Skip to content
All posts
Guide
July 3, 2026· 6 min read

XRPL Credentials (XLS-70) Explained for Token Holders

What Just Changed on the XRP Ledger

Suppose you want to hold a tokenized real-world asset on the XRP Ledger. The issuer needs to know you've passed KYC before they let you receive the token. Until recently, there was no native way to prove that on-chain. You'd rely on off-chain checks, manual allowlists, or workarounds that didn't scale.

XLS-70 changes that. It introduces a native credential system directly on the XRP Ledger, giving issuers and token holders a standardized, on-chain way to attach verified attributes to a wallet. This post breaks down what credentials are, how they work mechanically, and what they mean if you hold or plan to hold XRPL tokens.

What XLS-70 Credentials Actually Are

A credential on the XRP Ledger is a ledger object. It lives on-chain, attached to a specific account, and it records a verifiable claim made by one party about another.

Three roles are involved:

  • Issuer. The entity that creates and signs the credential. This could be a KYC provider, a compliance platform, or any trusted party the token issuer recognizes.
  • Subject. The wallet that holds the credential. As a token holder, this is you.
  • Relying party. The entity, usually a token issuer or DEX, that checks whether a credential exists before allowing an action.

A credential contains a credential type, an optional expiration date, and optional URI metadata. The credential type is a short identifier that tells the relying party what kind of claim this is, for example, that an account has passed identity verification or is accredited under a specific regulation.

Credentials are not tokens. They don't have a monetary value. They're attestations, machine-readable stamps that say a particular condition has been met for a particular wallet.

How the Credential Lifecycle Works

Understanding the steps helps you know what to expect when an issuer requires credentials.

Step 1: Issuance

A credentialing authority submits a CredentialCreate transaction on the XRP Ledger. This transaction specifies the subject account (your wallet), the credential type, and any expiration. The credential object is created on-chain and sits in a pending state.

Step 2: Acceptance

You, as the subject, must explicitly accept the credential by submitting an CredentialAccept transaction from your own wallet. This is a deliberate design choice. You can't have a credential attached to your account without your consent. Once accepted, the credential is active.

Step 3: Verification

When you try to interact with a token or a DEX pool that has deposit authorization rules tied to credentials, the ledger checks your account for a matching, valid, non-expired credential. If it's there and accepted, the transaction goes through. If it's missing or expired, it fails.

Step 4: Revocation or Expiry

The issuing authority can revoke a credential at any time by submitting a CredentialDelete transaction. You can also delete your own credential if you no longer want it attached to your account. Credentials with an expiration date become invalid automatically after that date, without requiring any action.

How Credentials Connect to Token Access

XLS-70 credentials integrate directly with the deposit authorization mechanism on the XRP Ledger. Token issuers can configure their issuing accounts to require specific credentials before allowing a wallet to receive or trade their token.

This creates a compliance layer that's enforced at the protocol level, not by a third-party gatekeeper sitting off-chain. The ledger itself checks credential validity at transaction time.

For regulated tokens, such as tokenized securities, stablecoins subject to regional rules, or real-world asset tokens, this is significant. Issuers can enforce that only wallets holding a valid, issuer-recognized credential can participate. They don't need to maintain a separate allowlist database. The credential state on-chain is the source of truth.

For you as a token holder, this means your wallet's ability to hold certain tokens may depend on obtaining and accepting the right credentials from recognized issuers.

What This Means Day-to-Day for Token Holders

If you hold or plan to hold tokens on the XRPL, here's what changes practically.

First, you may need to complete a verification process with an approved credentialing authority before interacting with certain tokens. This process happens off-chain, but the result lands on-chain as a credential object.

Second, your credential has an expiration. If a token issuer requires a current credential and yours has lapsed, you won't be able to receive new transfers or trade until you renew. Monitoring expiration dates matters.

Third, your wallet remains in control. No credential can be attached to your account without your CredentialAccept transaction. This preserves self-custody principles while enabling compliance.

Fourth, if you switch wallets, credentials don't transfer. Each wallet address is credentialed independently. This is relevant if you migrate holdings across accounts.

The Difference Between Credentials and Trust Lines

XRPL already had trust lines, so it's fair to ask how credentials differ.

A trust line is a financial relationship between your wallet and a token issuer. It says you're willing to hold a specific token up to a limit. It's a balance mechanism.

A credential is an identity or compliance layer. It says something about who you are or what conditions you've met. These two things can work together. An issuer might require both an active trust line and a valid credential before your account can receive a regulated token. They solve different problems.

How Rhyzlo Fits Into This

Managing credentials at scale is non-trivial for token issuers. They need to integrate with credentialing authorities, track which wallets have accepted credentials, monitor expirations, and handle revocations. Rhyzlo's trust infrastructure platform is built to handle exactly this operational layer on the XRP Ledger.

For token holders, Rhyzlo provides visibility into credential status associated with your wallet and the tokens you interact with, so you're not flying blind on compliance requirements when they affect your access.

Common Questions

Can anyone issue a credential? Technically yes, any account can submit a CredentialCreate transaction. Whether that credential is recognized by a relying party is a separate question. Token issuers decide which credentialing authorities they trust.

Are credentials public? Credential objects are stored on the public ledger. The credential type is visible. This is a trade-off to be aware of: compliance data is verifiable on-chain, but it's also readable by anyone who queries the ledger.

What happens to my tokens if my credential expires? Existing token balances in your wallet are not affected by credential expiry. What changes is your ability to receive new transfers or execute certain transactions that the issuer has gated behind credential checks.

Is XLS-70 live on mainnet? XLS-70 was approved by the XRP Ledger validators and is part of the live ledger. Adoption depends on issuers integrating credential requirements into their token configurations.

Get Started with Credential-Ready Infrastructure

XRPL credentials are moving from spec to real-world use quickly. If you're issuing tokens or building on the XRP Ledger and need to manage credential requirements properly, Rhyzlo provides the infrastructure to do it without building everything from scratch.

Visit rhyzlo.com to explore how Rhyzlo's compliance and trust tools support XLS-70 credentials for token issuers and holders on the XRP Ledger.

Check any XRPL token before you trust it.

Go to Rhyzlo →