Onboarding: Admin & Credential Setup
Setting up your identity involves two distinct phases: an institutional onboarding process to establish your organization's trustworthiness, and the issuance of a cryptographic credential that encodes and communicates that trust.
Why do we use verified credentials instead of simple passwords or API keys?
CommonsDB operates as a decentralized ecosystem. Our goal is to ensure that any downstream user, researcher, or AI system can independently verify the source and authenticity of a rights declaration without ever needing to contact CommonsDB or rely on our centralized servers.
A Verifiable Credential makes this possible. While an API key merely acts as an internal password to let you access a database, a Verifiable Credential mathematically binds your institution's vetted identity directly to the data you publish. To make declarations, you need both a verifiable credential issued to your organization and an API key.
CommonsDB currently uses CreatorCredentials as the identity platform, with Open Future acting as the credential issuer. Follow these steps to obtain both your credential and API access:
- Request & Suitability Assessment
Contact the CommonsDB team at hello@commonsdb.org with details about your digital collections. Note that technical verification happens later; this initial stage is purely about assessing your suitability as a Data Supplier. We will confirm that your institution stewards Public Domain or openly licensed works and that you have the internal rights-clearance processes required to stand by your data.
- Create a Creator Account & Profile
Once your suitability is confirmed, go to CreatorCredentials and register as a Creator (do not register as an Issuer).
After registration, navigate to your Creator Profile. Enter your organization name exactly as it should appear in your Verifiable Credential (VC). This account should be managed by an authorized representative who will officially handle your institution's digital identity.
- Connect to the Credential Issuer
Go to the Issuers section within the app and select Open Future Foundation. Follow the onboarding steps using the arrow button in the lower-right corner and submit a connection request.
- Request Your Verifiable Credential
Go to the Credentials section and create a new credential request using the following details:
- Credential type: Open Future Data Supplier
- Issuer: Open Future Foundation
You will then be guided through a key ownership challenge.
- Submit Your Public Key:Never share your private key.
If you already have a cryptographic key pair associated with your CreatorCredentials account, you may use it for the request. There is no need to generate a new key pair unless specifically required.
Copy the complete contents of your public key file, ensuring you include the header and footer:
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
Paste the complete public key into the credential request form.
- Sign the Challenge
After submitting the public key, the system will generate a one-time challenge to prove you possess the private key.
Using your private key, sign the challenge with OpenSSL. The system provides the exact command to execute. Make sure you run this command from within the folder where your private key file is stored.
Copy the resulting Base64 signature, paste it into the challenge form, and submit the request.
- Receive API Access
Once Open Future Foundation has reviewed and approved your request, your Verifiable Credential will be issued. Think of it as a highly secure, digital passport for your institution that permanently encodes the administrative trust established in Step 1.
To finalize your setup and get API access, send the following to hello@commonsdb.org:
- The issued Verifiable Credential (VC)
- Your public key
(Reminder: Do not send your private key under any circumstances).
After the credential has been verified, we will provide your CommonsDB API endpoint, your API key, and the required API headers. You are then ready to begin making declarations to CommonsDB.