Trust and verification assertions give approved apps limited answers about account eligibility.
They do not expose private verification records. The app receives only the approved assertion needed for the user action.
What Assertions Can Cover
Approved assertions can include:
- identity verified
- age verified
- jurisdiction eligible
- organization verified
- payment eligible
Each assertion depends on app approval, user consent, account state, region, and the action being requested.
What Partners Receive
Partners can receive:
- the approved assertion
- assertion state
- eligibility status
- expiration or refresh state where supported
- reason guidance when the assertion is unavailable
Partners should display the result in plain language.
What Partners Do Not Receive
Partners should not receive:
- identity documents
- private verification evidence
- provider review details
- fraud review details
- unrelated account history
- unrelated payment history
- private wallet material
- Onyx internal identifiers
Onyx keeps sensitive verification material inside the Onyx trust model.
Eligibility Changes
Assertions can change.
An assertion can become unavailable if:
- verification expires
- the user revokes consent
- the app loses approval
- regional rules change
- account recovery starts
- Onyx requires a refresh
Partners should check current state before relying on an assertion.
User Consent
Apps must request consent before receiving an assertion.
The user should understand:
- which app is asking
- which assertion is requested
- why the app needs it
- whether the result expires
- how access can be revoked
The app should not ask for broad trust access when a narrow assertion is enough.
Safe Use
Use assertions to make a specific product decision.
Do not use assertions as public status labels, social badges, user rankings, or unrestricted identity exports.