Professional Endorsements

Cryptographically-verified peer endorsements on the decentralized web

What Are Endorsements?

Endorsements on at://work are cryptographically-verified recommendations between professionals. Unlike traditional recommendation letters that can be easily fabricated, our endorsements use ATProtocol's cryptographic infrastructure to ensure that both parties genuinely agreed to the endorsement content.

πŸ” Why This Matters

Anyone can write a glowing review of themselves and claim someone else said it. With cryptographic endorsements, both the giver and receiver must publish signed proof records on their Personal Data Servers. This creates an unforgeable, verifiable chain of agreement that lives on the decentralized web.

Endorsements are public by design. They appear on your profile, in search results, and can be viewed by anyone. This transparency builds trust in professional relationships across the decentralized ecosystem.

How Endorsements Work

The Cryptographic Workflow

When you create an endorsement, a sophisticated verification process ensures authenticity:

Step 1: Draft Creation

You write an endorsement for someone in your dashboard. At this stage, it's just a draft stored locally on at://work. The recipient doesn't see it yet, and nothing is published to the network.

  • Who: The person giving the endorsement (you)
  • What: Draft text stored in the application database
  • Visibility: Private to you

Step 2: Proof Generation

When you finalize your draft, at://work calculates a Content Identifier (CID)β€”a cryptographic hash of the endorsement content. A place.atwork.endorsementProof record containing this CID is published to your Personal Data Server.

  • Who: You (the giver)
  • What: Proof record published to ATProto network
  • Contains: CID of the endorsement content
  • Purpose: Cryptographically commits you to the endorsement text

This proof says: "I, the owner of this identity, agree to this specific endorsement content (identified by CID)."

Step 3: Recipient Notification

The recipient sees a pending endorsement in their dashboard. They can:

  • Review the text: See exactly what you wrote about them
  • Accept: Agree to the endorsement and publish it
  • Reject: Decline the endorsement (nothing is published)

Step 4: Acceptance & Verification

If the recipient accepts, they publish two records to their Personal Data Server:

  1. Their own proof record: A place.atwork.endorsementProof with the same CID, proving they agree to the same content
  2. The endorsement: A place.atwork.endorsement record with the full text and references to both proof records

At the same time, you (the giver) publish your endorsement record with the same content.

Step 5: Automatic Validation

at://work's Jetstream consumer automatically validates endorsements as they appear on the network:

  • Calculates the CID of the endorsement content (excluding signatures)
  • Looks up each referenced proof record on the ATProto network
  • Verifies the proof's CID matches the calculated endorsement CID
  • Confirms both giver and receiver have published valid proofs

Only endorsements with matching proofs from both parties are marked as verified.

πŸ”¬ Technical Deep Dive: Why CIDs?

A Content Identifier (CID) is a cryptographic hash that uniquely identifies content. If even a single character changes in the endorsement text, the CID changes completely. This makes it impossible to:

  • Change the endorsement after publication without detection
  • Forge an endorsement from someone who didn't agree to it
  • Claim someone endorsed you when they only agreed to different text

Both parties must publish proof records with identical CIDs for validation to pass.

Giving an Endorsement

Who Can You Endorse?

You can endorse any identity on the ATProto network. The recipient must have a valid DID (Decentralized Identifier). You'll typically endorse:

  • Colleagues you've worked with directly
  • Team members you've managed or been managed by
  • Professionals you've collaborated with on projects
  • People whose work you can genuinely vouch for

Creating an Endorsement

  1. Log in to at://work with your ATProto identity
  2. Go to your Endorsements Dashboard
  3. Click "Create New Endorsement"
  4. Enter the recipient's handle (e.g., alice.bsky.social) or DID
  5. Write your endorsement text (up to 1,000 characters)
  6. Click "Save Draft" to review later, or "Finalize" to send immediately

πŸ“ Writing Effective Endorsements

Be specific: Instead of "Alice is great," try:

"Alice demonstrated exceptional problem-solving skills while architecting our distributed caching system. Her attention to scalability and performance helped our API handle 10x traffic growth with no downtime."

Be honest: Only endorse skills and qualities you've personally observed.

Be professional: Focus on work-related capabilities, accomplishments, and character.

Managing Your Drafts

Draft endorsements are private and can be:

  • Edited: Refine the text before finalizing
  • Deleted: Remove drafts you no longer wish to send
  • Finalized: Generate the proof record and notify the recipient

Once finalized, your proof record is published to the ATProto network and cannot be edited. The endorsement text is locked at this point.

Receiving an Endorsement

Pending Endorsements

When someone finalizes an endorsement for you, it appears in your Endorsements Dashboard under "Pending Proofs".

Reviewing & Deciding

You'll see:

  • Who wrote the endorsement (their handle and DID)
  • The full endorsement text
  • When it was created
  • The proof record AT-URI on their PDS

⚠️ Important: Accept or Reject Carefully

Once you accept an endorsement, two records are published to your Personal Data Server:

  • Your proof record (commits you cryptographically to the content)
  • The endorsement record (makes it public)

These records become part of the permanent ATProto network. While you can delete them from your PDS later, they may have been indexed and cached by other applications.

Only accept endorsements that accurately represent your work and relationship with the endorser.

Accepting an Endorsement

  1. Review the endorsement text carefully
  2. Verify you recognize the person giving the endorsement
  3. Ensure the content is accurate and appropriate
  4. Click "Accept"
  5. Your proof and endorsement records are published to your PDS
  6. The giver's endorsement record is also published to their PDS
  7. The endorsement appears on both of your profiles within seconds

Rejecting an Endorsement

If you don't wish to accept an endorsement:

  1. Click "Reject" in your dashboard
  2. The draft is removed from your pending list
  3. No records are published to the ATProto network
  4. The endorsement does not appear anywhere publicly

The giver's proof record remains on their PDS, but without a matching proof from you, the endorsement cannot be verified and won't display as valid.

Viewing & Discovering Endorsements

On Your Profile

Verified endorsements appear in a dedicated section on your public profile at /u/yourhandle. Each endorsement shows:

  • The giver's name and handle (with link to their profile)
  • The endorsement text
  • A verification checkmark (βœ“) if cryptographically validated
  • When it was created

Browsing All Endorsements

Visit /endorsements/{handle_or_did} to see all endorsements for a specific identity. The page includes:

  • Pagination for profiles with many endorsements
  • Verification status for each endorsement
  • Direct links to both giver and receiver profiles

Verification Indicators

Endorsements display their verification status:

  • βœ“ Verified: Both parties have published valid proof records with matching CIDs
  • ⚠ Unverified: Missing or mismatched proof records (suspicious)

πŸ’‘ Trust Verified Endorsements

Only verified endorsements carry weight. An unverified endorsement means the cryptographic proof chain is brokenβ€”either the giver or receiver (or both) didn't publish proper proofs, or the content was altered.

Privacy & Control

What's Public?

  • Accepted endorsements (visible to everyone)
  • Proof records on your PDS (visible to anyone who knows the AT-URI)
  • Your public endorsements list at /endorsements/{yourhandle}

What's Private?

  • Endorsement drafts (only visible to you)
  • Pending endorsements awaiting your acceptance (only visible to you)
  • Rejected endorsements (not stored anywhere)

Deleting Endorsements

You can delete endorsement records from your Personal Data Server at any time through your Endorsements Dashboard. However:

  • The deletion only removes the record from your PDS
  • The other party's records remain on their PDS
  • at://work and other applications may have cached the endorsement
  • Proof records persist separately and must be deleted independently

Best practice: Only accept endorsements you're comfortable having permanently associated with your identity.

ATProtocol & Data Ownership

Your endorsement records are stored as:

  • place.atwork.endorsement - The endorsement record with text and signatures
  • place.atwork.endorsementProof - The cryptographic proof record with CID

These live in your repository on your Personal Data Server. You own them completely. If you switch PDS providers, your endorsements move with you. Other ATProto applications can read and display your endorsements using the same lexicon types.

Security & Trust

What Makes This Secure?

The endorsement system uses multiple layers of cryptographic security:

πŸ” Identity Verification

All records are published to Personal Data Servers controlled by cryptographic keys. Only the owner of a DID can publish records to their repository. You can't forge someone else's endorsement because you don't have their private keys.

πŸ”— Content Integrity

CIDs ensure content hasn't been tampered with. If someone tries to modify an endorsement after publication, the CID changes and verification fails. The original proof records would no longer match.

🀝 Mutual Agreement

Both parties must explicitly publish proof records. This creates a cryptographic signature from both the giver ("I wrote this") and the receiver ("I agree this was written about me"). Neither party can unilaterally create a verified endorsement.

🌐 Decentralized Verification

Proof records live on Personal Data Servers across the network, not in a centralized database that could be manipulated. Anyone can independently verify endorsements by fetching the proof records and checking CIDs.

Can Endorsements Be Faked?

No, not if properly verified. To fake an endorsement, an attacker would need to:

  • Compromise the giver's private keys to publish a proof on their PDS
  • Compromise the receiver's private keys to publish matching proof and endorsement
  • Calculate a CID collision (cryptographically infeasible with SHA-256)

This makes forgery effectively impossible. Always check for the verification checkmark (βœ“) when viewing endorsements.

What If I Lose Access to My PDS?

Your endorsements are tied to your DID, not your PDS host. If you migrate to a new PDS:

  • Your endorsement records move with your repository
  • Proof records remain cryptographically valid
  • Verification continues to work because it's based on DIDs, not server locations

However, if you permanently lose access to your identity (lose your private keys), you lose the ability to manage those endorsement records. This is true of all ATProtocol data.

Use Cases & Best Practices

When to Give Endorsements

  • After successfully completing a project together
  • When leaving a job and wanting to recognize colleagues
  • Following a positive consulting engagement
  • To vouch for someone's skills when they're job hunting
  • As part of performance reviews or professional development

When NOT to Give Endorsements

  • For people you've never worked with directly
  • Based solely on reputation or second-hand information
  • As a favor without genuine knowledge of their work
  • When you can't honestly vouch for specific skills or qualities

🎯 Building a Strong Professional Reputation

Focus on quality over quantity. A few specific, verified endorsements from respected professionals carry far more weight than dozens of generic endorsements.

Consider asking for endorsements from:

  • Former managers or tech leads
  • Project collaborators who can speak to specific skills
  • Clients or stakeholders who benefited from your work
  • Peers who worked closely with you on challenging problems

Endorsements vs. Recommendations

Traditional platforms have recommendation systems where anyone can write anything. at://work's endorsements differ in key ways:

Feature Traditional Recommendations at://work Endorsements
Verification Self-reported Cryptographically verified
Agreement One-way (giver writes, receiver displays) Two-way (both parties must agree)
Editing Can be edited after publication Immutable after acceptance
Ownership Platform owns the data You own the data on your PDS
Portability Locked to platform Portable across ATProto ecosystem

Technical Details

Lexicon Types

Endorsements use two ATProto lexicon types:

place.atwork.endorsement

{
  "giver": "did:plc:abc123...",
  "receiver": "did:plc:xyz789...",
  "text": "Alice is an exceptional engineer...",
  "createdAt": "2025-10-10T14:30:00Z",
  "signatures": [
    {
      "uri": "at://did:plc:abc123.../place.atwork.endorsementProof/...",
      "cid": "bafyreib2rxk3rzy6fvzadmkkz4zp7aqu7gjfxq2gv7jpwnqhg3j7qnvqke"
    },
    {
      "uri": "at://did:plc:xyz789.../place.atwork.endorsementProof/...",
      "cid": "bafyreib2rxk3rzy6fvzadmkkz4zp7aqu7gjfxq2gv7jpwnqhg3j7qnvqke"
    }
  ]
}

place.atwork.endorsementProof

{
  "cid": "bafyreib2rxk3rzy6fvzadmkkz4zp7aqu7gjfxq2gv7jpwnqhg3j7qnvqke"
}

Validation Algorithm

To verify an endorsement:

  1. Fetch the endorsement record from the receiver's PDS
  2. Calculate the CID of the endorsement content (giver + receiver + text + createdAt, excluding signatures)
  3. For each signature reference, fetch the proof record from the referenced PDS
  4. Compare the proof's CID with the calculated endorsement CID
  5. Verify that at least one proof is from the giver's DID and one from the receiver's DID
  6. If all CIDs match, the endorsement is verified βœ“

Real-Time Updates

at://work uses Jetstream to consume ATProto firehose events in real-time. When endorsement or proof records are created, updated, or deleted on the network:

  • Events arrive within seconds via WebSocket connection
  • Records are automatically indexed in the database
  • Validation runs asynchronously in the background
  • Profile pages update immediately with verification status

Storage & Indexing

at://work maintains three database tables for endorsements:

  • endorsement_drafts: Private drafts before finalization
  • endorsement_proofs: Proof records from the ATProto network
  • endorsements: Published endorsement records with validation status

The validated_proofs field in the endorsements table stores an array of proof AT-URIs that have been cryptographically verified. This enables fast lookups without re-validating on every page load.

Common Questions

Can I endorse myself?

Technically possible, but pointless. Self-endorsements have no credibility and are easily identified (giver and receiver DIDs are identical). Focus on building genuine endorsements from others.

What happens if I change my handle?

Your endorsements are tied to your DID, not your handle. If you change handles, your endorsements automatically appear on your new profile URL. The proof records and validation remain intact because DIDs don't change when handles change.

Can I edit an endorsement after acceptance?

No. Once accepted, the endorsement content is cryptographically locked via the proof CIDs. Any edit would break verification. To change an endorsement, you must delete the existing one and create a new one, requiring both parties to agree again.

How many endorsements should I aim for?

There's no magic number. Focus on quality and relevance. 3-5 strong endorsements from respected professionals in your field are more valuable than 50 generic ones. Choose endorsements that showcase different skills or perspectives on your work.

Can endorsements be anonymous?

No. The entire system relies on verifiable identities. Both giver and receiver must have DIDs and publish records to their PDSs. Anonymity would undermine the trust and verification that makes endorsements valuable.

What if someone endorses me with inaccurate information?

You have complete control. Simply reject the endorsement, and it will never be published. If you accidentally accepted an inaccurate endorsement, you can delete it from your dashboard, which removes the records from your PDS (though the giver's records remain on their PDS).

Are endorsements searchable?

Currently, endorsements appear on profiles but aren't directly searchable as a primary filter. This may change in future versions. However, profiles with endorsements may rank higher in search results as a trust signal.

Can other ATProto apps display my endorsements?

Yes! Because endorsements use standardized place.atwork.* lexicon types, any application that understands these types can read and display your endorsements. Your professional reputation is portable across the decentralized ecosystem.

What prevents endorsement spam?

Multiple factors prevent spam:

  • Recipients must explicitly accept each endorsement
  • Unverified endorsements don't display or carry weight
  • Creating proof records requires access to your PDS and authentication
  • Rate limiting prevents bulk endorsement creation
  • Spam endorsements harm the giver's reputation more than they help

How long do endorsements last?

Indefinitely, unless deleted. Unlike job listings that expire, endorsements are permanent professional references. They remain valid as long as the records exist on both parties' PDSs.

πŸ”— Next Steps