EUDIPLO Service API main¶
This is the API documentation for the EUDIPLO Service, which provides credential issuance and verification services
App¶
GET /¶
Main endpoint providing service info
Response 200 OK
GET /health¶
Endpoint to check the health of the service.
Response 200 OK
{
"status": "ok",
"info": {
"database": {
"status": "up"
}
},
"error": {},
"details": {
"database": {
"status": "up"
}
}
}
Schema of the response body
{
"type": "object",
"properties": {
"status": {
"type": "string",
"example": "ok"
},
"info": {
"type": "object",
"example": {
"database": {
"status": "up"
}
},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
},
"nullable": true
},
"error": {
"type": "object",
"example": {},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
},
"nullable": true
},
"details": {
"type": "object",
"example": {
"database": {
"status": "up"
}
},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
}
}
}
}
Response 503 Service Unavailable
{
"status": "error",
"info": {
"database": {
"status": "up"
}
},
"error": {
"redis": {
"status": "down",
"message": "Could not connect"
}
},
"details": {
"database": {
"status": "up"
},
"redis": {
"status": "down",
"message": "Could not connect"
}
}
}
Schema of the response body
{
"type": "object",
"properties": {
"status": {
"type": "string",
"example": "error"
},
"info": {
"type": "object",
"example": {
"database": {
"status": "up"
}
},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
},
"nullable": true
},
"error": {
"type": "object",
"example": {
"redis": {
"status": "down",
"message": "Could not connect"
}
},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
},
"nullable": true
},
"details": {
"type": "object",
"example": {
"database": {
"status": "up"
},
"redis": {
"status": "down",
"message": "Could not connect"
}
},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
}
}
}
}
Tenant¶
GET /tenant¶
Get all tenants
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
[
{
"sessionConfig": null,
"statusListConfig": null,
"id": "string",
"name": "string",
"description": "string",
"status": "string",
"clients": [
{
"allowedPresentationConfigs": [
"age-verification",
"kyc-basic"
],
"allowedIssuanceConfigs": [
"pid",
"mdl"
],
"clientId": "string",
"secret": "string",
"tenantId": "string",
"description": "string",
"roles": [
"presentation:manage"
],
"tenant": null
}
]
}
]
POST /tenant¶
Initialize a tenant
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"statusListConfig": null,
"sessionConfig": null,
"roles": [
"presentation:manage"
],
"id": "string",
"name": "string",
"description": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"statusListConfig": {
"nullable": true,
"description": "Status list configuration for this tenant. Only affects newly created status lists.",
"allOf": [
{
"$ref": "#/components/schemas/StatusListConfig"
}
]
},
"sessionConfig": {
"description": "Session storage configuration. Controls TTL and cleanup behavior.",
"allOf": [
{
"$ref": "#/components/schemas/SessionStorageConfig"
}
]
},
"roles": {
"type": "array",
"items": {
"type": "string",
"enum": [
"presentation:manage",
"presentation:request",
"issuance:manage",
"issuance:offer",
"clients:manage",
"tenants:manage",
"registrar:manage"
]
}
},
"id": {
"type": "string",
"description": "The unique identifier for the tenant."
},
"name": {
"type": "string",
"description": "The name of the tenant."
},
"description": {
"type": "string",
"description": "The description of the tenant."
}
},
"required": [
"id",
"name"
]
}
Response 201 Created
GET /tenant/{id}¶
Get a tenant by ID
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
{
"sessionConfig": null,
"statusListConfig": null,
"id": "string",
"name": "string",
"description": "string",
"status": "string",
"clients": [
{
"allowedPresentationConfigs": [
"age-verification",
"kyc-basic"
],
"allowedIssuanceConfigs": [
"pid",
"mdl"
],
"clientId": "string",
"secret": "string",
"tenantId": "string",
"description": "string",
"roles": [
"presentation:manage"
],
"tenant": null
}
]
}
Schema of the response body
{
"type": "object",
"properties": {
"sessionConfig": {
"nullable": true,
"description": "Session storage configuration for this tenant. Controls TTL and cleanup behavior.",
"allOf": [
{
"$ref": "#/components/schemas/SessionStorageConfig"
}
]
},
"statusListConfig": {
"nullable": true,
"description": "Status list configuration for this tenant. Only affects newly created status lists.",
"allOf": [
{
"$ref": "#/components/schemas/StatusListConfig"
}
]
},
"id": {
"type": "string",
"description": "The unique identifier for the tenant."
},
"name": {
"type": "string",
"description": "The name of the tenant."
},
"description": {
"type": "string",
"description": "The description of the tenant."
},
"status": {
"type": "string",
"description": "The current status of the tenant."
},
"clients": {
"description": "The clients associated with the tenant.",
"type": "array",
"items": {
"$ref": "#/components/schemas/ClientEntity"
}
}
},
"required": [
"id",
"name",
"status",
"clients"
]
}
PATCH /tenant/{id}¶
Update a tenant by ID
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Request body
{
"statusListConfig": null,
"sessionConfig": null,
"name": "string",
"description": "string",
"roles": [
"presentation:manage"
]
}
Schema of the request body
{
"type": "object",
"properties": {
"statusListConfig": {
"nullable": true,
"description": "Status list configuration for this tenant. Only affects newly created status lists.",
"allOf": [
{
"$ref": "#/components/schemas/StatusListConfig"
}
]
},
"sessionConfig": {
"description": "Session storage configuration. Controls TTL and cleanup behavior.",
"allOf": [
{
"$ref": "#/components/schemas/SessionStorageConfig"
}
]
},
"name": {
"type": "string",
"description": "The name of the tenant."
},
"description": {
"type": "string",
"description": "The description of the tenant."
},
"roles": {
"type": "array",
"items": {
"type": "string",
"enum": [
"presentation:manage",
"presentation:request",
"issuance:manage",
"issuance:offer",
"clients:manage",
"tenants:manage",
"registrar:manage"
]
}
}
}
}
Response 200 OK
{
"sessionConfig": null,
"statusListConfig": null,
"id": "string",
"name": "string",
"description": "string",
"status": "string",
"clients": [
{
"allowedPresentationConfigs": [
"age-verification",
"kyc-basic"
],
"allowedIssuanceConfigs": [
"pid",
"mdl"
],
"clientId": "string",
"secret": "string",
"tenantId": "string",
"description": "string",
"roles": [
"presentation:manage"
],
"tenant": null
}
]
}
Schema of the response body
{
"type": "object",
"properties": {
"sessionConfig": {
"nullable": true,
"description": "Session storage configuration for this tenant. Controls TTL and cleanup behavior.",
"allOf": [
{
"$ref": "#/components/schemas/SessionStorageConfig"
}
]
},
"statusListConfig": {
"nullable": true,
"description": "Status list configuration for this tenant. Only affects newly created status lists.",
"allOf": [
{
"$ref": "#/components/schemas/StatusListConfig"
}
]
},
"id": {
"type": "string",
"description": "The unique identifier for the tenant."
},
"name": {
"type": "string",
"description": "The name of the tenant."
},
"description": {
"type": "string",
"description": "The description of the tenant."
},
"status": {
"type": "string",
"description": "The current status of the tenant."
},
"clients": {
"description": "The clients associated with the tenant.",
"type": "array",
"items": {
"$ref": "#/components/schemas/ClientEntity"
}
}
},
"required": [
"id",
"name",
"status",
"clients"
]
}
DELETE /tenant/{id}¶
Deletes a tenant by ID
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
Client¶
GET /client¶
Get all clients for a user
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
[
{
"allowedPresentationConfigs": [
"age-verification",
"kyc-basic"
],
"allowedIssuanceConfigs": [
"pid",
"mdl"
],
"clientId": "string",
"secret": "string",
"tenantId": "string",
"description": "string",
"roles": [
"presentation:manage"
],
"tenant": null
}
]
POST /client¶
Create a new client
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"allowedPresentationConfigs": [
"age-verification",
"kyc-basic"
],
"allowedIssuanceConfigs": [
"pid",
"mdl"
],
"clientId": "string",
"secret": "string",
"description": "string",
"roles": [
"presentation:manage"
]
}
Schema of the request body
{
"type": "object",
"properties": {
"allowedPresentationConfigs": {
"nullable": true,
"description": "List of presentation config IDs this client can use. If empty/null, all configs are allowed.",
"example": [
"age-verification",
"kyc-basic"
],
"type": "array",
"items": {
"type": "string"
}
},
"allowedIssuanceConfigs": {
"nullable": true,
"description": "List of issuance config IDs this client can use. If empty/null, all configs are allowed.",
"example": [
"pid",
"mdl"
],
"type": "array",
"items": {
"type": "string"
}
},
"clientId": {
"type": "string",
"description": "The unique identifier for the client."
},
"secret": {
"type": "string",
"description": "The secret key for the client."
},
"description": {
"type": "string",
"description": "The description of the client."
},
"roles": {
"type": "array",
"description": "The roles assigned to the client.",
"items": {
"type": "string",
"enum": [
"presentation:manage",
"presentation:request",
"issuance:manage",
"issuance:offer",
"clients:manage",
"tenants:manage",
"registrar:manage"
]
}
}
},
"required": [
"clientId",
"roles"
]
}
Response 201 Created
{
"allowedPresentationConfigs": [
"age-verification",
"kyc-basic"
],
"allowedIssuanceConfigs": [
"pid",
"mdl"
],
"clientId": "string",
"secret": "string",
"tenantId": "string",
"description": "string",
"roles": [
"presentation:manage"
],
"tenant": null
}
Schema of the response body
{
"type": "object",
"properties": {
"allowedPresentationConfigs": {
"nullable": true,
"description": "List of presentation config IDs this client can use. If empty/null, all configs are allowed.",
"example": [
"age-verification",
"kyc-basic"
],
"type": "array",
"items": {
"type": "string"
}
},
"allowedIssuanceConfigs": {
"nullable": true,
"description": "List of issuance config IDs this client can use. If empty/null, all configs are allowed.",
"example": [
"pid",
"mdl"
],
"type": "array",
"items": {
"type": "string"
}
},
"clientId": {
"type": "string",
"description": "The unique identifier for the client."
},
"secret": {
"type": "string",
"description": "The secret key for the client."
},
"tenantId": {
"type": "string",
"description": "The unique identifier for the tenant that the client belongs to. Only null for accounts that manage tenants, that do not belong to a client"
},
"description": {
"type": "string",
"description": "The description of the client."
},
"roles": {
"description": "The roles assigned to the client.",
"type": "array",
"items": {
"type": "string",
"enum": [
"presentation:manage",
"presentation:request",
"issuance:manage",
"issuance:offer",
"clients:manage",
"tenants:manage",
"registrar:manage"
]
}
},
"tenant": {
"description": "The tenant that the client belongs to.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
}
},
"required": [
"clientId",
"roles"
]
}
GET /client/{id}¶
Get a client by its id
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
{
"allowedPresentationConfigs": [
"age-verification",
"kyc-basic"
],
"allowedIssuanceConfigs": [
"pid",
"mdl"
],
"clientId": "string",
"secret": "string",
"tenantId": "string",
"description": "string",
"roles": [
"presentation:manage"
],
"tenant": null
}
Schema of the response body
{
"type": "object",
"properties": {
"allowedPresentationConfigs": {
"nullable": true,
"description": "List of presentation config IDs this client can use. If empty/null, all configs are allowed.",
"example": [
"age-verification",
"kyc-basic"
],
"type": "array",
"items": {
"type": "string"
}
},
"allowedIssuanceConfigs": {
"nullable": true,
"description": "List of issuance config IDs this client can use. If empty/null, all configs are allowed.",
"example": [
"pid",
"mdl"
],
"type": "array",
"items": {
"type": "string"
}
},
"clientId": {
"type": "string",
"description": "The unique identifier for the client."
},
"secret": {
"type": "string",
"description": "The secret key for the client."
},
"tenantId": {
"type": "string",
"description": "The unique identifier for the tenant that the client belongs to. Only null for accounts that manage tenants, that do not belong to a client"
},
"description": {
"type": "string",
"description": "The description of the client."
},
"roles": {
"description": "The roles assigned to the client.",
"type": "array",
"items": {
"type": "string",
"enum": [
"presentation:manage",
"presentation:request",
"issuance:manage",
"issuance:offer",
"clients:manage",
"tenants:manage",
"registrar:manage"
]
}
},
"tenant": {
"description": "The tenant that the client belongs to.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
}
},
"required": [
"clientId",
"roles"
]
}
PATCH /client/{id}¶
Update a client by its id
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Request body
{
"allowedPresentationConfigs": [
"age-verification",
"kyc-basic"
],
"allowedIssuanceConfigs": [
"pid",
"mdl"
],
"description": "string",
"roles": [
"presentation:manage"
]
}
Schema of the request body
{
"type": "object",
"properties": {
"allowedPresentationConfigs": {
"nullable": true,
"description": "List of presentation config IDs this client can use. If empty/null, all configs are allowed.",
"example": [
"age-verification",
"kyc-basic"
],
"type": "array",
"items": {
"type": "string"
}
},
"allowedIssuanceConfigs": {
"nullable": true,
"description": "List of issuance config IDs this client can use. If empty/null, all configs are allowed.",
"example": [
"pid",
"mdl"
],
"type": "array",
"items": {
"type": "string"
}
},
"description": {
"type": "string",
"description": "The description of the client."
},
"roles": {
"type": "array",
"description": "The roles assigned to the client.",
"items": {
"type": "string",
"enum": [
"presentation:manage",
"presentation:request",
"issuance:manage",
"issuance:offer",
"clients:manage",
"tenants:manage",
"registrar:manage"
]
}
}
},
"required": [
"roles"
]
}
Response 200 OK
DELETE /client/{id}¶
Get a client by its id
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
GET /client/{id}/secret¶
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
POST /client/{id}/rotate-secret¶
Rotate (regenerate) a client's secret. Returns the new secret for one-time display - save it immediately!
Users with tenants:manage role can rotate secrets for any client.
Users with clients:manage role can only rotate secrets for clients in their
tenant.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 201 Created
Certificate¶
GET /certs¶
Get all certificates for the authenticated tenant. Can be filtered by keyId using query parameter.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
keyId |
query | string | No |
Response 200 OK
[
{
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": [
"string"
],
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"kmsProvider": "string",
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
]
POST /certs¶
Add a new certificate to a key. If no certificate is provided, a self-signed certificate will be generated.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"certUsageTypes": [
"access"
],
"crt": [
"string"
],
"subjectName": "string",
"description": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"keyId": {
"type": "string",
"description": "The key ID this certificate is associated with",
"example": "039af178-3ca0-48f4-a2e4-7b1209f30376"
},
"id": {
"type": "string"
},
"certUsageTypes": {
"description": "Usage types for the certificate.",
"type": "array",
"items": {
"type": "string",
"enum": [
"access",
"signing",
"trustList",
"statusList"
]
}
},
"crt": {
"description": "Certificate chain in PEM format (leaf first, then intermediates/CA).\nIf not provided, a self-signed certificate will be generated.",
"type": "array",
"items": {
"type": "string"
}
},
"subjectName": {
"type": "string",
"description": "Subject name (CN) for self-signed certificate generation.\nIf not provided, the tenant name will be used."
},
"description": {
"type": "string",
"description": "Description of the key."
}
},
"required": [
"keyId",
"certUsageTypes"
]
}
Response 201 Created
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
GET /certs/{certId}¶
Get a specific certificate by ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
certId |
path | string | No |
Response 200 OK
{
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": [
"string"
],
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": [
"string"
],
"usages": null,
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"kmsProvider": "string",
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
}
],
"description": "string",
"key": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"keyId": {
"type": "string",
"description": "The key ID this certificate is associated with",
"example": "039af178-3ca0-48f4-a2e4-7b1209f30376"
},
"id": {
"type": "string",
"description": "Unique identifier for the key."
},
"tenantId": {
"type": "string",
"description": "Tenant ID for the key."
},
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"crt": {
"description": "Certificate chain in PEM format (leaf first, then intermediates/CA).",
"type": "array",
"items": {
"type": "string"
}
},
"usages": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CertUsageEntity"
}
},
"description": {
"type": "string",
"description": "Description of the key."
},
"key": {
"$ref": "#/components/schemas/KeyEntity"
},
"createdAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the certificate was created."
},
"updatedAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the certificate was last updated."
}
},
"required": [
"keyId",
"id",
"tenantId",
"tenant",
"crt",
"usages",
"key",
"createdAt",
"updatedAt"
]
}
PATCH /certs/{certId}¶
Update certificate metadata (description and usage types).
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
certId |
path | string | No |
Request body
{
"certUsageTypes": [
"access"
],
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": [
"string"
],
"usages": null,
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"kmsProvider": "string",
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
}
],
"description": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"certUsageTypes": {
"type": "array",
"description": "Usage types for the certificate.",
"items": {
"type": "string",
"enum": [
"access",
"signing",
"trustList",
"statusList"
]
}
},
"usages": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CertUsageEntity"
}
},
"description": {
"type": "string",
"description": "Description of the key."
}
},
"required": [
"certUsageTypes",
"usages"
]
}
Response 200 OK
DELETE /certs/{certId}¶
Delete a certificate.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
certId |
path | string | No |
Response 200 OK
GET /certs/{certId}/config¶
Export the configuration of a certificate for import/export purposes.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
certId |
path | string | No |
Response 200 OK
{
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"certUsageTypes": [
"access"
],
"crt": [
"string"
],
"subjectName": "string",
"description": "string"
}
Schema of the response body
{
"type": "object",
"properties": {
"keyId": {
"type": "string",
"description": "The key ID this certificate is associated with",
"example": "039af178-3ca0-48f4-a2e4-7b1209f30376"
},
"id": {
"type": "string"
},
"certUsageTypes": {
"description": "Usage types for the certificate.",
"type": "array",
"items": {
"type": "string",
"enum": [
"access",
"signing",
"trustList",
"statusList"
]
}
},
"crt": {
"description": "Certificate chain in PEM format (leaf first, then intermediates/CA).\nIf not provided, a self-signed certificate will be generated.",
"type": "array",
"items": {
"type": "string"
}
},
"subjectName": {
"type": "string",
"description": "Subject name (CN) for self-signed certificate generation.\nIf not provided, the tenant name will be used."
},
"description": {
"type": "string",
"description": "Description of the key."
}
},
"required": [
"keyId",
"certUsageTypes"
]
}
status-list-config¶
GET /status-list-config¶
Get status list configuration
Description
Returns the current status list configuration for the tenant. Fields not set use global defaults.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
{
"capacity": 10000,
"bits": 10.12,
"ttl": 3600,
"immediateUpdate": true,
"enableAggregation": true
}
Schema of the response body
{
"type": "object",
"properties": {
"capacity": {
"type": "number",
"description": "The capacity of the status list. If not set, uses global STATUS_CAPACITY.",
"example": 10000,
"minimum": 100
},
"bits": {
"type": "number",
"description": "Bits per status entry: 1 (valid/revoked), 2 (with suspended), 4/8 (extended). If not set, uses global STATUS_BITS.",
"enum": [
1,
2,
4,
8
],
"default": 1
},
"ttl": {
"type": "number",
"description": "TTL in seconds for the status list JWT. If not set, uses global STATUS_TTL.",
"example": 3600,
"minimum": 60
},
"immediateUpdate": {
"type": "boolean",
"description": "If true, regenerate JWT immediately on status changes. If false (default), use lazy regeneration on TTL expiry.",
"default": false
},
"enableAggregation": {
"type": "boolean",
"description": "If true, include aggregation_uri in status list JWTs for pre-fetching support (default: true).",
"default": true
}
}
}
PUT /status-list-config¶
Update status list configuration
Description
Update the status list configuration. Changes only affect newly created status lists. Set a field to null to reset to global default.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"capacity": 10000,
"bits": 10.12,
"ttl": 3600,
"immediateUpdate": true,
"enableAggregation": true
}
Schema of the request body
{
"type": "object",
"properties": {
"capacity": {
"type": "number",
"nullable": true,
"description": "The capacity of the status list. Set to null to reset to global default.",
"minimum": 100,
"example": 10000
},
"bits": {
"type": "number",
"nullable": true,
"description": "Bits per status entry. Set to null to reset to global default.",
"enum": [
1,
2,
4,
8
]
},
"ttl": {
"type": "number",
"nullable": true,
"description": "TTL in seconds for the status list JWT. Set to null to reset to global default.",
"minimum": 60,
"example": 3600
},
"immediateUpdate": {
"type": "boolean",
"nullable": true,
"description": "If true, regenerate JWT on every status change. Set to null to reset to default (false)."
},
"enableAggregation": {
"type": "boolean",
"nullable": true,
"description": "If true, include aggregation_uri in status list JWTs for pre-fetching support. Set to null to reset to default (true)."
}
}
}
Response 200 OK
{
"capacity": 10000,
"bits": 10.12,
"ttl": 3600,
"immediateUpdate": true,
"enableAggregation": true
}
Schema of the response body
{
"type": "object",
"properties": {
"capacity": {
"type": "number",
"description": "The capacity of the status list. If not set, uses global STATUS_CAPACITY.",
"example": 10000,
"minimum": 100
},
"bits": {
"type": "number",
"description": "Bits per status entry: 1 (valid/revoked), 2 (with suspended), 4/8 (extended). If not set, uses global STATUS_BITS.",
"enum": [
1,
2,
4,
8
],
"default": 1
},
"ttl": {
"type": "number",
"description": "TTL in seconds for the status list JWT. If not set, uses global STATUS_TTL.",
"example": 3600,
"minimum": 60
},
"immediateUpdate": {
"type": "boolean",
"description": "If true, regenerate JWT immediately on status changes. If false (default), use lazy regeneration on TTL expiry.",
"default": false
},
"enableAggregation": {
"type": "boolean",
"description": "If true, include aggregation_uri in status list JWTs for pre-fetching support (default: true).",
"default": true
}
}
}
DELETE /status-list-config¶
Reset status list configuration
Description
Reset the status list configuration to global defaults. Only affects newly created status lists.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 204 No Content
status-lists¶
GET /status-lists¶
List all status lists
Description
Returns all status lists for the tenant, including their capacity and usage.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
[
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"tenantId": "root",
"credentialConfigurationId": "org.iso.18013.5.1.mDL",
"certId": "my-status-list-cert",
"bits": 1,
"capacity": 10000,
"usedEntries": 150,
"availableEntries": 9850,
"uri": "https://example.com/demo/status-management/status-list/550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2024-01-15T10:30:00.000Z",
"expiresAt": "2024-01-15T11:30:00.000Z"
}
]
POST /status-lists¶
Create a status list
Description
Creates a new status list. Optionally bind it to a specific credential configuration and/or certificate.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"credentialConfigurationId": "org.iso.18013.5.1.mDL",
"certId": "my-status-list-cert",
"bits": 1,
"capacity": 100000
}
Schema of the request body
{
"type": "object",
"properties": {
"credentialConfigurationId": {
"type": "string",
"description": "Credential configuration ID to bind this list exclusively to. Leave empty for a shared list.",
"example": "org.iso.18013.5.1.mDL"
},
"certId": {
"type": "string",
"description": "Certificate ID to use for signing. Leave empty to use the tenant's default StatusList certificate.",
"example": "my-status-list-cert"
},
"bits": {
"type": "number",
"description": "Bits per status value. More bits allow more status states. Defaults to tenant configuration.",
"enum": [
1,
2,
4,
8
],
"example": 1
},
"capacity": {
"type": "number",
"description": "Maximum number of credential status entries. Defaults to tenant configuration.",
"minimum": 1000,
"example": 100000
}
}
}
Response 201 Created
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"tenantId": "root",
"credentialConfigurationId": "org.iso.18013.5.1.mDL",
"certId": "my-status-list-cert",
"bits": 1,
"capacity": 10000,
"usedEntries": 150,
"availableEntries": 9850,
"uri": "https://example.com/demo/status-management/status-list/550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2024-01-15T10:30:00.000Z",
"expiresAt": "2024-01-15T11:30:00.000Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the status list",
"example": "550e8400-e29b-41d4-a716-446655440000"
},
"tenantId": {
"type": "string",
"description": "The tenant ID",
"example": "root"
},
"credentialConfigurationId": {
"type": "string",
"nullable": true,
"description": "Credential configuration ID this list is bound to. Null means shared.",
"example": "org.iso.18013.5.1.mDL"
},
"certId": {
"type": "string",
"nullable": true,
"description": "Certificate ID used for signing. Null means using the tenant's default.",
"example": "my-status-list-cert"
},
"bits": {
"type": "number",
"description": "Bits per status value",
"enum": [
1,
2,
4,
8
],
"example": 1
},
"capacity": {
"type": "number",
"description": "Total capacity of the status list",
"example": 10000
},
"usedEntries": {
"type": "number",
"description": "Number of entries in use",
"example": 150
},
"availableEntries": {
"type": "number",
"description": "Number of available entries",
"example": 9850
},
"uri": {
"type": "string",
"description": "The public URI for this status list",
"example": "https://example.com/demo/status-management/status-list/550e8400-e29b-41d4-a716-446655440000"
},
"createdAt": {
"format": "date-time",
"type": "string",
"description": "Creation timestamp",
"example": "2024-01-15T10:30:00.000Z"
},
"expiresAt": {
"format": "date-time",
"type": "string",
"nullable": true,
"description": "JWT expiration timestamp. Null if JWT has not been generated yet.",
"example": "2024-01-15T11:30:00.000Z"
}
},
"required": [
"id",
"tenantId",
"bits",
"capacity",
"usedEntries",
"availableEntries",
"uri",
"createdAt"
]
}
GET /status-lists/{listId}¶
Get a status list
Description
Returns details for a specific status list.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
listId |
path | string | No | The status list ID |
Response 200 OK
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"tenantId": "root",
"credentialConfigurationId": "org.iso.18013.5.1.mDL",
"certId": "my-status-list-cert",
"bits": 1,
"capacity": 10000,
"usedEntries": 150,
"availableEntries": 9850,
"uri": "https://example.com/demo/status-management/status-list/550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2024-01-15T10:30:00.000Z",
"expiresAt": "2024-01-15T11:30:00.000Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the status list",
"example": "550e8400-e29b-41d4-a716-446655440000"
},
"tenantId": {
"type": "string",
"description": "The tenant ID",
"example": "root"
},
"credentialConfigurationId": {
"type": "string",
"nullable": true,
"description": "Credential configuration ID this list is bound to. Null means shared.",
"example": "org.iso.18013.5.1.mDL"
},
"certId": {
"type": "string",
"nullable": true,
"description": "Certificate ID used for signing. Null means using the tenant's default.",
"example": "my-status-list-cert"
},
"bits": {
"type": "number",
"description": "Bits per status value",
"enum": [
1,
2,
4,
8
],
"example": 1
},
"capacity": {
"type": "number",
"description": "Total capacity of the status list",
"example": 10000
},
"usedEntries": {
"type": "number",
"description": "Number of entries in use",
"example": 150
},
"availableEntries": {
"type": "number",
"description": "Number of available entries",
"example": 9850
},
"uri": {
"type": "string",
"description": "The public URI for this status list",
"example": "https://example.com/demo/status-management/status-list/550e8400-e29b-41d4-a716-446655440000"
},
"createdAt": {
"format": "date-time",
"type": "string",
"description": "Creation timestamp",
"example": "2024-01-15T10:30:00.000Z"
},
"expiresAt": {
"format": "date-time",
"type": "string",
"nullable": true,
"description": "JWT expiration timestamp. Null if JWT has not been generated yet.",
"example": "2024-01-15T11:30:00.000Z"
}
},
"required": [
"id",
"tenantId",
"bits",
"capacity",
"usedEntries",
"availableEntries",
"uri",
"createdAt"
]
}
PATCH /status-lists/{listId}¶
Update a status list
Description
Update a status list's credential configuration binding and/or certificate.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
listId |
path | string | No | The status list ID |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
{
"type": "object",
"properties": {
"credentialConfigurationId": {
"type": "string",
"nullable": true,
"description": "Credential configuration ID to bind this list exclusively to. Set to null to make this a shared list.",
"example": "org.iso.18013.5.1.mDL"
},
"certId": {
"type": "string",
"nullable": true,
"description": "Certificate ID to use for signing. Set to null to use the tenant's default StatusList certificate.",
"example": "my-status-list-cert"
}
}
}
Response 200 OK
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"tenantId": "root",
"credentialConfigurationId": "org.iso.18013.5.1.mDL",
"certId": "my-status-list-cert",
"bits": 1,
"capacity": 10000,
"usedEntries": 150,
"availableEntries": 9850,
"uri": "https://example.com/demo/status-management/status-list/550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2024-01-15T10:30:00.000Z",
"expiresAt": "2024-01-15T11:30:00.000Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the status list",
"example": "550e8400-e29b-41d4-a716-446655440000"
},
"tenantId": {
"type": "string",
"description": "The tenant ID",
"example": "root"
},
"credentialConfigurationId": {
"type": "string",
"nullable": true,
"description": "Credential configuration ID this list is bound to. Null means shared.",
"example": "org.iso.18013.5.1.mDL"
},
"certId": {
"type": "string",
"nullable": true,
"description": "Certificate ID used for signing. Null means using the tenant's default.",
"example": "my-status-list-cert"
},
"bits": {
"type": "number",
"description": "Bits per status value",
"enum": [
1,
2,
4,
8
],
"example": 1
},
"capacity": {
"type": "number",
"description": "Total capacity of the status list",
"example": 10000
},
"usedEntries": {
"type": "number",
"description": "Number of entries in use",
"example": 150
},
"availableEntries": {
"type": "number",
"description": "Number of available entries",
"example": 9850
},
"uri": {
"type": "string",
"description": "The public URI for this status list",
"example": "https://example.com/demo/status-management/status-list/550e8400-e29b-41d4-a716-446655440000"
},
"createdAt": {
"format": "date-time",
"type": "string",
"description": "Creation timestamp",
"example": "2024-01-15T10:30:00.000Z"
},
"expiresAt": {
"format": "date-time",
"type": "string",
"nullable": true,
"description": "JWT expiration timestamp. Null if JWT has not been generated yet.",
"example": "2024-01-15T11:30:00.000Z"
}
},
"required": [
"id",
"tenantId",
"bits",
"capacity",
"usedEntries",
"availableEntries",
"uri",
"createdAt"
]
}
DELETE /status-lists/{listId}¶
Delete a status list
Description
Delete a status list. Only allowed if no credentials are using it.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
listId |
path | string | No | The status list ID |
Response 204 No Content
Session¶
GET /session¶
Retrieves all sessions.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
[
{
"status": "active",
"id": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z",
"expiresAt": "2022-04-13T15:42:05.901Z",
"useDcApi": true,
"tenantId": "string",
"tenant": null,
"authorization_code": "string",
"request_uri": "string",
"auth_queries": null,
"offer": {},
"offerUrl": "string",
"credentialPayload": null,
"notifyWebhook": null,
"notifications": [
{}
],
"requestId": "string",
"requestUrl": "string",
"requestObject": "string",
"credentials": [
{}
],
"vp_nonce": "string",
"clientId": "string",
"responseUri": "string",
"redirectUri": "string",
"parsedWebhook": null,
"transaction_data": [
{
"type": "string",
"credential_ids": [
"string"
]
}
],
"externalIssuer": "string",
"externalSubject": "string"
}
]
GET /session/{id}¶
Retrieves the session information for a given session ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No | The session ID |
Response 200 OK
{
"status": "active",
"id": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z",
"expiresAt": "2022-04-13T15:42:05.901Z",
"useDcApi": true,
"tenantId": "string",
"tenant": null,
"authorization_code": "string",
"request_uri": "string",
"auth_queries": null,
"offer": {},
"offerUrl": "string",
"credentialPayload": null,
"notifyWebhook": null,
"notifications": [
{}
],
"requestId": "string",
"requestUrl": "string",
"requestObject": "string",
"credentials": [
{}
],
"vp_nonce": "string",
"clientId": "string",
"responseUri": "string",
"redirectUri": "string",
"parsedWebhook": null,
"transaction_data": [
{
"type": "string",
"credential_ids": [
"string"
]
}
],
"externalIssuer": "string",
"externalSubject": "string"
}
Schema of the response body
{
"type": "object",
"properties": {
"status": {
"description": "Status of the session.",
"enum": [
"active",
"fetched",
"completed",
"expired",
"failed"
],
"type": "string"
},
"id": {
"type": "string",
"description": "Unique identifier for the session."
},
"createdAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the request was created."
},
"updatedAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the request was last updated."
},
"expiresAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the request is set to expire."
},
"useDcApi": {
"type": "boolean",
"description": "Flag indicating whether to use the DC API for the presentation request."
},
"tenantId": {
"type": "string",
"description": "Tenant ID for multi-tenancy support."
},
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"authorization_code": {
"type": "string"
},
"request_uri": {
"type": "string",
"description": "Request URI from the authorization request."
},
"auth_queries": {
"description": "Authorization queries associated with the session.\nEncrypted at rest.",
"allOf": [
{
"$ref": "#/components/schemas/AuthorizeQueries"
}
]
},
"offer": {
"description": "Credential offer object containing details about the credential offer or presentation request.\nEncrypted at rest.",
"type": "object"
},
"offerUrl": {
"type": "string",
"description": "Offer URL for the credential offer."
},
"credentialPayload": {
"description": "Credential payload containing the offer request details.\nEncrypted at rest - may contain sensitive claim data.",
"allOf": [
{
"$ref": "#/components/schemas/OfferRequestDto"
}
]
},
"notifyWebhook": {
"description": "Webhook configuration to send the result of the notification response.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"notifications": {
"description": "Notifications associated with the session.",
"type": "array",
"items": {
"type": "object"
}
},
"requestId": {
"type": "string"
},
"requestUrl": {
"type": "string",
"description": "The URL of the presentation auth request."
},
"requestObject": {
"type": "string",
"description": "Signed presentation auth request."
},
"credentials": {
"description": "Verified credentials from the presentation process.\nEncrypted at rest - contains personal information.",
"type": "array",
"items": {
"type": "object"
}
},
"vp_nonce": {
"type": "string",
"description": "Noncce from the Verifiable Presentation request."
},
"clientId": {
"type": "string",
"description": "Client ID used in the OID4VP authorization request."
},
"responseUri": {
"type": "string",
"description": "Response URI used in the OID4VP authorization request."
},
"redirectUri": {
"type": "string",
"nullable": true,
"description": "Redirect URI to which the user-agent should be redirected after the presentation is completed."
},
"parsedWebhook": {
"description": "Where to send the claims webhook response.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"transaction_data": {
"description": "Transaction data to include in the OID4VP authorization request.\nCan be overridden per-request from the presentation configuration.",
"type": "array",
"items": {
"$ref": "#/components/schemas/TransactionData"
}
},
"externalIssuer": {
"type": "string"
},
"externalSubject": {
"type": "string",
"description": "The subject (sub) from the external authorization server token.\nUsed to identify the user at the external AS."
}
},
"required": [
"status",
"id",
"createdAt",
"updatedAt",
"useDcApi",
"tenantId",
"tenant",
"notifications"
]
}
DELETE /session/{id}¶
Deletes a session by its ID
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
POST /session/revoke¶
Update the status of the credentials of a specific session.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
{
"type": "object",
"properties": {
"sessionId": {
"type": "string",
"description": "The session ID of the user"
},
"credentialConfigurationId": {
"type": "string",
"description": "The ID of the credential configuration\nThis is optional, if not provided, all credentials will be revoked of the session."
},
"status": {
"type": "number",
"description": "The status of the credential\n0 = valid, 1 = revoked, 2 = suspended"
}
},
"required": [
"sessionId",
"status"
]
}
Response 201 Created
GET /session-config¶
Get session storage configuration
Description
Returns the session storage configuration for the current tenant.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the response body
{
"type": "object",
"properties": {
"ttlSeconds": {
"type": "number",
"description": "Time-to-live for sessions in seconds. If not set, uses global SESSION_TTL.",
"example": 86400,
"minimum": 60
},
"cleanupMode": {
"type": "string",
"description": "Cleanup mode: 'full' deletes everything, 'anonymize' keeps metadata but removes PII.",
"enum": [
"full",
"anonymize"
],
"default": "full"
}
}
}
PUT /session-config¶
Update session storage configuration
Description
Updates the session storage configuration for the current tenant.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
{
"type": "object",
"properties": {
"ttlSeconds": {
"type": "number",
"nullable": true,
"description": "Time-to-live for sessions in seconds. Set to null to use global default.",
"minimum": 60,
"example": 86400
},
"cleanupMode": {
"description": "Cleanup mode: 'full' deletes everything, 'anonymize' keeps metadata but removes PII.",
"enum": [
"full",
"anonymize"
],
"type": "string",
"default": "full"
}
}
}
Response 200 OK
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the response body
{
"type": "object",
"properties": {
"ttlSeconds": {
"type": "number",
"description": "Time-to-live for sessions in seconds. If not set, uses global SESSION_TTL.",
"example": 86400,
"minimum": 60
},
"cleanupMode": {
"type": "string",
"description": "Cleanup mode: 'full' deletes everything, 'anonymize' keeps metadata but removes PII.",
"enum": [
"full",
"anonymize"
],
"default": "full"
}
}
}
DELETE /session-config¶
Reset session storage configuration
Description
Resets the session storage configuration to use global defaults.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
Session Events¶
GET /session/{id}/events¶
Subscribe to session status updates
Description
Server-Sent Events endpoint for real-time session status updates. Requires JWT authentication via query parameter.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
id |
path | string | No | Session ID to subscribe to | |
token |
query | string | No | JWT access token for authentication |
Response 200 OK
Issuer¶
GET /issuer/config¶
Returns the issuance configurations for this tenant. Creates a default one if it does not exist.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
POST /issuer/config¶
Stores the issuance configuration for this tenant.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"signingKeyId": "string",
"chainedAs": null,
"authServers": [
"string"
],
"batchSize": 10.12,
"dPopRequired": true,
"walletAttestationRequired": true,
"walletProviderTrustLists": [
"string"
],
"display": [
{
"name": "string",
"locale": "string",
"logo": {
"uri": "string",
"alt_text": "string"
}
}
]
}
Schema of the request body
{
"type": "object",
"properties": {
"signingKeyId": {
"type": "string",
"description": "Key ID for signing access tokens. If unset, the default signing key is used."
},
"chainedAs": {
"description": "Configuration for Chained Authorization Server mode.\nWhen enabled, EUDIPLO acts as an OAuth AS facade, delegating user authentication\nto an upstream OIDC provider while issuing its own tokens with issuer_state.",
"allOf": [
{
"$ref": "#/components/schemas/ChainedAsConfig"
}
]
},
"authServers": {
"description": "Authentication server URL for the issuance process.",
"type": "array",
"items": {
"type": "string"
}
},
"batchSize": {
"type": "number",
"description": "Value to determine the amount of credentials that are issued in a batch.\nDefault is 1."
},
"dPopRequired": {
"type": "boolean",
"description": "Indicates whether DPoP is required for the issuance process. Default value is true."
},
"walletAttestationRequired": {
"type": "boolean",
"description": "Indicates whether wallet attestation is required for the token endpoint.\nWhen enabled, wallets must provide OAuth-Client-Attestation headers.\nDefault value is false."
},
"walletProviderTrustLists": {
"description": "URLs of trust lists containing trusted wallet providers.\nThe wallet attestation's X.509 certificate will be validated against these trust lists.\nIf empty and walletAttestationRequired is true, all wallet providers are rejected.",
"type": "array",
"items": {
"type": "string"
}
},
"display": {
"type": "array",
"items": {
"$ref": "#/components/schemas/DisplayInfo"
}
}
},
"required": [
"display"
]
}
Response 201 Created
GET /issuer/credentials¶
Returns the credential configurations for this tenant.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
[
{
"vct": null,
"iaeActions": "",
"embeddedDisclosurePolicy": null,
"id": "string",
"description": "string",
"tenant": null,
"config": {
"format": "mso_mdoc",
"display": [
{
"name": "string",
"description": "string",
"locale": "string",
"background_color": "string",
"text_color": "string",
"background_image": {
"uri": "string"
},
"logo": null
}
],
"scope": "string",
"docType": "string",
"namespace": "string",
"claimsByNamespace": {}
},
"claims": {},
"claimsWebhook": null,
"notificationWebhook": null,
"disclosureFrame": {},
"keyBinding": true,
"certId": "string",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": [
"string"
],
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"kmsProvider": "string",
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"statusManagement": true,
"lifeTime": 10.12,
"schema": null
}
]
POST /issuer/credentials¶
Stores the credential configuration for this tenant.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"vct": null,
"iaeActions": "",
"embeddedDisclosurePolicy": null,
"id": "string",
"description": "string",
"config": {
"format": "mso_mdoc",
"display": [
{
"name": "string",
"description": "string",
"locale": "string",
"background_color": "string",
"text_color": "string",
"background_image": {
"uri": "string"
},
"logo": null
}
],
"scope": "string",
"docType": "string",
"namespace": "string",
"claimsByNamespace": {}
},
"claims": {},
"claimsWebhook": null,
"notificationWebhook": null,
"disclosureFrame": {},
"keyBinding": true,
"certId": "string",
"statusManagement": true,
"lifeTime": 10.12,
"schema": null
}
Schema of the request body
{
"type": "object",
"properties": {
"vct": {
"description": "VCT as a URI string (e.g., urn:eudi:pid:de:1) or as an object for EUDIPLO-hosted VCT",
"nullable": true,
"oneOf": [
{
"type": "string",
"description": "VCT URI string"
},
{
"$ref": "#/components/schemas/VCT"
}
]
},
"iaeActions": {
"type": "array",
"nullable": true,
"description": "List of IAE actions to execute before credential issuance",
"example": "",
"items": {
"oneOf": [
{
"$ref": "#/components/schemas/IaeActionOpenid4vpPresentation"
},
{
"$ref": "#/components/schemas/IaeActionRedirectToWeb"
}
]
}
},
"embeddedDisclosurePolicy": {
"nullable": true,
"description": "Embedded disclosure policy (discriminated union by `policy`).\nThe discriminator makes class-transformer instantiate the right subclass,\nand then class-validator runs that subclass’s rules.",
"oneOf": [
{
"$ref": "#/components/schemas/AttestationBasedPolicy"
},
{
"$ref": "#/components/schemas/NoneTrustPolicy"
},
{
"$ref": "#/components/schemas/AllowListPolicy"
},
{
"$ref": "#/components/schemas/RootOfTrustPolicy"
}
],
"allOf": [
{
"$ref": "#/components/schemas/EmbeddedDisclosurePolicy"
}
]
},
"id": {
"type": "string"
},
"description": {
"type": "string",
"nullable": true
},
"config": {
"$ref": "#/components/schemas/IssuerMetadataCredentialConfig"
},
"claims": {
"type": "object",
"nullable": true
},
"claimsWebhook": {
"nullable": true,
"description": "Webhook to receive claims for the issuance process.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"notificationWebhook": {
"nullable": true,
"description": "Webhook to receive claims for the issuance process.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"disclosureFrame": {
"type": "object",
"nullable": true
},
"keyBinding": {
"type": "boolean"
},
"certId": {
"type": "string",
"description": "Reference to the certificate used for signing.\nNote: No DB-level FK constraint because CertEntity has a composite PK\n(id + tenantId) and SET NULL behavior cannot work when tenantId is\npart of this entity's own PK."
},
"statusManagement": {
"type": "boolean"
},
"lifeTime": {
"type": "number"
},
"schema": {
"nullable": true,
"allOf": [
{
"$ref": "#/components/schemas/SchemaResponse"
}
]
}
},
"required": [
"id",
"config"
]
}
Response 201 Created
GET /issuer/credentials/{id}¶
Returns a specific credential configuration by ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
{
"vct": null,
"iaeActions": "",
"embeddedDisclosurePolicy": null,
"id": "string",
"description": "string",
"tenant": null,
"config": {
"format": "mso_mdoc",
"display": [
{
"name": "string",
"description": "string",
"locale": "string",
"background_color": "string",
"text_color": "string",
"background_image": {
"uri": "string"
},
"logo": null
}
],
"scope": "string",
"docType": "string",
"namespace": "string",
"claimsByNamespace": {}
},
"claims": {},
"claimsWebhook": null,
"notificationWebhook": null,
"disclosureFrame": {},
"keyBinding": true,
"certId": "string",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": [
"string"
],
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"kmsProvider": "string",
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"statusManagement": true,
"lifeTime": 10.12,
"schema": null
}
Schema of the response body
{
"type": "object",
"properties": {
"vct": {
"description": "VCT as a URI string (e.g., urn:eudi:pid:de:1) or as an object for EUDIPLO-hosted VCT",
"nullable": true,
"oneOf": [
{
"type": "string",
"description": "VCT URI string"
},
{
"$ref": "#/components/schemas/VCT"
}
]
},
"iaeActions": {
"type": "array",
"nullable": true,
"description": "List of IAE actions to execute before credential issuance",
"example": "",
"items": {
"oneOf": [
{
"$ref": "#/components/schemas/IaeActionOpenid4vpPresentation"
},
{
"$ref": "#/components/schemas/IaeActionRedirectToWeb"
}
]
}
},
"embeddedDisclosurePolicy": {
"nullable": true,
"description": "Embedded disclosure policy (discriminated union by `policy`).\nThe discriminator makes class-transformer instantiate the right subclass,\nand then class-validator runs that subclass’s rules.",
"oneOf": [
{
"$ref": "#/components/schemas/AttestationBasedPolicy"
},
{
"$ref": "#/components/schemas/NoneTrustPolicy"
},
{
"$ref": "#/components/schemas/AllowListPolicy"
},
{
"$ref": "#/components/schemas/RootOfTrustPolicy"
}
],
"allOf": [
{
"$ref": "#/components/schemas/EmbeddedDisclosurePolicy"
}
]
},
"id": {
"type": "string"
},
"description": {
"type": "string",
"nullable": true
},
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"config": {
"$ref": "#/components/schemas/IssuerMetadataCredentialConfig"
},
"claims": {
"type": "object",
"nullable": true
},
"claimsWebhook": {
"nullable": true,
"description": "Webhook to receive claims for the issuance process.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"notificationWebhook": {
"nullable": true,
"description": "Webhook to receive claims for the issuance process.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"disclosureFrame": {
"type": "object",
"nullable": true
},
"keyBinding": {
"type": "boolean"
},
"certId": {
"type": "string",
"description": "Reference to the certificate used for signing.\nNote: No DB-level FK constraint because CertEntity has a composite PK\n(id + tenantId) and SET NULL behavior cannot work when tenantId is\npart of this entity's own PK."
},
"cert": {
"$ref": "#/components/schemas/CertEntity"
},
"statusManagement": {
"type": "boolean"
},
"lifeTime": {
"type": "number"
},
"schema": {
"nullable": true,
"allOf": [
{
"$ref": "#/components/schemas/SchemaResponse"
}
]
}
},
"required": [
"id",
"tenant",
"config"
]
}
PATCH /issuer/credentials/{id}¶
Updates a credential configuration by ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Request body
{
"vct": null,
"iaeActions": "",
"embeddedDisclosurePolicy": null,
"id": "string",
"description": "string",
"config": {
"format": "mso_mdoc",
"display": [
{
"name": "string",
"description": "string",
"locale": "string",
"background_color": "string",
"text_color": "string",
"background_image": {
"uri": "string"
},
"logo": null
}
],
"scope": "string",
"docType": "string",
"namespace": "string",
"claimsByNamespace": {}
},
"claims": {},
"claimsWebhook": null,
"notificationWebhook": null,
"disclosureFrame": {},
"keyBinding": true,
"certId": "string",
"statusManagement": true,
"lifeTime": 10.12,
"schema": null
}
Schema of the request body
{
"type": "object",
"properties": {
"vct": {
"description": "VCT as a URI string (e.g., urn:eudi:pid:de:1) or as an object for EUDIPLO-hosted VCT",
"nullable": true,
"oneOf": [
{
"type": "string",
"description": "VCT URI string"
},
{
"$ref": "#/components/schemas/VCT"
}
]
},
"iaeActions": {
"type": "array",
"nullable": true,
"description": "List of IAE actions to execute before credential issuance",
"example": "",
"items": {
"oneOf": [
{
"$ref": "#/components/schemas/IaeActionOpenid4vpPresentation"
},
{
"$ref": "#/components/schemas/IaeActionRedirectToWeb"
}
]
}
},
"embeddedDisclosurePolicy": {
"nullable": true,
"description": "Embedded disclosure policy (discriminated union by `policy`).\nThe discriminator makes class-transformer instantiate the right subclass,\nand then class-validator runs that subclass’s rules.",
"oneOf": [
{
"$ref": "#/components/schemas/AttestationBasedPolicy"
},
{
"$ref": "#/components/schemas/NoneTrustPolicy"
},
{
"$ref": "#/components/schemas/AllowListPolicy"
},
{
"$ref": "#/components/schemas/RootOfTrustPolicy"
}
],
"allOf": [
{
"$ref": "#/components/schemas/EmbeddedDisclosurePolicy"
}
]
},
"id": {
"type": "string"
},
"description": {
"type": "string",
"nullable": true
},
"config": {
"$ref": "#/components/schemas/IssuerMetadataCredentialConfig"
},
"claims": {
"type": "object",
"nullable": true
},
"claimsWebhook": {
"nullable": true,
"description": "Webhook to receive claims for the issuance process.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"notificationWebhook": {
"nullable": true,
"description": "Webhook to receive claims for the issuance process.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"disclosureFrame": {
"type": "object",
"nullable": true
},
"keyBinding": {
"type": "boolean"
},
"certId": {
"type": "string",
"description": "Reference to the certificate used for signing.\nNote: No DB-level FK constraint because CertEntity has a composite PK\n(id + tenantId) and SET NULL behavior cannot work when tenantId is\npart of this entity's own PK."
},
"statusManagement": {
"type": "boolean"
},
"lifeTime": {
"type": "number"
},
"schema": {
"nullable": true,
"allOf": [
{
"$ref": "#/components/schemas/SchemaResponse"
}
]
}
}
}
Response 200 OK
DELETE /issuer/credentials/{id}¶
Deletes an credential configuration.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
POST /issuer/offer¶
Create an offer for a credential.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
Schema of the request body
{
"type": "object",
"properties": {
"response_type": {
"enum": [
"uri",
"dc-api"
],
"type": "string",
"examples": [
{
"value": "qrcode"
}
],
"description": "The type of response expected for the offer request."
},
"credentialClaims": {
"type": "object",
"description": "Credential claims configuration per credential. Keys must match credentialConfigurationIds.",
"properties": {
"additionalProperties": {
"oneOf": [
{
"type": "object",
"properties": {
"type": {
"type": "string",
"enum": [
"inline"
]
},
"claims": {
"type": "object",
"additionalProperties": true
}
},
"required": [
"type",
"claims"
]
},
{
"type": "object",
"properties": {
"type": {
"type": "string",
"enum": [
"webhook"
]
},
"webhook": {
"type": "object"
}
},
"required": [
"type",
"webhook"
]
}
]
}
},
"example": {
"citizen": {
"type": "inline",
"claims": {
"given_name": "John",
"family_name": "Doe"
}
}
}
},
"flow": {
"description": "The flow type for the offer request.",
"enum": [
"authorization_code",
"pre_authorized_code"
],
"type": "string"
},
"tx_code": {
"type": "string",
"description": "Transaction code for pre-authorized code flow."
},
"tx_code_description": {
"type": "string",
"description": "Description for the transaction code (e.g., \"Please enter the PIN sent to your email\")."
},
"credentialConfigurationIds": {
"description": "List of credential configuration ids to be included in the offer.",
"type": "array",
"items": {
"type": "string"
}
},
"authorization_server": {
"type": "string",
"description": "Optional authorization server to be used for this issuance flow."
},
"notifyWebhook": {
"description": "Webhook to notify about the status of the issuance process.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
}
},
"required": [
"response_type",
"flow",
"credentialConfigurationIds"
]
}
Response 201 Created
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
POST /issuer/deferred/{transactionId}/complete¶
Complete a deferred credential transaction
Description
Completes a pending deferred credential transaction by providing the claims. The credential will be generated and marked as ready for wallet retrieval.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
transactionId |
path | string | No |
Request body
Schema of the request body
{
"type": "object",
"properties": {
"claims": {
"type": "object",
"description": "Claims to include in the credential. The structure should match the credential configuration's expected claims.",
"example": {
"given_name": "John",
"family_name": "Doe",
"birthdate": "1990-01-15"
}
}
},
"required": [
"claims"
]
}
Response 200 OK
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the response body
{
"type": "object",
"properties": {
"transactionId": {
"type": "string",
"description": "The transaction ID"
},
"status": {
"description": "The new status of the transaction",
"enum": [
"pending",
"ready",
"retrieved",
"expired",
"failed"
],
"type": "string"
},
"message": {
"type": "string",
"description": "Optional message"
}
},
"required": [
"transactionId",
"status"
]
}
Response 404 Not Found
POST /issuer/deferred/{transactionId}/fail¶
Fail a deferred credential transaction
Description
Marks a deferred credential transaction as failed. The wallet will receive an invalid_transaction_id error when attempting retrieval.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
transactionId |
path | string | No |
Request body
Response 200 OK
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the response body
{
"type": "object",
"properties": {
"transactionId": {
"type": "string",
"description": "The transaction ID"
},
"status": {
"description": "The new status of the transaction",
"enum": [
"pending",
"ready",
"retrieved",
"expired",
"failed"
],
"type": "string"
},
"message": {
"type": "string",
"description": "Optional message"
}
},
"required": [
"transactionId",
"status"
]
}
Response 404 Not Found
POST /trust-list¶
Creates a new trust list for the tenant
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"certId": {
"type": "string"
},
"entities": {
"type": "array",
"items": {
"type": "object"
}
},
"description": {
"type": "string"
},
"data": {
"type": "object",
"description": "The full trust list JSON (generated LoTE structure)"
}
},
"required": [
"entities"
]
}
Response 201 Created
{
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"certId": "string",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": [
"string"
],
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"kmsProvider": "string",
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"data": {},
"entityConfig": [
{}
],
"sequenceNumber": 10.12,
"jwt": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the trust list"
},
"description": {
"type": "string"
},
"tenantId": {
"type": "string",
"description": "The tenant ID for which the VP request is made."
},
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"certId": {
"type": "string"
},
"cert": {
"$ref": "#/components/schemas/CertEntity"
},
"data": {
"type": "object",
"description": "The full trust list JSON (generated LoTE structure)"
},
"entityConfig": {
"description": "The original entity configuration used to create this trust list.\nStored for round-tripping when editing.",
"type": "array",
"items": {
"type": "object"
}
},
"sequenceNumber": {
"type": "number",
"description": "The sequence number for versioning (incremented on updates)"
},
"jwt": {
"type": "string",
"description": "The signed JWT representation of this trust list"
},
"createdAt": {
"format": "date-time",
"type": "string"
},
"updatedAt": {
"format": "date-time",
"type": "string"
}
},
"required": [
"id",
"tenantId",
"tenant",
"certId",
"cert",
"sequenceNumber",
"jwt",
"createdAt",
"updatedAt"
]
}
GET /trust-list¶
Returns all trust lists for the tenant
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
[
{
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"certId": "string",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": [
"string"
],
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"kmsProvider": "string",
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"data": {},
"entityConfig": [
{}
],
"sequenceNumber": 10.12,
"jwt": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
]
GET /trust-list/{id}¶
Returns the trust list by id for the tenant
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
{
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"certId": "string",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": [
"string"
],
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"kmsProvider": "string",
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"data": {},
"entityConfig": [
{}
],
"sequenceNumber": 10.12,
"jwt": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the trust list"
},
"description": {
"type": "string"
},
"tenantId": {
"type": "string",
"description": "The tenant ID for which the VP request is made."
},
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"certId": {
"type": "string"
},
"cert": {
"$ref": "#/components/schemas/CertEntity"
},
"data": {
"type": "object",
"description": "The full trust list JSON (generated LoTE structure)"
},
"entityConfig": {
"description": "The original entity configuration used to create this trust list.\nStored for round-tripping when editing.",
"type": "array",
"items": {
"type": "object"
}
},
"sequenceNumber": {
"type": "number",
"description": "The sequence number for versioning (incremented on updates)"
},
"jwt": {
"type": "string",
"description": "The signed JWT representation of this trust list"
},
"createdAt": {
"format": "date-time",
"type": "string"
},
"updatedAt": {
"format": "date-time",
"type": "string"
}
},
"required": [
"id",
"tenantId",
"tenant",
"certId",
"cert",
"sequenceNumber",
"jwt",
"createdAt",
"updatedAt"
]
}
PUT /trust-list/{id}¶
Updates a trust list with new entities Creates a new version for audit and regenerates the JWT
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"certId": {
"type": "string"
},
"entities": {
"type": "array",
"items": {
"type": "object"
}
},
"description": {
"type": "string"
},
"data": {
"type": "object",
"description": "The full trust list JSON (generated LoTE structure)"
}
},
"required": [
"entities"
]
}
Response 200 OK
{
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"certId": "string",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": [
"string"
],
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"kmsProvider": "string",
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"data": {},
"entityConfig": [
{}
],
"sequenceNumber": 10.12,
"jwt": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the trust list"
},
"description": {
"type": "string"
},
"tenantId": {
"type": "string",
"description": "The tenant ID for which the VP request is made."
},
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"certId": {
"type": "string"
},
"cert": {
"$ref": "#/components/schemas/CertEntity"
},
"data": {
"type": "object",
"description": "The full trust list JSON (generated LoTE structure)"
},
"entityConfig": {
"description": "The original entity configuration used to create this trust list.\nStored for round-tripping when editing.",
"type": "array",
"items": {
"type": "object"
}
},
"sequenceNumber": {
"type": "number",
"description": "The sequence number for versioning (incremented on updates)"
},
"jwt": {
"type": "string",
"description": "The signed JWT representation of this trust list"
},
"createdAt": {
"format": "date-time",
"type": "string"
},
"updatedAt": {
"format": "date-time",
"type": "string"
}
},
"required": [
"id",
"tenantId",
"tenant",
"certId",
"cert",
"sequenceNumber",
"jwt",
"createdAt",
"updatedAt"
]
}
DELETE /trust-list/{id}¶
Deletes a trust list
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
GET /trust-list/{id}/export¶
Exports the trust list in LoTE format
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"certId": {
"type": "string"
},
"entities": {
"type": "array",
"items": {
"type": "object"
}
},
"description": {
"type": "string"
},
"data": {
"type": "object",
"description": "The full trust list JSON (generated LoTE structure)"
}
},
"required": [
"entities"
]
}
GET /trust-list/{id}/versions¶
Returns the version history for a trust list
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
[
{
"id": "string",
"trustListId": "string",
"trustList": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"certId": "string",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": [
"string"
],
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"kmsProvider": "string",
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"data": {},
"entityConfig": [
{}
],
"sequenceNumber": 10.12,
"jwt": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"tenantId": "string",
"sequenceNumber": 10.12,
"data": {},
"entityConfig": {},
"jwt": "string",
"createdAt": "2022-04-13T15:42:05.901Z"
}
]
GET /trust-list/{id}/versions/{versionId}¶
Returns a specific version of a trust list
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No | ||
versionId |
path | string | No |
Response 200 OK
{
"id": "string",
"trustListId": "string",
"trustList": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"certId": "string",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": [
"string"
],
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"kmsProvider": "string",
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"data": {},
"entityConfig": [
{}
],
"sequenceNumber": 10.12,
"jwt": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"tenantId": "string",
"sequenceNumber": 10.12,
"data": {},
"entityConfig": {},
"jwt": "string",
"createdAt": "2022-04-13T15:42:05.901Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"trustListId": {
"type": "string"
},
"trustList": {
"$ref": "#/components/schemas/TrustList"
},
"tenantId": {
"type": "string"
},
"sequenceNumber": {
"type": "number",
"description": "The sequence number at the time this version was created"
},
"data": {
"type": "object",
"description": "The full trust list JSON at this version"
},
"entityConfig": {
"type": "object",
"description": "The entity configuration at this version"
},
"jwt": {
"type": "string",
"description": "The signed JWT at this version"
},
"createdAt": {
"format": "date-time",
"type": "string"
}
},
"required": [
"id",
"trustListId",
"trustList",
"tenantId",
"sequenceNumber",
"data",
"jwt",
"createdAt"
]
}
GET /{tenantId}/trust-list/{id}¶
Returns the JWT of the trust list
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
id |
path | string | No | ||
tenantId |
path | string | No |
Response 200 OK
Verifier¶
GET /verifier/config¶
Returns the presentation request configurations.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
[
{
"id": "string",
"tenant": null,
"description": "string",
"lifeTime": 10.12,
"dcql_query": null,
"transaction_data": [
{
"type": "string",
"credential_ids": [
"string"
]
}
],
"registrationCert": null,
"webhook": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z",
"attached": [
{
"format": "string",
"data": {},
"credential_ids": [
"string"
]
}
],
"redirectUri": "https://example.com/callback?session={sessionId}",
"accessCertId": "string"
}
]
POST /verifier/config¶
Store a presentation request configuration. If it already exists, it will be updated.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"id": "string",
"description": "string",
"lifeTime": 10.12,
"dcql_query": null,
"transaction_data": [
{
"type": "string",
"credential_ids": [
"string"
]
}
],
"registrationCert": null,
"webhook": null,
"attached": [
{
"format": "string",
"data": {},
"credential_ids": [
"string"
]
}
],
"redirectUri": "https://example.com/callback?session={sessionId}",
"accessCertId": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the VP request."
},
"description": {
"type": "string",
"nullable": true,
"description": "Description of the presentation configuration."
},
"lifeTime": {
"type": "number",
"description": "Lifetime how long the presentation request is valid after creation, in seconds."
},
"dcql_query": {
"description": "The DCQL query to be used for the VP request.",
"allOf": [
{
"$ref": "#/components/schemas/DCQL"
}
]
},
"transaction_data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/TransactionData"
}
},
"registrationCert": {
"nullable": true,
"description": "The registration certificate request containing the necessary details.",
"allOf": [
{
"$ref": "#/components/schemas/RegistrationCertificateRequest"
}
]
},
"webhook": {
"nullable": true,
"description": "Optional webhook URL to receive the response.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"attached": {
"nullable": true,
"description": "Attestation that should be attached",
"type": "array",
"items": {
"$ref": "#/components/schemas/PresentationAttachment"
}
},
"redirectUri": {
"type": "string",
"nullable": true,
"description": "Redirect URI to which the user-agent should be redirected after the presentation is completed.\nYou can use the `{sessionId}` placeholder in the URI, which will be replaced with the actual session ID.",
"example": "https://example.com/callback?session={sessionId}"
},
"accessCertId": {
"type": "string",
"nullable": true,
"description": "Optional ID of the access certificate to use for signing the presentation request.\nIf not provided, the default access certificate for the tenant will be used.\n\nNote: This is intentionally NOT a TypeORM relationship because CertEntity uses\na composite primary key (id + tenantId), and SQLite cannot create foreign keys\nthat reference only part of a composite primary key. The relationship is handled\nat the application level in the service layer."
}
},
"required": [
"id",
"dcql_query"
]
}
Response 201 Created
GET /verifier/config/{id}¶
Get a presentation request configuration by its ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
{
"id": "string",
"tenant": null,
"description": "string",
"lifeTime": 10.12,
"dcql_query": null,
"transaction_data": [
{
"type": "string",
"credential_ids": [
"string"
]
}
],
"registrationCert": null,
"webhook": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z",
"attached": [
{
"format": "string",
"data": {},
"credential_ids": [
"string"
]
}
],
"redirectUri": "https://example.com/callback?session={sessionId}",
"accessCertId": "string"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the VP request."
},
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"description": {
"type": "string",
"nullable": true,
"description": "Description of the presentation configuration."
},
"lifeTime": {
"type": "number",
"description": "Lifetime how long the presentation request is valid after creation, in seconds."
},
"dcql_query": {
"description": "The DCQL query to be used for the VP request.",
"allOf": [
{
"$ref": "#/components/schemas/DCQL"
}
]
},
"transaction_data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/TransactionData"
}
},
"registrationCert": {
"nullable": true,
"description": "The registration certificate request containing the necessary details.",
"allOf": [
{
"$ref": "#/components/schemas/RegistrationCertificateRequest"
}
]
},
"webhook": {
"nullable": true,
"description": "Optional webhook URL to receive the response.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"createdAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the VP request was created."
},
"updatedAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the VP request was last updated."
},
"attached": {
"nullable": true,
"description": "Attestation that should be attached",
"type": "array",
"items": {
"$ref": "#/components/schemas/PresentationAttachment"
}
},
"redirectUri": {
"type": "string",
"nullable": true,
"description": "Redirect URI to which the user-agent should be redirected after the presentation is completed.\nYou can use the `{sessionId}` placeholder in the URI, which will be replaced with the actual session ID.",
"example": "https://example.com/callback?session={sessionId}"
},
"accessCertId": {
"type": "string",
"nullable": true,
"description": "Optional ID of the access certificate to use for signing the presentation request.\nIf not provided, the default access certificate for the tenant will be used.\n\nNote: This is intentionally NOT a TypeORM relationship because CertEntity uses\na composite primary key (id + tenantId), and SQLite cannot create foreign keys\nthat reference only part of a composite primary key. The relationship is handled\nat the application level in the service layer."
}
},
"required": [
"id",
"tenant",
"dcql_query",
"createdAt",
"updatedAt"
]
}
PATCH /verifier/config/{id}¶
Update a presentation request configuration by its ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Request body
{
"id": "string",
"description": "string",
"lifeTime": 10.12,
"dcql_query": null,
"transaction_data": [
{
"type": "string",
"credential_ids": [
"string"
]
}
],
"registrationCert": null,
"webhook": null,
"attached": [
{
"format": "string",
"data": {},
"credential_ids": [
"string"
]
}
],
"redirectUri": "https://example.com/callback?session={sessionId}",
"accessCertId": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the VP request."
},
"description": {
"type": "string",
"nullable": true,
"description": "Description of the presentation configuration."
},
"lifeTime": {
"type": "number",
"description": "Lifetime how long the presentation request is valid after creation, in seconds."
},
"dcql_query": {
"description": "The DCQL query to be used for the VP request.",
"allOf": [
{
"$ref": "#/components/schemas/DCQL"
}
]
},
"transaction_data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/TransactionData"
}
},
"registrationCert": {
"nullable": true,
"description": "The registration certificate request containing the necessary details.",
"allOf": [
{
"$ref": "#/components/schemas/RegistrationCertificateRequest"
}
]
},
"webhook": {
"nullable": true,
"description": "Optional webhook URL to receive the response.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"attached": {
"nullable": true,
"description": "Attestation that should be attached",
"type": "array",
"items": {
"$ref": "#/components/schemas/PresentationAttachment"
}
},
"redirectUri": {
"type": "string",
"nullable": true,
"description": "Redirect URI to which the user-agent should be redirected after the presentation is completed.\nYou can use the `{sessionId}` placeholder in the URI, which will be replaced with the actual session ID.",
"example": "https://example.com/callback?session={sessionId}"
},
"accessCertId": {
"type": "string",
"nullable": true,
"description": "Optional ID of the access certificate to use for signing the presentation request.\nIf not provided, the default access certificate for the tenant will be used.\n\nNote: This is intentionally NOT a TypeORM relationship because CertEntity uses\na composite primary key (id + tenantId), and SQLite cannot create foreign keys\nthat reference only part of a composite primary key. The relationship is handled\nat the application level in the service layer."
}
}
}
Response 200 OK
DELETE /verifier/config/{id}¶
Deletes a presentation request configuration by its ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
POST /verifier/offer¶
Create an presentation request that can be sent to the user
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
Schema of the request body
{
"type": "object",
"properties": {
"response_type": {
"type": "string",
"description": "The type of response expected from the presentation request.",
"enum": [
"uri",
"dc-api"
]
},
"requestId": {
"type": "string",
"description": "Identifier of the presentation configuration"
},
"webhook": {
"description": "Webhook configuration to receive the response.\nIf not provided, the configured webhook from the configuration will be used.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"redirectUri": {
"type": "string",
"description": "Optional redirect URI to which the user-agent should be redirected after the presentation is completed.\nYou can use the `{sessionId}` placeholder in the URI, which will be replaced with the actual session ID.",
"example": "https://example.com/callback?session={sessionId}"
},
"transaction_data": {
"description": "Optional transaction data to include in the OID4VP request.\nIf provided, this will override the transaction_data from the presentation configuration.",
"type": "array",
"items": {
"$ref": "#/components/schemas/TransactionData"
}
}
},
"required": [
"response_type",
"requestId"
]
}
Response 201 Created
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Cache Management¶
GET /cache/stats¶
Get cache statistics
Description
Returns statistics about the trust list and status list caches.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
DELETE /cache¶
Clear all caches
Description
Clears both trust list and status list caches. Next verification will fetch fresh data.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 204 No Content
DELETE /cache/trust-list¶
Clear trust list cache
Description
Clears the trust list cache. Next verification will fetch fresh trust lists.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 204 No Content
DELETE /cache/status-list¶
Clear status list cache
Description
Clears the status list (revocation) cache. Next status check will fetch fresh status lists.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 204 No Content
Chained AS¶
POST /{tenant}/chained-as/par¶
Pushed Authorization Request
Description
Submit authorization request parameters. Returns a request_uri for use at the authorization endpoint.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
dpop |
header | string | No | ||
DPoP |
header | string | No | DPoP proof JWT | |
oauth-client-attestation |
header | string | No | ||
OAuth-Client-Attestation |
header | string | No | Wallet attestation JWT | |
oauth-client-attestation-pop |
header | string | No | ||
OAuth-Client-Attestation-PoP |
header | string | No | Wallet attestation proof-of-possession JWT | |
tenant |
path | string | No | Tenant identifier |
Request body
{
"response_type": "code",
"client_id": "https://wallet.example.com",
"redirect_uri": "https://wallet.example.com/callback",
"code_challenge": "string",
"code_challenge_method": "S256",
"state": "string",
"scope": "openid credential",
"issuer_state": "string",
"authorization_details": [
{}
]
}
Schema of the request body
{
"type": "object",
"properties": {
"response_type": {
"type": "string",
"description": "OAuth response type (must be 'code')",
"example": "code"
},
"client_id": {
"type": "string",
"description": "Client identifier (wallet identifier)",
"example": "https://wallet.example.com"
},
"redirect_uri": {
"type": "string",
"description": "URI to redirect the wallet after authorization",
"example": "https://wallet.example.com/callback"
},
"code_challenge": {
"type": "string",
"description": "PKCE code challenge"
},
"code_challenge_method": {
"type": "string",
"description": "PKCE code challenge method (e.g., S256)",
"example": "S256"
},
"state": {
"type": "string",
"description": "State parameter (returned in redirect)"
},
"scope": {
"type": "string",
"description": "Scope requested",
"example": "openid credential"
},
"issuer_state": {
"type": "string",
"description": "Issuer state from credential offer"
},
"authorization_details": {
"description": "Authorization details (JSON array)",
"type": "array",
"items": {
"type": "object"
}
}
},
"required": [
"response_type",
"client_id",
"redirect_uri"
]
}
Response 201 Created
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the response body
{
"type": "object",
"properties": {
"request_uri": {
"type": "string",
"description": "The request URI to use at the authorization endpoint",
"example": "urn:ietf:params:oauth:request_uri:abc123"
},
"expires_in": {
"type": "number",
"description": "The lifetime of the request URI in seconds",
"example": 600
}
},
"required": [
"request_uri",
"expires_in"
]
}
Response 400 Bad Request
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
GET /{tenant}/chained-as/authorize¶
Authorization endpoint
Description
Validates the request_uri from PAR and redirects to the upstream OIDC provider for authentication.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
client_id |
query | string | No | Client identifier | |
request_uri |
query | string | No | Request URI from PAR response | |
tenant |
path | string | No | Tenant identifier |
Response 200 OK
Response 302 Found
Response 400 Bad Request
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
GET /{tenant}/chained-as/callback¶
Upstream OIDC callback
Description
Receives the authorization response from the upstream OIDC provider, exchanges the code, and redirects back to the wallet.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
code |
query | string | No | ||
error |
query | string | No | ||
error_description |
query | string | No | ||
state |
query | string | No | ||
tenant |
path | string | No | Tenant identifier |
Response 200 OK
Response 302 Found
Response 400 Bad Request
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
POST /{tenant}/chained-as/token¶
Token endpoint
Description
Exchanges the authorization code for an access token containing issuer_state.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
dpop |
header | string | No | ||
DPoP |
header | string | No | DPoP proof JWT | |
tenant |
path | string | No | Tenant identifier |
Request body
{
"grant_type": "authorization_code",
"code": "string",
"client_id": "string",
"redirect_uri": "string",
"code_verifier": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"grant_type": {
"type": "string",
"description": "Grant type (must be 'authorization_code')",
"example": "authorization_code"
},
"code": {
"type": "string",
"description": "Authorization code received in the callback"
},
"client_id": {
"type": "string",
"description": "Client identifier"
},
"redirect_uri": {
"type": "string",
"description": "Redirect URI (must match the one used in PAR)"
},
"code_verifier": {
"type": "string",
"description": "PKCE code verifier"
}
},
"required": [
"grant_type",
"code"
]
}
Response 200 OK
{
"access_token": "string",
"token_type": "DPoP",
"expires_in": 3600,
"scope": "string",
"authorization_details": [
{}
],
"c_nonce": "string",
"c_nonce_expires_in": 10.12
}
Schema of the response body
{
"type": "object",
"properties": {
"access_token": {
"type": "string",
"description": "The access token"
},
"token_type": {
"type": "string",
"description": "Token type (Bearer or DPoP)",
"example": "DPoP"
},
"expires_in": {
"type": "number",
"description": "Token lifetime in seconds",
"example": 3600
},
"scope": {
"type": "string",
"description": "Scope granted"
},
"authorization_details": {
"description": "Authorized credential configurations",
"type": "array",
"items": {
"type": "object"
}
},
"c_nonce": {
"type": "string",
"description": "C_NONCE for credential request"
},
"c_nonce_expires_in": {
"type": "number",
"description": "C_NONCE lifetime in seconds"
}
},
"required": [
"access_token",
"token_type",
"expires_in"
]
}
Response 400 Bad Request
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Response 401 Unauthorized
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
GET /{tenant}/chained-as/.well-known/jwks.json¶
JSON Web Key Set
Description
Returns the public keys for verifying tokens issued by this Chained AS.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
tenant |
path | string | No | Tenant identifier |
Response 200 OK
GET /{tenant}/chained-as/.well-known/oauth-authorization-server¶
OAuth AS Metadata
Description
Returns the OAuth Authorization Server metadata for the Chained AS.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
tenant |
path | string | No | Tenant identifier |
Response 200 OK
Registrar¶
GET /registrar/config¶
Get registrar configuration
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
{
"registrarUrl": "https://sandbox.eudi-wallet.org/api",
"oidcUrl": "https://auth.example.com/realms/my-realm",
"clientId": "registrar-client",
"clientSecret": "string",
"username": "admin@example.com",
"password": "string",
"tenantId": "string",
"tenant": null
}
Schema of the response body
{
"type": "object",
"properties": {
"registrarUrl": {
"type": "string",
"description": "The base URL of the registrar API",
"format": "uri",
"example": "https://sandbox.eudi-wallet.org/api"
},
"oidcUrl": {
"type": "string",
"description": "The OIDC issuer URL for authentication (e.g., Keycloak realm URL)",
"format": "uri",
"example": "https://auth.example.com/realms/my-realm"
},
"clientId": {
"type": "string",
"description": "The OIDC client ID for the registrar",
"example": "registrar-client"
},
"clientSecret": {
"type": "string",
"description": "The OIDC client secret (optional, for confidential clients)"
},
"username": {
"type": "string",
"description": "The username for OIDC login",
"example": "admin@example.com"
},
"password": {
"type": "string",
"description": "The password for OIDC login (stored in plaintext)"
},
"tenantId": {
"type": "string",
"description": "The tenant ID this configuration belongs to."
},
"tenant": {
"description": "The tenant that owns this configuration.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
}
},
"required": [
"registrarUrl",
"oidcUrl",
"clientId",
"username",
"password",
"tenantId",
"tenant"
]
}
Response 404 Not Found
POST /registrar/config¶
Create or replace registrar configuration
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"registrarUrl": "https://sandbox.eudi-wallet.org/api",
"oidcUrl": "https://auth.example.com/realms/my-realm",
"clientId": "registrar-client",
"clientSecret": "string",
"username": "admin@example.com",
"password": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"registrarUrl": {
"type": "string",
"description": "The base URL of the registrar API",
"format": "uri",
"example": "https://sandbox.eudi-wallet.org/api"
},
"oidcUrl": {
"type": "string",
"description": "The OIDC issuer URL for authentication (e.g., Keycloak realm URL)",
"format": "uri",
"example": "https://auth.example.com/realms/my-realm"
},
"clientId": {
"type": "string",
"description": "The OIDC client ID for the registrar",
"example": "registrar-client"
},
"clientSecret": {
"type": "string",
"description": "The OIDC client secret (optional, for confidential clients)"
},
"username": {
"type": "string",
"description": "The username for OIDC login",
"example": "admin@example.com"
},
"password": {
"type": "string",
"description": "The password for OIDC login (stored in plaintext)"
}
},
"required": [
"registrarUrl",
"oidcUrl",
"clientId",
"username",
"password"
]
}
Response 201 Created
{
"registrarUrl": "https://sandbox.eudi-wallet.org/api",
"oidcUrl": "https://auth.example.com/realms/my-realm",
"clientId": "registrar-client",
"clientSecret": "string",
"username": "admin@example.com",
"password": "string",
"tenantId": "string",
"tenant": null
}
Schema of the response body
{
"type": "object",
"properties": {
"registrarUrl": {
"type": "string",
"description": "The base URL of the registrar API",
"format": "uri",
"example": "https://sandbox.eudi-wallet.org/api"
},
"oidcUrl": {
"type": "string",
"description": "The OIDC issuer URL for authentication (e.g., Keycloak realm URL)",
"format": "uri",
"example": "https://auth.example.com/realms/my-realm"
},
"clientId": {
"type": "string",
"description": "The OIDC client ID for the registrar",
"example": "registrar-client"
},
"clientSecret": {
"type": "string",
"description": "The OIDC client secret (optional, for confidential clients)"
},
"username": {
"type": "string",
"description": "The username for OIDC login",
"example": "admin@example.com"
},
"password": {
"type": "string",
"description": "The password for OIDC login (stored in plaintext)"
},
"tenantId": {
"type": "string",
"description": "The tenant ID this configuration belongs to."
},
"tenant": {
"description": "The tenant that owns this configuration.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
}
},
"required": [
"registrarUrl",
"oidcUrl",
"clientId",
"username",
"password",
"tenantId",
"tenant"
]
}
Response 400 Bad Request
PATCH /registrar/config¶
Update registrar configuration
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"registrarUrl": "https://sandbox.eudi-wallet.org/api",
"oidcUrl": "https://auth.example.com/realms/my-realm",
"clientId": "registrar-client",
"clientSecret": "string",
"username": "admin@example.com",
"password": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"registrarUrl": {
"type": "string",
"description": "The base URL of the registrar API",
"format": "uri",
"example": "https://sandbox.eudi-wallet.org/api"
},
"oidcUrl": {
"type": "string",
"description": "The OIDC issuer URL for authentication (e.g., Keycloak realm URL)",
"format": "uri",
"example": "https://auth.example.com/realms/my-realm"
},
"clientId": {
"type": "string",
"description": "The OIDC client ID for the registrar",
"example": "registrar-client"
},
"clientSecret": {
"type": "string",
"description": "The OIDC client secret (optional, for confidential clients)"
},
"username": {
"type": "string",
"description": "The username for OIDC login",
"example": "admin@example.com"
},
"password": {
"type": "string",
"description": "The password for OIDC login (stored in plaintext)"
}
}
}
Response 200 OK
{
"registrarUrl": "https://sandbox.eudi-wallet.org/api",
"oidcUrl": "https://auth.example.com/realms/my-realm",
"clientId": "registrar-client",
"clientSecret": "string",
"username": "admin@example.com",
"password": "string",
"tenantId": "string",
"tenant": null
}
Schema of the response body
{
"type": "object",
"properties": {
"registrarUrl": {
"type": "string",
"description": "The base URL of the registrar API",
"format": "uri",
"example": "https://sandbox.eudi-wallet.org/api"
},
"oidcUrl": {
"type": "string",
"description": "The OIDC issuer URL for authentication (e.g., Keycloak realm URL)",
"format": "uri",
"example": "https://auth.example.com/realms/my-realm"
},
"clientId": {
"type": "string",
"description": "The OIDC client ID for the registrar",
"example": "registrar-client"
},
"clientSecret": {
"type": "string",
"description": "The OIDC client secret (optional, for confidential clients)"
},
"username": {
"type": "string",
"description": "The username for OIDC login",
"example": "admin@example.com"
},
"password": {
"type": "string",
"description": "The password for OIDC login (stored in plaintext)"
},
"tenantId": {
"type": "string",
"description": "The tenant ID this configuration belongs to."
},
"tenant": {
"description": "The tenant that owns this configuration.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
}
},
"required": [
"registrarUrl",
"oidcUrl",
"clientId",
"username",
"password",
"tenantId",
"tenant"
]
}
Response 400 Bad Request
Response 404 Not Found
DELETE /registrar/config¶
Delete registrar configuration
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 204 No Content
POST /registrar/access-certificate¶
Create an access certificate for a key
Description
Creates an access certificate at the registrar for the specified key. Requires a relying party to be already registered at the registrar. The certificate is automatically stored in EUDIPLO.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Response 201 Created
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Response 400 Bad Request
Response 404 Not Found
Key¶
GET /key/providers¶
List available KMS providers
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the response body
{
"type": "object",
"properties": {
"providers": {
"description": "Detailed info for each registered KMS provider.",
"type": "array",
"items": {
"$ref": "#/components/schemas/KmsProviderInfoDto"
}
},
"default": {
"type": "string",
"description": "The default KMS provider name.",
"example": "db"
}
},
"required": [
"providers",
"default"
]
}
GET /key¶
List all keys for the tenant
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
[
{
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"kmsProvider": "string",
"certificates": [
{
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": [
"string"
],
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
],
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
]
POST /key¶
Import a key
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
{
"type": "object",
"properties": {
"kmsProvider": {
"type": "string",
"description": "KMS provider name to use for this key. Defaults to the configured default.",
"example": "db"
},
"key": {
"description": "The private key in JWK format.",
"allOf": [
{
"$ref": "#/components/schemas/Key"
}
]
},
"id": {
"type": "string",
"description": "Unique identifier for the key."
},
"description": {
"type": "string",
"description": "Description of the key."
}
},
"required": [
"key",
"id"
]
}
Response 201 Created
GET /key/{id}¶
Get a key by ID
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
{
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"kmsProvider": "string",
"certificates": [
{
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": [
"string"
],
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"kmsProvider": "string",
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
],
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the key."
},
"description": {
"type": "string",
"description": "Description of the key."
},
"tenantId": {
"type": "string",
"description": "Tenant ID for the key."
},
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"key": {
"type": "object",
"description": "The key material.\nEncrypted at rest using AES-256-GCM."
},
"usage": {
"type": "object",
"description": "The usage type of the key."
},
"kmsProvider": {
"type": "string",
"description": "The KMS provider used for this key.\nReferences a configured KMS provider name."
},
"certificates": {
"description": "Certificates associated with this key.",
"type": "array",
"items": {
"$ref": "#/components/schemas/CertEntity"
}
},
"createdAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the key was created."
},
"updatedAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the key was last updated."
}
},
"required": [
"id",
"tenantId",
"tenant",
"key",
"usage",
"kmsProvider",
"certificates",
"createdAt",
"updatedAt"
]
}
PUT /key/{id}¶
Update key metadata
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
{
"type": "object",
"properties": {
"kmsProvider": {
"type": "string",
"description": "KMS provider name to use for this key. Defaults to the configured default.",
"example": "db"
},
"id": {
"type": "string",
"description": "Unique identifier for the key."
},
"description": {
"type": "string",
"description": "Description of the key."
}
},
"required": [
"id"
]
}
Response 200 OK
DELETE /key/{id}¶
Delete a key
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
POST /key/generate¶
Generate a key on the server
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
Response 201 Created
Storage¶
POST /storage¶
Upload files that belong to a tenant like images
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Response 201 Created
GET /storage/{key}¶
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
key |
path | string | No |
Response 200 OK
Schemas¶
AllowListPolicy¶
| Name | Type |
|---|---|
policy |
string |
values |
Array<string> |
ApiKeyConfig¶
| Name | Type |
|---|---|
headerName |
string |
value |
string |
AttestationBasedPolicy¶
| Name | Type |
|---|---|
policy |
string |
values |
Array<PolicyCredential> |
AuthorizeQueries¶
| Name | Type |
|---|---|
auth_session |
string |
client_id |
string |
code_challenge |
string |
code_challenge_method |
string |
dpop_jkt |
string |
issuer_state |
string |
redirect_uri |
string |
request_uri |
string |
resource |
string |
response_type |
string |
scope |
string |
state |
string |
CertEntity¶
| Name | Type |
|---|---|
createdAt |
string(date-time) |
crt |
Array<string> |
description |
string |
id |
string |
key |
KeyEntity |
keyId |
string |
tenant |
|
tenantId |
string |
updatedAt |
string(date-time) |
usages |
Array<CertUsageEntity> |
CertImportDto¶
| Name | Type |
|---|---|
certUsageTypes |
Array<string> |
crt |
Array<string> |
description |
string |
id |
string |
keyId |
string |
subjectName |
string |
CertResponseDto¶
| Name | Type |
|---|---|
id |
string |
CertUpdateDto¶
| Name | Type |
|---|---|
certUsageTypes |
Array<string> |
description |
string |
usages |
Array<CertUsageEntity> |
CertUsageEntity¶
| Name | Type |
|---|---|
cert |
CertEntity |
certId |
string |
tenantId |
string |
usage |
string |
ChainedAsConfig¶
| Name | Type |
|---|---|
enabled |
boolean |
requireDPoP |
boolean |
token |
|
upstream |
ChainedAsErrorResponseDto¶
| Name | Type |
|---|---|
error |
string |
error_description |
string |
ChainedAsParRequestDto¶
| Name | Type |
|---|---|
authorization_details |
Array<> |
client_id |
string |
code_challenge |
string |
code_challenge_method |
string |
issuer_state |
string |
redirect_uri |
string |
response_type |
string |
scope |
string |
state |
string |
ChainedAsParResponseDto¶
| Name | Type |
|---|---|
expires_in |
number |
request_uri |
string |
ChainedAsTokenConfig¶
| Name | Type |
|---|---|
lifetimeSeconds |
number |
signingKeyId |
string |
ChainedAsTokenRequestDto¶
| Name | Type |
|---|---|
client_id |
string |
code |
string |
code_verifier |
string |
grant_type |
string |
redirect_uri |
string |
ChainedAsTokenResponseDto¶
| Name | Type |
|---|---|
access_token |
string |
authorization_details |
Array<> |
c_nonce |
string |
c_nonce_expires_in |
number |
expires_in |
number |
scope |
string |
token_type |
string |
ClaimsQuery¶
| Name | Type |
|---|---|
id |
string |
path |
Array<string> |
values |
Array<string> |
ClientEntity¶
| Name | Type |
|---|---|
allowedIssuanceConfigs |
Array<string> |
allowedPresentationConfigs |
Array<string> |
clientId |
string |
description |
string |
roles |
Array<string> |
secret |
string |
tenant |
|
tenantId |
string |
ClientSecretResponseDto¶
| Name | Type |
|---|---|
secret |
string |
CompleteDeferredDto¶
| Name | Type |
|---|---|
claims |
Example: {'given_name': 'John', 'family_name': 'Doe', 'birthdate': '1990-01-15'} |
CreateAccessCertificateDto¶
| Name | Type |
|---|---|
keyId |
string |
CreateClientDto¶
| Name | Type |
|---|---|
allowedIssuanceConfigs |
Array<string> |
allowedPresentationConfigs |
Array<string> |
clientId |
string |
description |
string |
roles |
Array<string> |
secret |
string |
CreateRegistrarConfigDto¶
| Name | Type |
|---|---|
clientId |
string |
clientSecret |
string |
oidcUrl |
string(uri) |
password |
string |
registrarUrl |
string(uri) |
username |
string |
CreateStatusListDto¶
| Name | Type |
|---|---|
bits |
number |
capacity |
number |
certId |
string |
credentialConfigurationId |
string |
CreateTenantDto¶
| Name | Type |
|---|---|
description |
string |
id |
string |
name |
string |
roles |
Array<string> |
sessionConfig |
|
statusListConfig |
CredentialConfig¶
| Name | Type |
|---|---|
cert |
CertEntity |
certId |
string |
claims |
|
claimsWebhook |
|
config |
IssuerMetadataCredentialConfig |
description |
string| null |
disclosureFrame |
|
embeddedDisclosurePolicy |
|
iaeActions |
Array<> |
id |
string |
keyBinding |
boolean |
lifeTime |
number |
notificationWebhook |
|
schema |
|
statusManagement |
boolean |
tenant |
|
vct |
CredentialConfigCreate¶
| Name | Type |
|---|---|
certId |
string |
claims |
|
claimsWebhook |
|
config |
IssuerMetadataCredentialConfig |
description |
string| null |
disclosureFrame |
|
embeddedDisclosurePolicy |
|
iaeActions |
Array<> |
id |
string |
keyBinding |
boolean |
lifeTime |
number |
notificationWebhook |
|
schema |
|
statusManagement |
boolean |
vct |
CredentialConfigUpdate¶
| Name | Type |
|---|---|
certId |
string |
claims |
|
claimsWebhook |
|
config |
IssuerMetadataCredentialConfig |
description |
string| null |
disclosureFrame |
|
embeddedDisclosurePolicy |
|
iaeActions |
Array<> |
id |
string |
keyBinding |
boolean |
lifeTime |
number |
notificationWebhook |
|
schema |
|
statusManagement |
boolean |
vct |
CredentialQuery¶
| Name | Type |
|---|---|
claims |
Array<ClaimsQuery> |
format |
string |
id |
string |
meta |
|
multiple |
boolean |
trusted_authorities |
Array<TrustedAuthorityQuery> |
CredentialSetQuery¶
| Name | Type |
|---|---|
options |
Array<Array<string>> |
required |
boolean |
DbKmsConfigDto¶
DCQL¶
| Name | Type |
|---|---|
credential_sets |
Array<CredentialSetQuery> |
credentials |
Array<CredentialQuery> |
DeferredOperationResponse¶
| Name | Type |
|---|---|
message |
string |
status |
string |
transactionId |
string |
Display¶
| Name | Type |
|---|---|
background_color |
string |
background_image |
DisplayImage |
description |
string |
locale |
string |
logo |
DisplayImage |
name |
string |
text_color |
string |
DisplayImage¶
| Name | Type |
|---|---|
uri |
string |
DisplayInfo¶
| Name | Type |
|---|---|
locale |
string |
logo |
DisplayLogo |
name |
string |
DisplayLogo¶
| Name | Type |
|---|---|
alt_text |
string |
uri |
string |
EmbeddedDisclosurePolicy¶
| Name | Type |
|---|---|
policy |
string |
FailDeferredDto¶
| Name | Type |
|---|---|
error |
string |
FileUploadDto¶
| Name | Type |
|---|---|
file |
string(binary) |
IaeActionOpenid4vpPresentation¶
| Name | Type |
|---|---|
label |
string |
presentationConfigId |
string |
type |
string |
IaeActionRedirectToWeb¶
| Name | Type |
|---|---|
callbackUrl |
string(uri) |
description |
string |
label |
string |
type |
string |
url |
string(uri) |
ImportTenantDto¶
| Name | Type |
|---|---|
description |
string |
name |
string |
IssuanceDto¶
| Name | Type |
|---|---|
authServers |
Array<string> |
batchSize |
number |
chainedAs |
|
display |
Array<DisplayInfo> |
dPopRequired |
boolean |
signingKeyId |
string |
walletAttestationRequired |
boolean |
walletProviderTrustLists |
Array<string> |
IssuerMetadataCredentialConfig¶
| Name | Type |
|---|---|
claimsByNamespace |
|
display |
Array<Display> |
docType |
string |
format |
string |
namespace |
string |
scope |
string |
Key¶
| Name | Type |
|---|---|
alg |
string |
crv |
string |
d |
string |
kty |
string |
x |
string |
y |
string |
KeyEntity¶
| Name | Type |
|---|---|
certificates |
Array<CertEntity> |
createdAt |
string(date-time) |
description |
string |
id |
string |
key |
|
kmsProvider |
string |
tenant |
|
tenantId |
string |
updatedAt |
string(date-time) |
usage |
KeyGenerateDto¶
| Name | Type |
|---|---|
description |
string |
kmsProvider |
string |
KeyImportDto¶
| Name | Type |
|---|---|
description |
string |
id |
string |
key |
|
kmsProvider |
string |
KmsConfigDto¶
| Name | Type |
|---|---|
defaultProvider |
string |
providers |
Properties: db, vault |
KmsProviderCapabilitiesDto¶
| Name | Type |
|---|---|
canCreate |
boolean |
canDelete |
boolean |
canImport |
boolean |
KmsProviderInfoDto¶
| Name | Type |
|---|---|
capabilities |
|
name |
string |
KmsProvidersResponseDto¶
| Name | Type |
|---|---|
default |
string |
providers |
Array<KmsProviderInfoDto> |
NoneTrustPolicy¶
| Name | Type |
|---|---|
policy |
string |
OfferRequestDto¶
| Name | Type |
|---|---|
authorization_server |
string |
credentialClaims |
Example: {'citizen': {'type': 'inline', 'claims': {'given_name': 'John', 'family_name': 'Doe'}}} |
credentialConfigurationIds |
Array<string> |
flow |
string |
notifyWebhook |
|
response_type |
string |
tx_code |
string |
tx_code_description |
string |
OfferResponse¶
| Name | Type |
|---|---|
crossDeviceUri |
string |
session |
string |
uri |
string |
PolicyCredential¶
| Name | Type |
|---|---|
claims |
Array<ClaimsQuery> |
credential_sets |
Array<CredentialSetQuery> |
credentials |
Array<CredentialQuery> |
PresentationAttachment¶
| Name | Type |
|---|---|
credential_ids |
Array<string> |
data |
|
format |
string |
PresentationConfig¶
| Name | Type |
|---|---|
accessCertId |
string| null |
attached |
Array<PresentationAttachment> |
createdAt |
string(date-time) |
dcql_query |
|
description |
string| null |
id |
string |
lifeTime |
number |
redirectUri |
string| null |
registrationCert |
|
tenant |
|
transaction_data |
Array<TransactionData> |
updatedAt |
string(date-time) |
webhook |
PresentationConfigCreateDto¶
| Name | Type |
|---|---|
accessCertId |
string| null |
attached |
Array<PresentationAttachment> |
dcql_query |
|
description |
string| null |
id |
string |
lifeTime |
number |
redirectUri |
string| null |
registrationCert |
|
transaction_data |
Array<TransactionData> |
webhook |
PresentationConfigUpdateDto¶
| Name | Type |
|---|---|
accessCertId |
string| null |
attached |
Array<PresentationAttachment> |
dcql_query |
|
description |
string| null |
id |
string |
lifeTime |
number |
redirectUri |
string| null |
registrationCert |
|
transaction_data |
Array<TransactionData> |
webhook |
PresentationRequest¶
| Name | Type |
|---|---|
redirectUri |
string |
requestId |
string |
response_type |
string |
transaction_data |
Array<TransactionData> |
webhook |
RegistrarConfigEntity¶
| Name | Type |
|---|---|
clientId |
string |
clientSecret |
string |
oidcUrl |
string(uri) |
password |
string |
registrarUrl |
string(uri) |
tenant |
|
tenantId |
string |
username |
string |
RegistrationCertificateRequest¶
| Name | Type |
|---|---|
jwt |
string |
RootOfTrustPolicy¶
| Name | Type |
|---|---|
policy |
string |
values |
string |
SchemaResponse¶
| Name | Type |
|---|---|
$schema |
string |
description |
string |
properties |
|
required |
Array<string> |
title |
string |
type |
string |
Session¶
| Name | Type |
|---|---|
auth_queries |
|
authorization_code |
string |
clientId |
string |
createdAt |
string(date-time) |
credentialPayload |
|
credentials |
Array<> |
expiresAt |
string(date-time) |
externalIssuer |
string |
externalSubject |
string |
id |
string |
notifications |
Array<> |
notifyWebhook |
|
offer |
|
offerUrl |
string |
parsedWebhook |
|
redirectUri |
string| null |
request_uri |
string |
requestId |
string |
requestObject |
string |
requestUrl |
string |
responseUri |
string |
status |
string |
tenant |
|
tenantId |
string |
transaction_data |
Array<TransactionData> |
updatedAt |
string(date-time) |
useDcApi |
boolean |
vp_nonce |
string |
SessionStorageConfig¶
| Name | Type |
|---|---|
cleanupMode |
string |
ttlSeconds |
number |
StatusListConfig¶
| Name | Type |
|---|---|
bits |
number |
capacity |
number |
enableAggregation |
boolean |
immediateUpdate |
boolean |
ttl |
number |
StatusListResponseDto¶
| Name | Type |
|---|---|
availableEntries |
number |
bits |
number |
capacity |
number |
certId |
string| null |
createdAt |
string(date-time) |
credentialConfigurationId |
string| null |
expiresAt |
string(date-time)| null |
id |
string |
tenantId |
string |
uri |
string |
usedEntries |
number |
StatusUpdateDto¶
| Name | Type |
|---|---|
credentialConfigurationId |
string |
sessionId |
string |
status |
number |
TenantEntity¶
| Name | Type |
|---|---|
clients |
Array<ClientEntity> |
description |
string |
id |
string |
name |
string |
sessionConfig |
|
status |
string |
statusListConfig |
TransactionData¶
| Name | Type |
|---|---|
credential_ids |
Array<string> |
type |
string |
TrustedAuthorityQuery¶
| Name | Type |
|---|---|
type |
string |
values |
Array<string> |
TrustList¶
| Name | Type |
|---|---|
cert |
CertEntity |
certId |
string |
createdAt |
string(date-time) |
data |
|
description |
string |
entityConfig |
Array<> |
id |
string |
jwt |
string |
sequenceNumber |
number |
tenant |
|
tenantId |
string |
updatedAt |
string(date-time) |
TrustListCreateDto¶
| Name | Type |
|---|---|
certId |
string |
data |
|
description |
string |
entities |
Array<> |
id |
string |
TrustListVersion¶
| Name | Type |
|---|---|
createdAt |
string(date-time) |
data |
|
entityConfig |
|
id |
string |
jwt |
string |
sequenceNumber |
number |
tenantId |
string |
trustList |
TrustList |
trustListId |
string |
UpdateClientDto¶
| Name | Type |
|---|---|
allowedIssuanceConfigs |
Array<string> |
allowedPresentationConfigs |
Array<string> |
description |
string |
roles |
Array<string> |
UpdateKeyDto¶
| Name | Type |
|---|---|
description |
string |
id |
string |
kmsProvider |
string |
UpdateRegistrarConfigDto¶
| Name | Type |
|---|---|
clientId |
string |
clientSecret |
string |
oidcUrl |
string(uri) |
password |
string |
registrarUrl |
string(uri) |
username |
string |
UpdateSessionConfigDto¶
| Name | Type |
|---|---|
cleanupMode |
string |
ttlSeconds |
number| null |
UpdateStatusListConfigDto¶
| Name | Type |
|---|---|
bits |
number| null |
capacity |
number| null |
enableAggregation |
boolean| null |
immediateUpdate |
boolean| null |
ttl |
number| null |
UpdateStatusListDto¶
| Name | Type |
|---|---|
certId |
string| null |
credentialConfigurationId |
string| null |
UpdateTenantDto¶
| Name | Type |
|---|---|
description |
string |
name |
string |
roles |
Array<string> |
sessionConfig |
|
statusListConfig |
UpstreamOidcConfig¶
| Name | Type |
|---|---|
clientId |
string |
clientSecret |
string |
issuer |
string(uri) |
scopes |
Array<string> |
VaultKmsConfigDto¶
| Name | Type |
|---|---|
vaultToken |
string |
vaultUrl |
string |
VCT¶
| Name | Type |
|---|---|
description |
string |
extends |
string |
extends#integrity |
string |
name |
string |
schema_uri |
string |
schema_uri#integrity |
string |
vct |
string |
WebHookAuthConfigHeader¶
| Name | Type |
|---|---|
config |
|
type |
string |
WebHookAuthConfigNone¶
| Name | Type |
|---|---|
type |
string |
WebhookConfig¶
| Name | Type |
|---|---|
auth |
|
url |
string |
Security schemes¶
| Name | Type | Scheme | Description |
|---|---|---|---|
| oauth2 | oauth2 |
More documentation¶
Documentation
For more information: https://openwallet-foundation-labs.github.io/eudiplo/latest/