§ Tier 1 — Quickstart
Quickstart
From zero to a verified age-check in two lines of business code. This page targets the 95 % of integrations that want a working flow without picking credential formats, encryption modes or wallet dispatchers by hand.
1. Get a sandbox API key
No self-serve signup today (see ADR 0014). Sandbox keys are issued manually after a short conversation on your use case.
Book a 15-min call Typical turnaround: same day / next business day.
You receive:
- One
pk_test_...publishable key for your SDK Web snippets - One
sk_test_...secret key for backend calls to/v1/sessions - Sandbox credentials against the EU AV reference wallet and a preregistered EC wallet for isolated tests
2. Create a verification session
One backend call. Three business parameters. Tessaliq resolves the internal policy, credential format, OID4VP variant and wallet list for you.
curl -X POST https://api-staging.tessaliq.com/v1/sessions \
-H "Authorization: Bearer $SK_TEST" \
-H "Content-Type: application/json" \
-d '{
"useCase": "age_verification_18_plus",
"jurisdiction": "FR",
"assuranceLevel": "substantial",
"external_ref": "order_abc123"
}'Response:
{
"id": "c9a1e...",
"state": "created",
"policy": "av_age_18_plus", // internal policy name resolved from useCase
"nonce": "4e7a2f...",
"expires_at": "2026-04-24T15:05:00Z",
"verification_url": "https://api-staging.tessaliq.com/verify/c9a1e..."
}
See the mapping table
for the full list of useCase values and the policies
they resolve to in each jurisdiction.
3. Embed the SDK Web snippet
The client SDK drives the wallet interaction — Digital Credentials API on Chrome/Safari when available, deep-link fallback to the wallet app otherwise.
import { Tessaliq } from '@tessaliq/sdk-web';
const tessaliq = Tessaliq.init({
apiKey: process.env.TESSALIQ_PK_TEST,
baseUrl: 'https://api-staging.tessaliq.com',
});
async function runAgeGate(sessionId) {
try {
const result = await tessaliq.requestCredential({ sessionId });
if (result.verified) {
// Server-side already verified the credential against the policy.
// No birth date was exposed — only age_over_18 is true.
await unlockContentForUser(result.sessionId);
}
} catch (err) {
console.error('verification failed', err);
}
}
Access to the private @tessaliq/sdk-web npm tarball is
shared during onboarding. The open-core subset (circuits, types,
helpers) lives at
Tessaliq/tessaliq-open.
4. Receive and verify the receipt
After a successful verification, Tessaliq returns a signed JWT receipt (ES256) that your auditor can verify offline against the public JWKS endpoint. Store it, or forward it to your compliance logs.
// From your backend, poll for the session result or receive a webhook
const response = await fetch(
'https://api-staging.tessaliq.com/v1/sessions/' + sessionId,
{ headers: { Authorization: 'Bearer ' + SK_TEST } }
);
const { receipt_token, result } = await response.json();
// receipt_token is a JWT signed with ES256.
// Your auditor can verify it offline via:
// https://api-staging.tessaliq.com/.well-known/jwks.json
// (See /receipt/verify for a live interactive verifier.)What this page does not cover
The Quickstart intentionally shows one path. It does not cover:
- Credential format overrides (SD-JWT-VC vs mdoc) — see Advanced
- Response mode overrides (
direct_post.jwtvsdc_api.jwt) — see Advanced - Webhook server-to-server pattern for receipt authenticity — see Advanced
- The legacy
policyparameter (stable, still accepted) — see Advanced - The raw OID4VP surface, conformance plans, DCQL details — see Raw
If you're integrating a simple ARCOM or SREN age gate in France or the EU, you should not need to leave this page.