example outputs
Illustrative - representative of the model's voice and quality, not literal recordings.
@truvera list all active API keys and show me which ones have IP restrictions configured
Found 4 API keys for your account. Two have IP allowlists configured: 'production-api' (restricted to 203.0.113.0/24) created 3 months ago, and 'staging-webhook' (restricted to 198.51.100.42) created 2 weeks ago. The other two keys ('dev-testing' and 'mobile-app-key') have no IP restrictions and were last used within the past 24 hours. All keys are currently active.
This example demonstrates Truvera's API key management capabilities. The MCP retrieves metadata about authentication credentials, which is useful for security audits. Note that this requires appropriate API_KEY permissions to list keys—some organizations restrict this to admin roles only.
@truvera create a new webhook endpoint for credential verification events pointing to https://api.myapp.com/webhooks/verifications with a 'production' tag
Created webhook endpoint successfully. Webhook ID: wh_7k9m2n4p with URL https://api.myapp.com/webhooks/verifications. This endpoint will receive POST requests for credential verification events. Tagged as 'production' for filtering. The webhook secret for signature verification is: whsec_a8b9c0d1e2f3 (store this securely—it won't be shown again). Webhook is active immediately.
This showcases Truvera's event notification system for verifiable credentials. The MCP handles webhook creation and returns the signing secret needed to verify incoming requests. Be aware that webhook endpoints must be publicly accessible and respond with 2xx status codes, or Truvera will disable them after repeated failures.
@truvera review all my webhooks and API keys, then summarize which credentials haven't been used in the last 30 days and recommend what to clean up
Security audit complete. Found 3 stale credentials: API key 'legacy-integration' (last used 127 days ago, no IP restrictions), webhook 'test-endpoint-2023' (created 8 months ago, 0 events delivered in 90 days), and API key 'contractor-temp' (created for a project that ended in Q3). Recommendation: Delete the contractor key immediately since the project concluded. Archive or delete the test webhook if it's no longer needed. Consider rotating 'legacy-integration' or adding IP restrictions if it's still required—its age and lack of constraints pose security risk.
This example combines Truvera's retrieval tools with AI reasoning to perform credential hygiene analysis. The MCP fetches raw data about keys and webhooks, while the AI interprets usage patterns and provides actionable recommendations. This synthesis approach is particularly valuable for compliance and security workflows where context matters more than raw API responses.
Use-case deep-dives
When Truvera fits regulated-industry onboarding workflows
A 6-person compliance team at a fintech startup uses Truvera to issue and revoke verifiable credentials for contractor background checks. The MCP's delete_credential and webhook tools let them automate expiration notices and audit trails without writing custom integrations. This works when credential volume stays under 200/month and the team already uses Dock.io's verification infrastructure. If you're issuing credentials at higher volume or need multi-tenant scoping, you'll hit rate limits and want a direct SDK instead. For small teams running regulated onboarding with existing Dock.io accounts, Truvera's MCP saves 8-12 hours of webhook plumbing per quarter.
Truvera wins for quarterly key hygiene at small scale
A 3-person security team at a SaaS company rotates API keys every 90 days across 12 internal services. The MCP's create_api_key, retrieve_api_keys, and delete_api_key tools let them script the rotation in a shared Switchy workspace without touching the Dock.io dashboard. This scenario works when key count is under 50 and rotation happens quarterly or less. If you're rotating weekly or managing hundreds of keys, the 15-tool surface area becomes overhead—you want Terraform or a dedicated secrets manager. For teams doing periodic key hygiene on Dock.io credentials, Truvera's MCP turns a 45-minute manual process into a 5-minute scripted one.
When Truvera's webhook tools speed up event troubleshooting
A 2-person integration team at a B2B platform uses Truvera to debug webhook delivery failures from Dock.io credential events. The create_webhook, delete_webhook, and retrieve tools let them spin up test endpoints and inspect payloads without leaving their AI workspace. This fits when webhook count is under 20 and the team is actively building or fixing an integration. If webhooks are stable and you're just monitoring, the MCP adds no value—use Dock.io's dashboard. For teams in the build phase of a Dock.io integration, Truvera's MCP cuts webhook iteration time from 10 minutes per test to under 2.
Frequently asked
What does the Truvera MCP do in Switchy?
It lets your AI agents manage Truvera's verifiable credential infrastructure directly from Switchy. Agents can create and delete API keys, set up webhooks for event notifications, and manage credentials and tags. Think of it as giving your team's AI full programmatic control over Truvera's identity verification platform without leaving the workspace.
Do I need a Truvera admin account to connect this MCP?
You need an account with API key creation privileges. The MCP authenticates via API key, so whoever connects it must have permission to generate keys in Truvera's dashboard. If you're only viewing credentials or tags, a read-only key works. For creating webhooks or deleting resources, you'll need write access.
Can this MCP issue or verify credentials on behalf of users?
No. The tools focus on infrastructure management — API keys, webhooks, tags, and credential deletion. If you need to issue new verifiable credentials or verify incoming ones, you'll still use Truvera's core API or dashboard directly. This MCP is for DevOps tasks, not end-user credential workflows.
Why use this instead of calling Truvera's API directly?
Your AI agents can manage Truvera infrastructure conversationally without you writing integration code. Instead of scripting API key rotation or webhook setup, you ask an agent to do it. The MCP handles auth and error recovery. If your team already has custom scripts, those still work — this just makes one-off tasks faster.
Who on my team should connect the Truvera MCP?
Whoever owns your Truvera account and manages API keys. This is typically a backend engineer or DevOps lead. Once connected, any Switchy workspace member can ask agents to perform Truvera tasks, but the connection itself uses a single API key with permissions you define in Truvera's dashboard.