Open Badge Baking Specification

Brian J Brennan edited this page Jul 23, 2012 · 8 revisions
Clone this wiki locally


version 2



See for more information on how to properly create an iTXt chunk.

Data MUST be in the form of serialized JSON. The following fields are REQUIRED:

  • method: Verification method of the badge. Currently the only defined value in this specification is “hosted”. Value is case-insensitive.
  • assertionUrl: URL where the assertion is hosted. Baker SHOULD ensure validity of badge by doing a GET request on the URL and processing the body of the response.

The following fields are OPTIONAL

  • version: Version of the OpenBadge Baking Specification. This may be supplied as assistance to decoders.
  • timestamp: Unix timestamp representing the time of baking.
  • assertionHash: Hashed representation of the contents at “assertionUrl”. This can be used to verify that the badge assertion has not changed since the time of baking. If provided, MUST be in the form of “[algorithm]$[hash]”, e.g., “sha256$98ea6e4f216f2fb4b69fff9b3a44842c38686ca685f3f55dc48c5d3fb1107be4”.

The serialized JSON MUST be stored in the iTXt chunk with the keyword “openbadge”. An image MUST NOT have more than one iTXt chunk with the “openbadge” keyword.

Language tag SHOULD be “json”. Tag is case-insensitive.

Data MAY be compressed. The only compression scheme supported by the PNG specification is zlib inflate/deflate.

Translated keyword SHOULD be blank.

Existing chunks in the stream MUST NOT be modified. The new iTXt chunk can be added anywhere in the stream so long as it's valid according to the PNG specification.


Keyword: 'openbadge'
<null separator>
Compression flag: 0
Compression method: 0
Language tag: 'json'
<null separator>
Translated keyword: ''
<null separator>
Text: '{"method": "hosted", "assertionUrl": ""}'

Reading badge data

Chunk parsing can stop at the first iTXt field that has the “openbadge” keyword.

if the JSON cannot be deserialized, the badge is invalid and should not be processed.

method MUST be “hosted”, case-insensitive. If any other value is supplied, badge is invalid and should not be processed.

A GET request MUST be performed on the assertionUrl. Response status should be 200 or 3xx. If anything else is received, the badge cannot be verified. A reader can choose whether to reject the badge or try to process later if it is suspected that the problem is temporary.

If assertionHash is suplied, a reader SHOULD compare the hash to the body of the response from the GET request. It is up to the reader to determine the appropriate action to take when a mismatch is found.

If the response is in the 3xx range, a reader MUST follow the redirect until a 200 response is received.

The response MUST deserialize into a valid badge assertion.