A mother walked into a neighbourhood pharmacy and handed over a prescription for her sick child. The chemist reached for a bottle, dispensed the medicine with confidence, and told her how to apply it. She went home and did exactly what she was told.
The medicine was wrong. It was meant for adult dermatological use. Applied to a child's eyes, the damage was irreversible.
The chemist wasn't necessarily malicious. But something had failed long before that counter interaction, there was no easy way to verify that this person was actually qualified to dispense prescription medicine. No quick check. No public record a patient could pull up on their phone before handing over trust.
We check Yelp reviews before visiting a restaurant. We check ratings before getting into an Uber. But the pharmacist who handles our prescriptions, the electrician wiring our home, the contractor managing our building, for these we largely take their word for it, or at best call a licensing board that might or might not pick up.
That bothered us. And it led our group to start building Veryfy.
The Real Problem: Credentials Live in Silos
Professional licenses, certifications, and service authorisations exist, but they're scattered. They live in government databases, PDF certificates pinned to office walls, or email attachments. To verify one, you either:
Call an office that's open 9–5, or
Trust a paper document that could have been printed this morning.
The information asymmetry is staggering. The professional always knows exactly what their credentials say. The patient, the customer, the client, they're almost always flying blind.
What if a license was something you could independently verify in seconds, from your phone, before you walked into that pharmacy? No phone call. No middleman. Just a hash, a blockchain, and a yes or no.
That's the idea behind Veryfy, a decentralised credential verification protocol we are currently developing.
What Veryfy Does
Veryfy is an on-chain license verification protocol built on Solana. In plain terms:
An issuer (a licensing body, an institution, a platform) registers on-chain and issues a license tied to a specific credential or asset.
That license is written to the blockchain permanently, publicly, and tamper-proof.
Anyone:- a patient, a customer, an auditor can verify that license instantly, without asking the issuer.
No more "trust me, I'm licensed." The license speaks for itself.
How It Works
It's in three parts:
The Blockchain Layer (the source of truth) Every license is stored as a record on the Solana blockchain. It holds: who issued it, who holds it, whether it's active or revoked, and when it expires. Once written, nobody, not even the issuer can quietly change it. Revoking a license creates a new public record, not a silent deletion.
The API Layer (the bridge) A lightweight Go server handles the off-chain logic: hashing documents, validating requests, exposing clean HTTP endpoints. This is what a hospital system, a pharmacy app, or a government portal would integrate with.
The Web App A React frontend gives issuers a dashboard to issue and revoke licenses, and gives anyone a public verification page scan the QR code, and instantly see if the license is real.
A Peek Under the Hood
If you're technical, here's the part that makes it work cleanly.
Each license is stored as a Program Derived Address (PDA) on Solana- an account whose address is deterministically derived from the content it represents. Specifically, it's seeded by a 32-byte SHA-256 hash of the credential document:
rust
seeds = [b"license", asset_hash.as_ref()]
,
This means: given any document, you can compute its hash and look up exactly one on-chain record no index, no search, no intermediary. The blockchain address is the lookup key.
A license record looks like this:
rust
pub struct License {
pub holder: Pubkey, // who holds the license
pub issuer: Pubkey, // who issued it
pub status: LicenseStatus, // Active | Revoked | Expired
pub expiry: i64, // 0 = never expires
pub asset_hash: [u8; 32], // the credential's fingerprint
}
And only the registered issuer authority can revoke it enforced at the contract level, not just in application logic:
rust
#[account(
has_one = authority @ VeryfyError::UnauthorizedIssuer,
)]
pub issuer: Account<'info, Issuer>,
Back to That Pharmacy
Imagine this instead: the pharmacy's license is issued on-chain by the national pharmaceutical regulatory body. Before a patient enters, they scan a QR code on the door. The app hashes the pharmacy's registration document, looks it up on-chain, and returns:
License Active - Issued by National Pharmacy Council- Valid until Dec 2026
Or:
License Revoked - Revocation recorded 14 March 2025
No phone call. No trusting a certificate in a frame. Just a public, unforgeable record.
That's not science fiction. The infrastructure to do this already exists. What's been missing is a standardised way to put credentials on-chain and make verification dead simple.
Trust, but Verify: Fighting Credential Fraud with Solana
Veryfy is currently under active development. We have built a functional prototype running on a local Solana validator with a connected React UI and Go API, but we are working hard to expand it. Our immediate roadmap includes:
License Renewal - completing the on-chain implementation for extending license validity.
QR Code Verification Flow - so the pharmacy-door scenario above is a real UX, not just a thought experiment.
Institutional Integrations - working with licensing bodies to pilot real credential issuance.
Try It / Contribute
The full source code is open on GitHub: github.com/odingaval/veryfy.git
Since Veryfy is actively under development, we welcome contributions! The stack is Rust (Anchor), Go, and React/TypeScript - if any of those are your world, we would love to have you collaborate with us.
And if you've ever been on the wrong side of an unverifiable credential as a patient, a customer, or someone who's had to just hope the person helping them was who they said they were, we'd genuinely like to hear your story in the comments. That's the problem we are trying to solve.
Top comments (0)