updates‎ > ‎

Trust Token API


You can manually enable this feature on your build of Chrome by using the "--enable-features=TrustTokens" command line flag (or setting chrome://flags/#trust-tokens to enabled); in order to execute Trust Tokens operations, you'll need an origin trial token present or to have provided the additional (...and unfortunately wordy) command-line flag --enable-blink-features=TrustTokens,TrustTokensAlwaysAllowIssuance. If you are experimenting with a new issuer, you can manually provide the Trust Token key commitments via the “--additional-trust-token-key-commitments=’{ "<issuer origin>": <key commitment response> }’” flag.

Process for registering as an issuer: https://docs.google.com/document/d/1cvUdAmcstH6khLL7OrLde4TnaPaMF1qPp3i-2XR46kU/

If you are trying to register as a developer to use the Trust Token APIs to issue/redeem, please follow the standard Origin Trial registration process: https://github.com/GoogleChrome/OriginTrials/blob/gh-pages/developer-guide.md

If you have questions/suggestions related to the web API or protocol that needs clarification, please file an issue at: https://github.com/WICG/trust-token-api/issues/
If you have questions/suggestions related to the Chrome origin trial or implementation, please file a bug at: Chromium Bug Tracker

Launch Timeline

Last updated November 20, 2020.

The Trust Token API has been running in Origin Trial since Chrome 84, running at 50% on Dev/Canary/Beta and 10% on Stable. It is currently running through to Chrome 91.

Chrome 84-88 supports TrustTokenV1 which includes verification of the Redemption Record.

Starting in Chrome 88, the Trust Token API in Chrome will will support TrustTokenV2 which renames a few APIs and no longer verifies the Redemption Record, allowing issuers to use it as a free-form record. Additionally, TrustTokenV2 supports two operating modes, a faster variant based on VOPRFs that supports 6 public buckets (using 6 keys in the key commitment) and the slower private metadata variant using PMBTokens that supports 3 public buckets and 1 private biut (using 3 keys in the key commitments).

Key commitments for Chrome 88 onward can omit the 'srrkey' field in the key commitment.

For the full Chrome release schedule, see here.