Nexu certificates carry a scannable QR code that links to a public verification page. Anyone — employers, inspectors, or health authorities — can open that URL and confirm the certificate is authentic without creating an account or logging in. The verification page reads exclusively from theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Stivenz3/Nexu/llms.txt
Use this file to discover all available pages before exploring further.
certificatePublic Firestore collection, which is intentionally separate from the private certificates data.
Route and Access
The verification route is/verificar/:code, rendered by VerificationPage. This page has no authentication requirement — it is accessible in an incognito window, on a mobile device that has never visited Nexu, or by scanning the QR on a printed certificate.
VerificationPage reads the :code URL parameter and calls getPublicVerification(code). If no matching document is found, a “Certificado no encontrado” error state is shown. No backend function, no auth token, no session.
Service Function: getPublicVerification
verifyCode.toUpperCase() (the canonical format), and if that document does not exist, falls back to the code as supplied. This ensures codes typed in lowercase or mixed-case still resolve correctly.
Internally, it reads the single document at certificatePublic/{verifyCode} from Firestore and maps it to a PublicVerificationView via the private mapPublic helper, which also recomputes the live status using resolveStatus(expiresAt, isValid).
PublicVerificationView Fields
| Field | Type | Description |
|---|---|---|
verifyCode | string | The verification code (e.g. NX-AB12CD34EF) |
userName | string | Full name of the certificate holder |
userDocumentMasked | string | Masked ID — e.g. CC. ***6789 |
lessonTitle | string | Display title of the course or legacy lesson |
courseName | string | "Buenas Prácticas de Manufactura" |
finalScore | number | Average exam score across all completed lessons (0–100) |
completedLessons | CompletedLessonSnapshot[] | Array of passed lesson snapshots with per-lesson scores |
issuedAt | Date | Date the certificate was issued |
expiresAt | Date | Date the certificate expires (issuedAt + 1 year) |
status | 'valid' | 'expired' | 'revoked' | Live status at time of verification |
Status Resolution
Thestatus field is not read from Firestore — it is re-evaluated on every verification request using:
valid at creation will automatically transition to expired after one year, with no background job or Firestore update required.
Firestore Rule for Public Collection
ThecertificatePublic collection has allow read: if true — unauthenticated reads are explicitly permitted. Writes are restricted to the authenticated owner, and updates and deletes are completely denied:
Privacy Model
All personal data stored incertificatePublic is limited to what is necessary for verification. The document number is masked before it is ever written to the public collection:
userDocument field lives only in certificates/{certificateId}, which is readable solely by the authenticated owner.
Testing Verification
To manually verify a certificate end-to-end:Complete the course
Log in, complete all available lessons, and pass each final exam with a score of 70% or higher.
Open the official certificate page
Navigate to
/certificado/documento. The certificate with the QR code and verification URL is displayed in the ActionsCard.Copy the verification link
Click “Compartir verificación” to copy the
qrVerifyUrl to the clipboard, or scan the QR code directly.Open in incognito mode
Paste the URL into a private/incognito browser window where you are not logged in to Nexu. The
VerificationPage should load and display the certificate holder’s name, masked document, course name, score, and validity dates.Maintenance Notes
The public verification page reads only from
certificatePublic. It does not call any Cloud Function, does not query the private certificates collection, and does not require any authentication context. When new lessons are added to the course, no changes are needed in VerificationPage or getPublicVerification — the completedLessons snapshot stored at certificate creation time already captures whatever lessons the user passed.