Movilitas.Cloud provides Movilitas DSCSA, a free mobile application designed to help wholesalers, pharmacists, and other supply chain stakeholders perform secure product identifier verifications in line with the U.S. Drug Supply Chain Security Act (DSCSA). Built on open standards and designed for mobile, Movilitas DSCSA ensures every verification request is securely linked to the user's verified identity and DSCSA Authorized Trading Partner (ATP) status. The app uses digital credentials based on the **Open Credentialing Initiative (OCI)** specifications, providing a standards-based foundation of trust across the supply chain.
Here we explain how users can connect their OCI-compliant CARO-managed ATP credential to Movilitas DSCSA and start submitting authenticated Verification Router Service (VRS) requests immediately. These credentials confirm ATP status and ensure seamless interoperability with the VRS network. Note that we also offer OCI-compliant Authority and ATP Equivalent credentials for regulators and ATP-like entities, respectively. These work in the same manner as ATP credentials.
For more guidance on CARO’s features, read the complete Trading Partner Guide.
All our documents are updated continuously. Please check back frequently, as new features and functionalities will be added to our applications and explained here.
<aside> ❗
Follow these steps sequentially and use only the links provided below.
</aside>
<aside> ℹ️
To get an ATP credential and monitor all credential verification events, you need a CARO Enterprise Account. Upon initial account registration, you will undergo a one-time due diligence process that involves an identity and authorization check. This establishes your organization as a legitimate entity in the system.
</aside>
To get your ATP credential, you must register with :spherity_icon_gradient: CARO first. If you have not received a referral link from a business partner, please contact us.
Once you have received an email invite, accept it by following the link in the email. If you cannot see the invite in your inbox, refer to CARO emails not arriving in your inbox?
On the CARO log-in screen you can check your details and set a password. After log-in, you will be forwarded to the CARO Dashboard.
For as long as you are setting up your new CARO Enterprise Account, the dashboard will show you a Getting started section. Simply follow the in-app steps to get set up with your first two essential DSCSA credentials.
🛡️ We recommend that you have your DEA Signing Certificate ready for verification.
The DEA Signing Certificate not only validates the existence and identity of the organization, but also validates the identity and authority of the representative. It is therefore the quickest and simplest method for complete identity proofing.
The DEA reassures registrants that the use of the DEA Signing Certificate is acceptable for this purpose. It was foreseen and specifically allowed for by the DEA in their policy manual CSOS Certificate Policy, Version 4.1, January 2015, section 1.4.1 Appropriate Certificate Uses.
If you are unsure, you may want to watch our short video that walks you through the onboarding process.
https://www.youtube.com/watch?v=TDEOQFMK-eo
Download the free Movilitas DSCSA app from ****App Store or Google Play to your mobile phone.
On the registration screen do not request a DID because you already have one from CARO!
Simply follow the instructions in section Connect your ATP credential to Movilitas DSCSA below.
Do not request a DID on the Movilitas DSCSA registration screen.
The last step is to ensure that Movilitas DSCSA uses your ATP credential. It needs to know that you use the CARO system. All you need to do is to give it your CARO identifier (aka DID). This is a one-off registration process unless the app is uninstalled and re-installed on your phone.
<aside> ❗
Generally, we advise to keep your DID strictly confidential. Never publish it. Do not share it by email. Treat it like a sensitive password. Always be sure that you trust the party with whom you are sharing your DID!
</aside>
Now you are all set to scan products and send VRS requests with your ATP credential attached.