EUDIPLO Service API main¶
This is the API documentation for the EUDIPLO Service, which provides credential issuance and verification services
App¶
GET /¶
Main endpoint providing service info
Response 200 OK
GET /health¶
Endpoint to check the health of the service.
Response 200 OK
{
"status": "ok",
"info": {
"database": {
"status": "up"
}
},
"error": {},
"details": {
"database": {
"status": "up"
}
}
}
Schema of the response body
{
"type": "object",
"properties": {
"status": {
"type": "string",
"example": "ok"
},
"info": {
"type": "object",
"example": {
"database": {
"status": "up"
}
},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
},
"nullable": true
},
"error": {
"type": "object",
"example": {},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
},
"nullable": true
},
"details": {
"type": "object",
"example": {
"database": {
"status": "up"
}
},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
}
}
}
}
Response 503 Service Unavailable
{
"status": "error",
"info": {
"database": {
"status": "up"
}
},
"error": {
"redis": {
"status": "down",
"message": "Could not connect"
}
},
"details": {
"database": {
"status": "up"
},
"redis": {
"status": "down",
"message": "Could not connect"
}
}
}
Schema of the response body
{
"type": "object",
"properties": {
"status": {
"type": "string",
"example": "error"
},
"info": {
"type": "object",
"example": {
"database": {
"status": "up"
}
},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
},
"nullable": true
},
"error": {
"type": "object",
"example": {
"redis": {
"status": "down",
"message": "Could not connect"
}
},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
},
"nullable": true
},
"details": {
"type": "object",
"example": {
"database": {
"status": "up"
},
"redis": {
"status": "down",
"message": "Could not connect"
}
},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
}
}
}
}
Prometheus¶
GET /metrics¶
Response 200 OK
Tenant¶
GET /tenant¶
Get all tenants
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
[
{
"sessionConfig": null,
"statusListConfig": null,
"id": "string",
"name": "string",
"description": "string",
"status": "string",
"clients": [
{
"clientId": "string",
"secret": "string",
"tenantId": "string",
"description": "string",
"roles": [
"presentation:manage"
],
"tenant": null
}
]
}
]
POST /tenant¶
Initialize a tenant
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"statusListConfig": null,
"sessionConfig": null,
"roles": [
"presentation:manage"
],
"id": "string",
"name": "string",
"description": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"statusListConfig": {
"nullable": true,
"description": "Status list configuration for this tenant. Only affects newly created status lists.",
"allOf": [
{
"$ref": "#/components/schemas/StatusListConfig"
}
]
},
"sessionConfig": {
"description": "Session storage configuration. Controls TTL and cleanup behavior.",
"allOf": [
{
"$ref": "#/components/schemas/SessionStorageConfig"
}
]
},
"roles": {
"type": "array",
"items": {
"type": "string",
"enum": [
"presentation:manage",
"presentation:offer",
"issuance:manage",
"issuance:offer",
"clients:manage",
"tenants:manage",
"registrar:manage"
]
}
},
"id": {
"type": "string",
"description": "The unique identifier for the tenant."
},
"name": {
"type": "string",
"description": "The name of the tenant."
},
"description": {
"type": "string",
"description": "The description of the tenant."
}
},
"required": [
"id",
"name"
]
}
Response 201 Created
GET /tenant/{id}¶
Get a tenant by ID
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
{
"sessionConfig": null,
"statusListConfig": null,
"id": "string",
"name": "string",
"description": "string",
"status": "string",
"clients": [
{
"clientId": "string",
"secret": "string",
"tenantId": "string",
"description": "string",
"roles": [
"presentation:manage"
],
"tenant": null
}
]
}
Schema of the response body
{
"type": "object",
"properties": {
"sessionConfig": {
"nullable": true,
"description": "Session storage configuration for this tenant. Controls TTL and cleanup behavior.",
"allOf": [
{
"$ref": "#/components/schemas/SessionStorageConfig"
}
]
},
"statusListConfig": {
"nullable": true,
"description": "Status list configuration for this tenant. Only affects newly created status lists.",
"allOf": [
{
"$ref": "#/components/schemas/StatusListConfig"
}
]
},
"id": {
"type": "string",
"description": "The unique identifier for the tenant."
},
"name": {
"type": "string",
"description": "The name of the tenant."
},
"description": {
"type": "string",
"description": "The description of the tenant."
},
"status": {
"type": "string",
"description": "The current status of the tenant."
},
"clients": {
"description": "The clients associated with the tenant.",
"type": "array",
"items": {
"$ref": "#/components/schemas/ClientEntity"
}
}
},
"required": [
"id",
"name",
"status",
"clients"
]
}
PATCH /tenant/{id}¶
Update a tenant by ID
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Request body
{
"statusListConfig": null,
"sessionConfig": null,
"name": "string",
"description": "string",
"roles": [
"presentation:manage"
]
}
Schema of the request body
{
"type": "object",
"properties": {
"statusListConfig": {
"nullable": true,
"description": "Status list configuration for this tenant. Only affects newly created status lists.",
"allOf": [
{
"$ref": "#/components/schemas/StatusListConfig"
}
]
},
"sessionConfig": {
"description": "Session storage configuration. Controls TTL and cleanup behavior.",
"allOf": [
{
"$ref": "#/components/schemas/SessionStorageConfig"
}
]
},
"name": {
"type": "string",
"description": "The name of the tenant."
},
"description": {
"type": "string",
"description": "The description of the tenant."
},
"roles": {
"type": "array",
"items": {
"type": "string",
"enum": [
"presentation:manage",
"presentation:offer",
"issuance:manage",
"issuance:offer",
"clients:manage",
"tenants:manage",
"registrar:manage"
]
}
}
}
}
Response 200 OK
{
"sessionConfig": null,
"statusListConfig": null,
"id": "string",
"name": "string",
"description": "string",
"status": "string",
"clients": [
{
"clientId": "string",
"secret": "string",
"tenantId": "string",
"description": "string",
"roles": [
"presentation:manage"
],
"tenant": null
}
]
}
Schema of the response body
{
"type": "object",
"properties": {
"sessionConfig": {
"nullable": true,
"description": "Session storage configuration for this tenant. Controls TTL and cleanup behavior.",
"allOf": [
{
"$ref": "#/components/schemas/SessionStorageConfig"
}
]
},
"statusListConfig": {
"nullable": true,
"description": "Status list configuration for this tenant. Only affects newly created status lists.",
"allOf": [
{
"$ref": "#/components/schemas/StatusListConfig"
}
]
},
"id": {
"type": "string",
"description": "The unique identifier for the tenant."
},
"name": {
"type": "string",
"description": "The name of the tenant."
},
"description": {
"type": "string",
"description": "The description of the tenant."
},
"status": {
"type": "string",
"description": "The current status of the tenant."
},
"clients": {
"description": "The clients associated with the tenant.",
"type": "array",
"items": {
"$ref": "#/components/schemas/ClientEntity"
}
}
},
"required": [
"id",
"name",
"status",
"clients"
]
}
DELETE /tenant/{id}¶
Deletes a tenant by ID
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
Client¶
GET /client¶
Get all clients for a user
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
POST /client¶
Create a new client
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"clientId": "string",
"secret": "string",
"description": "string",
"roles": [
"presentation:manage"
]
}
Schema of the request body
{
"type": "object",
"properties": {
"clientId": {
"type": "string",
"description": "The unique identifier for the client."
},
"secret": {
"type": "string",
"description": "The secret key for the client."
},
"description": {
"type": "string",
"description": "The description of the client."
},
"roles": {
"type": "array",
"description": "The roles assigned to the client.",
"items": {
"type": "string",
"enum": [
"presentation:manage",
"presentation:offer",
"issuance:manage",
"issuance:offer",
"clients:manage",
"tenants:manage",
"registrar:manage"
]
}
}
},
"required": [
"clientId",
"roles"
]
}
Response 201 Created
{
"clientId": "string",
"secret": "string",
"tenantId": "string",
"description": "string",
"roles": [
"presentation:manage"
],
"tenant": null
}
Schema of the response body
{
"type": "object",
"properties": {
"clientId": {
"type": "string",
"description": "The unique identifier for the client."
},
"secret": {
"type": "string",
"description": "The secret key for the client."
},
"tenantId": {
"type": "string",
"description": "The unique identifier for the tenant that the client belongs to. Only null for accounts that manage tenants, that do not belong to a client"
},
"description": {
"type": "string",
"description": "The description of the client."
},
"roles": {
"description": "The roles assigned to the client.",
"type": "array",
"items": {
"type": "string",
"enum": [
"presentation:manage",
"presentation:offer",
"issuance:manage",
"issuance:offer",
"clients:manage",
"tenants:manage",
"registrar:manage"
]
}
},
"tenant": {
"description": "The tenant that the client belongs to.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
}
},
"required": [
"clientId",
"roles"
]
}
GET /client/{id}¶
Get a client by its id
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
{
"clientId": "string",
"secret": "string",
"tenantId": "string",
"description": "string",
"roles": [
"presentation:manage"
],
"tenant": null
}
Schema of the response body
{
"type": "object",
"properties": {
"clientId": {
"type": "string",
"description": "The unique identifier for the client."
},
"secret": {
"type": "string",
"description": "The secret key for the client."
},
"tenantId": {
"type": "string",
"description": "The unique identifier for the tenant that the client belongs to. Only null for accounts that manage tenants, that do not belong to a client"
},
"description": {
"type": "string",
"description": "The description of the client."
},
"roles": {
"description": "The roles assigned to the client.",
"type": "array",
"items": {
"type": "string",
"enum": [
"presentation:manage",
"presentation:offer",
"issuance:manage",
"issuance:offer",
"clients:manage",
"tenants:manage",
"registrar:manage"
]
}
},
"tenant": {
"description": "The tenant that the client belongs to.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
}
},
"required": [
"clientId",
"roles"
]
}
PATCH /client/{id}¶
Update a client by its id
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
{
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "The description of the client."
},
"roles": {
"type": "array",
"description": "The roles assigned to the client.",
"items": {
"type": "string",
"enum": [
"presentation:manage",
"presentation:offer",
"issuance:manage",
"issuance:offer",
"clients:manage",
"tenants:manage",
"registrar:manage"
]
}
}
},
"required": [
"roles"
]
}
Response 200 OK
DELETE /client/{id}¶
Get a client by its id
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
GET /client/{id}/secret¶
Get a client's secret by its id
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
Key¶
GET /key¶
Get all keys for the tenant.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
[
{
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"certificates": [
{
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": "string",
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
],
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
]
POST /key¶
Add a new key to the key service.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
{
"type": "object",
"properties": {
"key": {
"description": "The private key in JWK format.",
"allOf": [
{
"$ref": "#/components/schemas/Key"
}
]
},
"id": {
"type": "string",
"description": "Unique identifier for the key."
},
"description": {
"type": "string",
"description": "Description of the key."
}
},
"required": [
"key",
"id"
]
}
Response 201 Created
GET /key/{id}¶
Get a specific key by ID
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
{
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"certificates": [
{
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": "string",
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
],
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the key."
},
"description": {
"type": "string",
"description": "Description of the key."
},
"tenantId": {
"type": "string",
"description": "Tenant ID for the key."
},
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"key": {
"type": "object",
"description": "The key material."
},
"usage": {
"type": "object",
"description": "The usage type of the key."
},
"certificates": {
"description": "Certificates associated with this key.",
"type": "array",
"items": {
"$ref": "#/components/schemas/CertEntity"
}
},
"createdAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the key was created."
},
"updatedAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the key was last updated."
}
},
"required": [
"id",
"tenantId",
"tenant",
"key",
"usage",
"certificates",
"createdAt",
"updatedAt"
]
}
PUT /key/{id}¶
Updates an existing key in the key service.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Response 200 OK
DELETE /key/{id}¶
Delete a key from the key service.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
Certificate¶
GET /certs¶
Get all certificates for the authenticated tenant. Can be filtered by keyId using query parameter.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
keyId |
query | string | No |
Response 200 OK
[
{
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": "string",
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
]
POST /certs¶
Add a new certificate to a key. If no certificate is provided, a self-signed certificate will be generated.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"certUsageTypes": [
"access"
],
"crt": "string",
"subjectName": "string",
"description": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"keyId": {
"type": "string",
"description": "The key ID this certificate is associated with",
"example": "039af178-3ca0-48f4-a2e4-7b1209f30376"
},
"id": {
"type": "string"
},
"certUsageTypes": {
"description": "Usage types for the certificate.",
"type": "array",
"items": {
"type": "string",
"enum": [
"access",
"signing",
"trustList",
"statusList"
]
}
},
"crt": {
"type": "string",
"description": "Certificate in PEM format, if not provided, a self-signed certificate will be generated."
},
"subjectName": {
"type": "string",
"description": "Subject name (CN) for self-signed certificate generation.\nIf not provided, the tenant name will be used."
},
"description": {
"type": "string",
"description": "Description of the key."
}
},
"required": [
"keyId",
"certUsageTypes"
]
}
Response 201 Created
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
GET /certs/{certId}¶
Get a specific certificate by ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
certId |
path | string | No |
Response 200 OK
{
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": "string",
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": "string",
"usages": null,
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
}
],
"description": "string",
"key": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"keyId": {
"type": "string",
"description": "The key ID this certificate is associated with",
"example": "039af178-3ca0-48f4-a2e4-7b1209f30376"
},
"id": {
"type": "string",
"description": "Unique identifier for the key."
},
"tenantId": {
"type": "string",
"description": "Tenant ID for the key."
},
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"crt": {
"type": "string",
"description": "Certificate in PEM format."
},
"usages": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CertUsageEntity"
}
},
"description": {
"type": "string",
"description": "Description of the key."
},
"key": {
"$ref": "#/components/schemas/KeyEntity"
},
"createdAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the certificate was created."
},
"updatedAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the certificate was last updated."
}
},
"required": [
"keyId",
"id",
"tenantId",
"tenant",
"crt",
"usages",
"key",
"createdAt",
"updatedAt"
]
}
PATCH /certs/{certId}¶
Update certificate metadata (description and usage types).
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
certId |
path | string | No |
Request body
{
"certUsageTypes": [
"access"
],
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": "string",
"usages": null,
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
}
],
"description": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"certUsageTypes": {
"type": "array",
"description": "Usage types for the certificate.",
"items": {
"type": "string",
"enum": [
"access",
"signing",
"trustList",
"statusList"
]
}
},
"usages": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CertUsageEntity"
}
},
"description": {
"type": "string",
"description": "Description of the key."
}
},
"required": [
"certUsageTypes",
"usages"
]
}
Response 200 OK
DELETE /certs/{certId}¶
Delete a certificate.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
certId |
path | string | No |
Response 200 OK
GET /certs/{certId}/config¶
Export the configuration of a certificate for import/export purposes.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
certId |
path | string | No |
Response 200 OK
{
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"certUsageTypes": [
"access"
],
"crt": "string",
"subjectName": "string",
"description": "string"
}
Schema of the response body
{
"type": "object",
"properties": {
"keyId": {
"type": "string",
"description": "The key ID this certificate is associated with",
"example": "039af178-3ca0-48f4-a2e4-7b1209f30376"
},
"id": {
"type": "string"
},
"certUsageTypes": {
"description": "Usage types for the certificate.",
"type": "array",
"items": {
"type": "string",
"enum": [
"access",
"signing",
"trustList",
"statusList"
]
}
},
"crt": {
"type": "string",
"description": "Certificate in PEM format, if not provided, a self-signed certificate will be generated."
},
"subjectName": {
"type": "string",
"description": "Subject name (CN) for self-signed certificate generation.\nIf not provided, the tenant name will be used."
},
"description": {
"type": "string",
"description": "Description of the key."
}
},
"required": [
"keyId",
"certUsageTypes"
]
}
status-list-config¶
GET /status-list-config¶
Get status list configuration
Description
Returns the current status list configuration for the tenant. Fields not set use global defaults.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
{
"capacity": 10000,
"bits": 10.12,
"ttl": 3600,
"immediateUpdate": true,
"enableAggregation": true
}
Schema of the response body
{
"type": "object",
"properties": {
"capacity": {
"type": "number",
"description": "The capacity of the status list. If not set, uses global STATUS_CAPACITY.",
"example": 10000,
"minimum": 100
},
"bits": {
"type": "number",
"description": "Bits per status entry: 1 (valid/revoked), 2 (with suspended), 4/8 (extended). If not set, uses global STATUS_BITS.",
"enum": [
1,
2,
4,
8
],
"default": 1
},
"ttl": {
"type": "number",
"description": "TTL in seconds for the status list JWT. If not set, uses global STATUS_TTL.",
"example": 3600,
"minimum": 60
},
"immediateUpdate": {
"type": "boolean",
"description": "If true, regenerate JWT immediately on status changes. If false (default), use lazy regeneration on TTL expiry.",
"default": false
},
"enableAggregation": {
"type": "boolean",
"description": "If true, include aggregation_uri in status list JWTs for pre-fetching support (default: true).",
"default": true
}
}
}
PUT /status-list-config¶
Update status list configuration
Description
Update the status list configuration. Changes only affect newly created status lists. Set a field to null to reset to global default.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"capacity": 10000,
"bits": 10.12,
"ttl": 3600,
"immediateUpdate": true,
"enableAggregation": true
}
Schema of the request body
{
"type": "object",
"properties": {
"capacity": {
"type": "number",
"nullable": true,
"description": "The capacity of the status list. Set to null to reset to global default.",
"minimum": 100,
"example": 10000
},
"bits": {
"type": "number",
"nullable": true,
"description": "Bits per status entry. Set to null to reset to global default.",
"enum": [
1,
2,
4,
8
]
},
"ttl": {
"type": "number",
"nullable": true,
"description": "TTL in seconds for the status list JWT. Set to null to reset to global default.",
"minimum": 60,
"example": 3600
},
"immediateUpdate": {
"type": "boolean",
"nullable": true,
"description": "If true, regenerate JWT on every status change. Set to null to reset to default (false)."
},
"enableAggregation": {
"type": "boolean",
"nullable": true,
"description": "If true, include aggregation_uri in status list JWTs for pre-fetching support. Set to null to reset to default (true)."
}
}
}
Response 200 OK
{
"capacity": 10000,
"bits": 10.12,
"ttl": 3600,
"immediateUpdate": true,
"enableAggregation": true
}
Schema of the response body
{
"type": "object",
"properties": {
"capacity": {
"type": "number",
"description": "The capacity of the status list. If not set, uses global STATUS_CAPACITY.",
"example": 10000,
"minimum": 100
},
"bits": {
"type": "number",
"description": "Bits per status entry: 1 (valid/revoked), 2 (with suspended), 4/8 (extended). If not set, uses global STATUS_BITS.",
"enum": [
1,
2,
4,
8
],
"default": 1
},
"ttl": {
"type": "number",
"description": "TTL in seconds for the status list JWT. If not set, uses global STATUS_TTL.",
"example": 3600,
"minimum": 60
},
"immediateUpdate": {
"type": "boolean",
"description": "If true, regenerate JWT immediately on status changes. If false (default), use lazy regeneration on TTL expiry.",
"default": false
},
"enableAggregation": {
"type": "boolean",
"description": "If true, include aggregation_uri in status list JWTs for pre-fetching support (default: true).",
"default": true
}
}
}
DELETE /status-list-config¶
Reset status list configuration
Description
Reset the status list configuration to global defaults. Only affects newly created status lists.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 204 No Content
status-lists¶
GET /status-lists¶
List all status lists
Description
Returns all status lists for the tenant, including their capacity and usage.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
[
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"tenantId": "root",
"credentialConfigurationId": "org.iso.18013.5.1.mDL",
"certId": "my-status-list-cert",
"bits": 1,
"capacity": 10000,
"usedEntries": 150,
"availableEntries": 9850,
"uri": "https://example.com/root/status-management/status-list/550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2024-01-15T10:30:00.000Z",
"expiresAt": "2024-01-15T11:30:00.000Z"
}
]
POST /status-lists¶
Create a status list
Description
Creates a new status list. Optionally bind it to a specific credential configuration and/or certificate.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"credentialConfigurationId": "org.iso.18013.5.1.mDL",
"certId": "my-status-list-cert",
"bits": 1,
"capacity": 100000
}
Schema of the request body
{
"type": "object",
"properties": {
"credentialConfigurationId": {
"type": "string",
"description": "Credential configuration ID to bind this list exclusively to. Leave empty for a shared list.",
"example": "org.iso.18013.5.1.mDL"
},
"certId": {
"type": "string",
"description": "Certificate ID to use for signing. Leave empty to use the tenant's default StatusList certificate.",
"example": "my-status-list-cert"
},
"bits": {
"type": "number",
"description": "Bits per status value. More bits allow more status states. Defaults to tenant configuration.",
"enum": [
1,
2,
4,
8
],
"example": 1
},
"capacity": {
"type": "number",
"description": "Maximum number of credential status entries. Defaults to tenant configuration.",
"minimum": 1000,
"example": 100000
}
}
}
Response 201 Created
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"tenantId": "root",
"credentialConfigurationId": "org.iso.18013.5.1.mDL",
"certId": "my-status-list-cert",
"bits": 1,
"capacity": 10000,
"usedEntries": 150,
"availableEntries": 9850,
"uri": "https://example.com/root/status-management/status-list/550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2024-01-15T10:30:00.000Z",
"expiresAt": "2024-01-15T11:30:00.000Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the status list",
"example": "550e8400-e29b-41d4-a716-446655440000"
},
"tenantId": {
"type": "string",
"description": "The tenant ID",
"example": "root"
},
"credentialConfigurationId": {
"type": "string",
"nullable": true,
"description": "Credential configuration ID this list is bound to. Null means shared.",
"example": "org.iso.18013.5.1.mDL"
},
"certId": {
"type": "string",
"nullable": true,
"description": "Certificate ID used for signing. Null means using the tenant's default.",
"example": "my-status-list-cert"
},
"bits": {
"type": "number",
"description": "Bits per status value",
"enum": [
1,
2,
4,
8
],
"example": 1
},
"capacity": {
"type": "number",
"description": "Total capacity of the status list",
"example": 10000
},
"usedEntries": {
"type": "number",
"description": "Number of entries in use",
"example": 150
},
"availableEntries": {
"type": "number",
"description": "Number of available entries",
"example": 9850
},
"uri": {
"type": "string",
"description": "The public URI for this status list",
"example": "https://example.com/root/status-management/status-list/550e8400-e29b-41d4-a716-446655440000"
},
"createdAt": {
"format": "date-time",
"type": "string",
"description": "Creation timestamp",
"example": "2024-01-15T10:30:00.000Z"
},
"expiresAt": {
"format": "date-time",
"type": "string",
"nullable": true,
"description": "JWT expiration timestamp. Null if JWT has not been generated yet.",
"example": "2024-01-15T11:30:00.000Z"
}
},
"required": [
"id",
"tenantId",
"bits",
"capacity",
"usedEntries",
"availableEntries",
"uri",
"createdAt"
]
}
GET /status-lists/{listId}¶
Get a status list
Description
Returns details for a specific status list.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
listId |
path | string | No | The status list ID |
Response 200 OK
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"tenantId": "root",
"credentialConfigurationId": "org.iso.18013.5.1.mDL",
"certId": "my-status-list-cert",
"bits": 1,
"capacity": 10000,
"usedEntries": 150,
"availableEntries": 9850,
"uri": "https://example.com/root/status-management/status-list/550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2024-01-15T10:30:00.000Z",
"expiresAt": "2024-01-15T11:30:00.000Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the status list",
"example": "550e8400-e29b-41d4-a716-446655440000"
},
"tenantId": {
"type": "string",
"description": "The tenant ID",
"example": "root"
},
"credentialConfigurationId": {
"type": "string",
"nullable": true,
"description": "Credential configuration ID this list is bound to. Null means shared.",
"example": "org.iso.18013.5.1.mDL"
},
"certId": {
"type": "string",
"nullable": true,
"description": "Certificate ID used for signing. Null means using the tenant's default.",
"example": "my-status-list-cert"
},
"bits": {
"type": "number",
"description": "Bits per status value",
"enum": [
1,
2,
4,
8
],
"example": 1
},
"capacity": {
"type": "number",
"description": "Total capacity of the status list",
"example": 10000
},
"usedEntries": {
"type": "number",
"description": "Number of entries in use",
"example": 150
},
"availableEntries": {
"type": "number",
"description": "Number of available entries",
"example": 9850
},
"uri": {
"type": "string",
"description": "The public URI for this status list",
"example": "https://example.com/root/status-management/status-list/550e8400-e29b-41d4-a716-446655440000"
},
"createdAt": {
"format": "date-time",
"type": "string",
"description": "Creation timestamp",
"example": "2024-01-15T10:30:00.000Z"
},
"expiresAt": {
"format": "date-time",
"type": "string",
"nullable": true,
"description": "JWT expiration timestamp. Null if JWT has not been generated yet.",
"example": "2024-01-15T11:30:00.000Z"
}
},
"required": [
"id",
"tenantId",
"bits",
"capacity",
"usedEntries",
"availableEntries",
"uri",
"createdAt"
]
}
PATCH /status-lists/{listId}¶
Update a status list
Description
Update a status list's credential configuration binding and/or certificate.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
listId |
path | string | No | The status list ID |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
{
"type": "object",
"properties": {
"credentialConfigurationId": {
"type": "string",
"nullable": true,
"description": "Credential configuration ID to bind this list exclusively to. Set to null to make this a shared list.",
"example": "org.iso.18013.5.1.mDL"
},
"certId": {
"type": "string",
"nullable": true,
"description": "Certificate ID to use for signing. Set to null to use the tenant's default StatusList certificate.",
"example": "my-status-list-cert"
}
}
}
Response 200 OK
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"tenantId": "root",
"credentialConfigurationId": "org.iso.18013.5.1.mDL",
"certId": "my-status-list-cert",
"bits": 1,
"capacity": 10000,
"usedEntries": 150,
"availableEntries": 9850,
"uri": "https://example.com/root/status-management/status-list/550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2024-01-15T10:30:00.000Z",
"expiresAt": "2024-01-15T11:30:00.000Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the status list",
"example": "550e8400-e29b-41d4-a716-446655440000"
},
"tenantId": {
"type": "string",
"description": "The tenant ID",
"example": "root"
},
"credentialConfigurationId": {
"type": "string",
"nullable": true,
"description": "Credential configuration ID this list is bound to. Null means shared.",
"example": "org.iso.18013.5.1.mDL"
},
"certId": {
"type": "string",
"nullable": true,
"description": "Certificate ID used for signing. Null means using the tenant's default.",
"example": "my-status-list-cert"
},
"bits": {
"type": "number",
"description": "Bits per status value",
"enum": [
1,
2,
4,
8
],
"example": 1
},
"capacity": {
"type": "number",
"description": "Total capacity of the status list",
"example": 10000
},
"usedEntries": {
"type": "number",
"description": "Number of entries in use",
"example": 150
},
"availableEntries": {
"type": "number",
"description": "Number of available entries",
"example": 9850
},
"uri": {
"type": "string",
"description": "The public URI for this status list",
"example": "https://example.com/root/status-management/status-list/550e8400-e29b-41d4-a716-446655440000"
},
"createdAt": {
"format": "date-time",
"type": "string",
"description": "Creation timestamp",
"example": "2024-01-15T10:30:00.000Z"
},
"expiresAt": {
"format": "date-time",
"type": "string",
"nullable": true,
"description": "JWT expiration timestamp. Null if JWT has not been generated yet.",
"example": "2024-01-15T11:30:00.000Z"
}
},
"required": [
"id",
"tenantId",
"bits",
"capacity",
"usedEntries",
"availableEntries",
"uri",
"createdAt"
]
}
DELETE /status-lists/{listId}¶
Delete a status list
Description
Delete a status list. Only allowed if no credentials are using it.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
listId |
path | string | No | The status list ID |
Response 204 No Content
Session¶
GET /session¶
Retrieves all sessions.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
[
{
"status": "active",
"id": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z",
"expiresAt": "2022-04-13T15:42:05.901Z",
"useDcApi": true,
"tenantId": "string",
"tenant": null,
"authorization_code": "string",
"request_uri": "string",
"auth_queries": null,
"offer": {},
"offerUrl": "string",
"credentialPayload": null,
"notifyWebhook": null,
"notifications": [
{}
],
"requestId": "string",
"requestUrl": "string",
"requestObject": "string",
"credentials": [
{}
],
"vp_nonce": "string",
"clientId": "string",
"responseUri": "string",
"redirectUri": "string",
"parsedWebhook": null
}
]
GET /session/{id}¶
Retrieves the session information for a given session ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No | The session ID |
Response 200 OK
{
"status": "active",
"id": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z",
"expiresAt": "2022-04-13T15:42:05.901Z",
"useDcApi": true,
"tenantId": "string",
"tenant": null,
"authorization_code": "string",
"request_uri": "string",
"auth_queries": null,
"offer": {},
"offerUrl": "string",
"credentialPayload": null,
"notifyWebhook": null,
"notifications": [
{}
],
"requestId": "string",
"requestUrl": "string",
"requestObject": "string",
"credentials": [
{}
],
"vp_nonce": "string",
"clientId": "string",
"responseUri": "string",
"redirectUri": "string",
"parsedWebhook": null
}
Schema of the response body
{
"type": "object",
"properties": {
"status": {
"description": "Status of the session.",
"enum": [
"active",
"fetched",
"completed",
"expired",
"failed"
],
"type": "string"
},
"id": {
"type": "string",
"description": "Unique identifier for the session."
},
"createdAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the request was created."
},
"updatedAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the request was last updated."
},
"expiresAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the request is set to expire."
},
"useDcApi": {
"type": "boolean",
"description": "Flag indicating whether to use the DC API for the presentation request."
},
"tenantId": {
"type": "string",
"description": "Tenant ID for multi-tenancy support."
},
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"authorization_code": {
"type": "string"
},
"request_uri": {
"type": "string",
"description": "Request URI from the authorization request."
},
"auth_queries": {
"description": "Authorization queries associated with the session.",
"allOf": [
{
"$ref": "#/components/schemas/AuthorizeQueries"
}
]
},
"offer": {
"description": "Credential offer object containing details about the credential offer or presentation request.",
"type": "object"
},
"offerUrl": {
"type": "string",
"description": "Offer URL for the credential offer."
},
"credentialPayload": {
"description": "Credential payload containing the offer request details.",
"allOf": [
{
"$ref": "#/components/schemas/OfferRequestDto"
}
]
},
"notifyWebhook": {
"description": "Webhook configuration to send the result of the notification response.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"notifications": {
"description": "Notifications associated with the session.",
"type": "array",
"items": {
"type": "object"
}
},
"requestId": {
"type": "string"
},
"requestUrl": {
"type": "string",
"description": "The URL of the presentation auth request."
},
"requestObject": {
"type": "string",
"description": "Signed presentation auth request."
},
"credentials": {
"description": "Verified credentials from the presentation process.",
"type": "array",
"items": {
"type": "object"
}
},
"vp_nonce": {
"type": "string",
"description": "Noncce from the Verifiable Presentation request."
},
"clientId": {
"type": "string",
"description": "Client ID used in the OID4VP authorization request."
},
"responseUri": {
"type": "string",
"description": "Response URI used in the OID4VP authorization request."
},
"redirectUri": {
"type": "string",
"description": "Redirect URI to which the user-agent should be redirected after the presentation is completed."
},
"parsedWebhook": {
"description": "Where to send the claims webhook response.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
}
},
"required": [
"status",
"id",
"createdAt",
"updatedAt",
"useDcApi",
"tenantId",
"tenant",
"notifications"
]
}
DELETE /session/{id}¶
Deletes a session by its ID
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
POST /session/revoke¶
Update the status of the credentials of a specific session.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
{
"type": "object",
"properties": {
"sessionId": {
"type": "string",
"description": "The session ID of the user"
},
"credentialConfigurationId": {
"type": "string",
"description": "The ID of the credential configuration\nThis is optional, if not provided, all credentials will be revoked of the session."
},
"status": {
"type": "number",
"description": "The status of the credential\n0 = valid, 1 = revoked, 2 = suspended"
}
},
"required": [
"sessionId",
"status"
]
}
Response 201 Created
GET /session-config¶
Get session storage configuration
Description
Returns the session storage configuration for the current tenant.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the response body
{
"type": "object",
"properties": {
"ttlSeconds": {
"type": "number",
"description": "Time-to-live for sessions in seconds. If not set, uses global SESSION_TTL.",
"example": 86400,
"minimum": 60
},
"cleanupMode": {
"type": "string",
"description": "Cleanup mode: 'full' deletes everything, 'anonymize' keeps metadata but removes PII.",
"enum": [
"full",
"anonymize"
],
"default": "full"
}
}
}
PUT /session-config¶
Update session storage configuration
Description
Updates the session storage configuration for the current tenant.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
{
"type": "object",
"properties": {
"ttlSeconds": {
"type": "number",
"nullable": true,
"description": "Time-to-live for sessions in seconds. Set to null to use global default.",
"minimum": 60,
"example": 86400
},
"cleanupMode": {
"description": "Cleanup mode: 'full' deletes everything, 'anonymize' keeps metadata but removes PII.",
"enum": [
"full",
"anonymize"
],
"type": "string",
"default": "full"
}
}
}
Response 200 OK
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the response body
{
"type": "object",
"properties": {
"ttlSeconds": {
"type": "number",
"description": "Time-to-live for sessions in seconds. If not set, uses global SESSION_TTL.",
"example": 86400,
"minimum": 60
},
"cleanupMode": {
"type": "string",
"description": "Cleanup mode: 'full' deletes everything, 'anonymize' keeps metadata but removes PII.",
"enum": [
"full",
"anonymize"
],
"default": "full"
}
}
}
DELETE /session-config¶
Reset session storage configuration
Description
Resets the session storage configuration to use global defaults.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
Issuer¶
GET /issuer/config¶
Returns the issuance configurations for this tenant.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
{
"tenant": null,
"authServers": [
"string"
],
"batchSize": 10.12,
"dPopRequired": true,
"display": [
{
"name": "string",
"locale": "string",
"logo": {
"uri": "string",
"alt_text": "string"
}
}
],
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"authServers": {
"description": "Authentication server URL for the issuance process.",
"type": "array",
"items": {
"type": "string"
}
},
"batchSize": {
"type": "number",
"description": "Value to determine the amount of credentials that are issued in a batch.\nDefault is 1."
},
"dPopRequired": {
"type": "boolean",
"description": "Indicates whether DPoP is required for the issuance process. Default value is true."
},
"display": {
"type": "array",
"items": {
"$ref": "#/components/schemas/DisplayInfo"
}
},
"createdAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the VP request was created."
},
"updatedAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the VP request was last updated."
}
},
"required": [
"tenant",
"display",
"createdAt",
"updatedAt"
]
}
POST /issuer/config¶
Stores the issuance configuration for this tenant.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"authServers": [
"string"
],
"batchSize": 10.12,
"dPopRequired": true,
"display": [
{
"name": "string",
"locale": "string",
"logo": {
"uri": "string",
"alt_text": "string"
}
}
]
}
Schema of the request body
{
"type": "object",
"properties": {
"authServers": {
"description": "Authentication server URL for the issuance process.",
"type": "array",
"items": {
"type": "string"
}
},
"batchSize": {
"type": "number",
"description": "Value to determine the amount of credentials that are issued in a batch.\nDefault is 1."
},
"dPopRequired": {
"type": "boolean",
"description": "Indicates whether DPoP is required for the issuance process. Default value is true."
},
"display": {
"type": "array",
"items": {
"$ref": "#/components/schemas/DisplayInfo"
}
}
},
"required": [
"display"
]
}
Response 201 Created
GET /issuer/credentials¶
Returns the credential configurations for this tenant.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
[
{
"vct": null,
"embeddedDisclosurePolicy": null,
"id": "string",
"description": "string",
"tenant": null,
"config": {
"format": "string",
"display": [
{
"name": "string",
"description": "string",
"locale": "string",
"background_color": "string",
"text_color": "string",
"background_image": {
"uri": "string"
},
"logo": null
}
],
"scope": "string",
"docType": "string",
"namespace": "string",
"claimsByNamespace": {}
},
"claims": {},
"claimsWebhook": null,
"notificationWebhook": null,
"disclosureFrame": {},
"keyBinding": true,
"certId": "string",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": "string",
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"statusManagement": true,
"lifeTime": 10.12,
"schema": null
}
]
POST /issuer/credentials¶
Stores the credential configuration for this tenant.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"vct": null,
"embeddedDisclosurePolicy": null,
"id": "string",
"description": "string",
"config": {
"format": "string",
"display": [
{
"name": "string",
"description": "string",
"locale": "string",
"background_color": "string",
"text_color": "string",
"background_image": {
"uri": "string"
},
"logo": null
}
],
"scope": "string",
"docType": "string",
"namespace": "string",
"claimsByNamespace": {}
},
"claims": {},
"claimsWebhook": null,
"notificationWebhook": null,
"disclosureFrame": {},
"keyBinding": true,
"certId": "string",
"statusManagement": true,
"lifeTime": 10.12,
"schema": null
}
Schema of the request body
{
"type": "object",
"properties": {
"vct": {
"description": "VCT as a URI string (e.g., urn:eudi:pid:de:1) or as an object for EUDIPLO-hosted VCT",
"nullable": true,
"oneOf": [
{
"type": "string",
"description": "VCT URI string"
},
{
"$ref": "#/components/schemas/VCT"
}
]
},
"embeddedDisclosurePolicy": {
"nullable": true,
"description": "Embedded disclosure policy (discriminated union by `policy`).\nThe discriminator makes class-transformer instantiate the right subclass,\nand then class-validator runs that subclass’s rules.",
"oneOf": [
{
"$ref": "#/components/schemas/AttestationBasedPolicy"
},
{
"$ref": "#/components/schemas/NoneTrustPolicy"
},
{
"$ref": "#/components/schemas/AllowListPolicy"
},
{
"$ref": "#/components/schemas/RootOfTrustPolicy"
}
],
"allOf": [
{
"$ref": "#/components/schemas/EmbeddedDisclosurePolicy"
}
]
},
"id": {
"type": "string"
},
"description": {
"type": "string",
"nullable": true
},
"config": {
"$ref": "#/components/schemas/IssuerMetadataCredentialConfig"
},
"claims": {
"type": "object",
"nullable": true
},
"claimsWebhook": {
"nullable": true,
"description": "Webhook to receive claims for the issuance process.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"notificationWebhook": {
"nullable": true,
"description": "Webhook to receive claims for the issuance process.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"disclosureFrame": {
"type": "object",
"nullable": true
},
"keyBinding": {
"type": "boolean"
},
"certId": {
"type": "string",
"description": "Reference to the certificate used for signing.\nNote: No DB-level FK constraint because CertEntity has a composite PK\n(id + tenantId) and SET NULL behavior cannot work when tenantId is\npart of this entity's own PK."
},
"statusManagement": {
"type": "boolean"
},
"lifeTime": {
"type": "number"
},
"schema": {
"nullable": true,
"allOf": [
{
"$ref": "#/components/schemas/SchemaResponse"
}
]
}
},
"required": [
"id",
"config"
]
}
Response 201 Created
GET /issuer/credentials/{id}¶
Returns a specific credential configuration by ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
{
"vct": null,
"embeddedDisclosurePolicy": null,
"id": "string",
"description": "string",
"tenant": null,
"config": {
"format": "string",
"display": [
{
"name": "string",
"description": "string",
"locale": "string",
"background_color": "string",
"text_color": "string",
"background_image": {
"uri": "string"
},
"logo": null
}
],
"scope": "string",
"docType": "string",
"namespace": "string",
"claimsByNamespace": {}
},
"claims": {},
"claimsWebhook": null,
"notificationWebhook": null,
"disclosureFrame": {},
"keyBinding": true,
"certId": "string",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": "string",
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"statusManagement": true,
"lifeTime": 10.12,
"schema": null
}
Schema of the response body
{
"type": "object",
"properties": {
"vct": {
"description": "VCT as a URI string (e.g., urn:eudi:pid:de:1) or as an object for EUDIPLO-hosted VCT",
"nullable": true,
"oneOf": [
{
"type": "string",
"description": "VCT URI string"
},
{
"$ref": "#/components/schemas/VCT"
}
]
},
"embeddedDisclosurePolicy": {
"nullable": true,
"description": "Embedded disclosure policy (discriminated union by `policy`).\nThe discriminator makes class-transformer instantiate the right subclass,\nand then class-validator runs that subclass’s rules.",
"oneOf": [
{
"$ref": "#/components/schemas/AttestationBasedPolicy"
},
{
"$ref": "#/components/schemas/NoneTrustPolicy"
},
{
"$ref": "#/components/schemas/AllowListPolicy"
},
{
"$ref": "#/components/schemas/RootOfTrustPolicy"
}
],
"allOf": [
{
"$ref": "#/components/schemas/EmbeddedDisclosurePolicy"
}
]
},
"id": {
"type": "string"
},
"description": {
"type": "string",
"nullable": true
},
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"config": {
"$ref": "#/components/schemas/IssuerMetadataCredentialConfig"
},
"claims": {
"type": "object",
"nullable": true
},
"claimsWebhook": {
"nullable": true,
"description": "Webhook to receive claims for the issuance process.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"notificationWebhook": {
"nullable": true,
"description": "Webhook to receive claims for the issuance process.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"disclosureFrame": {
"type": "object",
"nullable": true
},
"keyBinding": {
"type": "boolean"
},
"certId": {
"type": "string",
"description": "Reference to the certificate used for signing.\nNote: No DB-level FK constraint because CertEntity has a composite PK\n(id + tenantId) and SET NULL behavior cannot work when tenantId is\npart of this entity's own PK."
},
"cert": {
"$ref": "#/components/schemas/CertEntity"
},
"statusManagement": {
"type": "boolean"
},
"lifeTime": {
"type": "number"
},
"schema": {
"nullable": true,
"allOf": [
{
"$ref": "#/components/schemas/SchemaResponse"
}
]
}
},
"required": [
"id",
"tenant",
"config"
]
}
PATCH /issuer/credentials/{id}¶
Updates a credential configuration by ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Request body
{
"vct": null,
"embeddedDisclosurePolicy": null,
"id": "string",
"description": "string",
"config": {
"format": "string",
"display": [
{
"name": "string",
"description": "string",
"locale": "string",
"background_color": "string",
"text_color": "string",
"background_image": {
"uri": "string"
},
"logo": null
}
],
"scope": "string",
"docType": "string",
"namespace": "string",
"claimsByNamespace": {}
},
"claims": {},
"claimsWebhook": null,
"notificationWebhook": null,
"disclosureFrame": {},
"keyBinding": true,
"certId": "string",
"statusManagement": true,
"lifeTime": 10.12,
"schema": null
}
Schema of the request body
{
"type": "object",
"properties": {
"vct": {
"description": "VCT as a URI string (e.g., urn:eudi:pid:de:1) or as an object for EUDIPLO-hosted VCT",
"nullable": true,
"oneOf": [
{
"type": "string",
"description": "VCT URI string"
},
{
"$ref": "#/components/schemas/VCT"
}
]
},
"embeddedDisclosurePolicy": {
"nullable": true,
"description": "Embedded disclosure policy (discriminated union by `policy`).\nThe discriminator makes class-transformer instantiate the right subclass,\nand then class-validator runs that subclass’s rules.",
"oneOf": [
{
"$ref": "#/components/schemas/AttestationBasedPolicy"
},
{
"$ref": "#/components/schemas/NoneTrustPolicy"
},
{
"$ref": "#/components/schemas/AllowListPolicy"
},
{
"$ref": "#/components/schemas/RootOfTrustPolicy"
}
],
"allOf": [
{
"$ref": "#/components/schemas/EmbeddedDisclosurePolicy"
}
]
},
"id": {
"type": "string"
},
"description": {
"type": "string",
"nullable": true
},
"config": {
"$ref": "#/components/schemas/IssuerMetadataCredentialConfig"
},
"claims": {
"type": "object",
"nullable": true
},
"claimsWebhook": {
"nullable": true,
"description": "Webhook to receive claims for the issuance process.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"notificationWebhook": {
"nullable": true,
"description": "Webhook to receive claims for the issuance process.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"disclosureFrame": {
"type": "object",
"nullable": true
},
"keyBinding": {
"type": "boolean"
},
"certId": {
"type": "string",
"description": "Reference to the certificate used for signing.\nNote: No DB-level FK constraint because CertEntity has a composite PK\n(id + tenantId) and SET NULL behavior cannot work when tenantId is\npart of this entity's own PK."
},
"statusManagement": {
"type": "boolean"
},
"lifeTime": {
"type": "number"
},
"schema": {
"nullable": true,
"allOf": [
{
"$ref": "#/components/schemas/SchemaResponse"
}
]
}
}
}
Response 200 OK
DELETE /issuer/credentials/{id}¶
Deletes an credential configuration.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
POST /issuer/offer¶
Create an offer for a credential.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"response_type": "qrcode",
"credentialConfigurationIds": [
"pid"
],
"flow": "pre_authorized_code"
}
Schema of the request body
{
"type": "object",
"properties": {
"response_type": {
"enum": [
"qrcode",
"uri",
"dc-api"
],
"type": "string",
"examples": [
{
"value": "qrcode"
}
],
"description": "The type of response expected for the offer request."
},
"credentialClaims": {
"type": "object",
"description": "Credential claims configuration per credential. Keys must match credentialConfigurationIds.",
"properties": {
"additionalProperties": {
"oneOf": [
{
"type": "object",
"properties": {
"type": {
"type": "string",
"enum": [
"inline"
]
},
"claims": {
"type": "object",
"additionalProperties": true
}
},
"required": [
"type",
"claims"
]
},
{
"type": "object",
"properties": {
"type": {
"type": "string",
"enum": [
"webhook"
]
},
"webhook": {
"type": "object"
}
},
"required": [
"type",
"webhook"
]
}
]
}
},
"example": {
"citizen": {
"type": "inline",
"claims": {
"given_name": "John",
"family_name": "Doe"
}
}
}
},
"flow": {
"description": "The flow type for the offer request.",
"enum": [
"authorization_code",
"pre_authorized_code"
],
"type": "string"
},
"tx_code": {
"type": "string",
"description": "Transaction code for pre-authorized code flow."
},
"credentialConfigurationIds": {
"description": "List of credential configuration ids to be included in the offer.",
"type": "array",
"items": {
"type": "string"
}
},
"notifyWebhook": {
"description": "Webhook to notify about the status of the issuance process.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
}
},
"required": [
"response_type",
"flow",
"credentialConfigurationIds"
]
}
Response 201 Created
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
POST /trust-list¶
Creates a new trust list for the tenant
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"certId": {
"type": "string"
},
"entities": {
"type": "array",
"items": {
"type": "object"
}
},
"description": {
"type": "string"
},
"data": {
"type": "object",
"description": "The full trust list JSON (generated LoTE structure)"
}
},
"required": [
"entities"
]
}
Response 201 Created
{
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"certId": "string",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": "string",
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"data": {},
"entityConfig": [
{}
],
"sequenceNumber": 10.12,
"jwt": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the trust list"
},
"description": {
"type": "string"
},
"tenantId": {
"type": "string",
"description": "The tenant ID for which the VP request is made."
},
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"certId": {
"type": "string"
},
"cert": {
"$ref": "#/components/schemas/CertEntity"
},
"data": {
"type": "object",
"description": "The full trust list JSON (generated LoTE structure)"
},
"entityConfig": {
"description": "The original entity configuration used to create this trust list.\nStored for round-tripping when editing.",
"type": "array",
"items": {
"type": "object"
}
},
"sequenceNumber": {
"type": "number",
"description": "The sequence number for versioning (incremented on updates)"
},
"jwt": {
"type": "string",
"description": "The signed JWT representation of this trust list"
},
"createdAt": {
"format": "date-time",
"type": "string"
},
"updatedAt": {
"format": "date-time",
"type": "string"
}
},
"required": [
"id",
"tenantId",
"tenant",
"certId",
"cert",
"sequenceNumber",
"jwt",
"createdAt",
"updatedAt"
]
}
GET /trust-list¶
Returns all trust lists for the tenant
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
[
{
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"certId": "string",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": "string",
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"data": {},
"entityConfig": [
{}
],
"sequenceNumber": 10.12,
"jwt": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
]
GET /trust-list/{id}¶
Returns the trust list by id for the tenant
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
{
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"certId": "string",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": "string",
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"data": {},
"entityConfig": [
{}
],
"sequenceNumber": 10.12,
"jwt": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the trust list"
},
"description": {
"type": "string"
},
"tenantId": {
"type": "string",
"description": "The tenant ID for which the VP request is made."
},
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"certId": {
"type": "string"
},
"cert": {
"$ref": "#/components/schemas/CertEntity"
},
"data": {
"type": "object",
"description": "The full trust list JSON (generated LoTE structure)"
},
"entityConfig": {
"description": "The original entity configuration used to create this trust list.\nStored for round-tripping when editing.",
"type": "array",
"items": {
"type": "object"
}
},
"sequenceNumber": {
"type": "number",
"description": "The sequence number for versioning (incremented on updates)"
},
"jwt": {
"type": "string",
"description": "The signed JWT representation of this trust list"
},
"createdAt": {
"format": "date-time",
"type": "string"
},
"updatedAt": {
"format": "date-time",
"type": "string"
}
},
"required": [
"id",
"tenantId",
"tenant",
"certId",
"cert",
"sequenceNumber",
"jwt",
"createdAt",
"updatedAt"
]
}
PUT /trust-list/{id}¶
Updates a trust list with new entities Creates a new version for audit and regenerates the JWT
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"certId": {
"type": "string"
},
"entities": {
"type": "array",
"items": {
"type": "object"
}
},
"description": {
"type": "string"
},
"data": {
"type": "object",
"description": "The full trust list JSON (generated LoTE structure)"
}
},
"required": [
"entities"
]
}
Response 200 OK
{
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"certId": "string",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": "string",
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"data": {},
"entityConfig": [
{}
],
"sequenceNumber": 10.12,
"jwt": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the trust list"
},
"description": {
"type": "string"
},
"tenantId": {
"type": "string",
"description": "The tenant ID for which the VP request is made."
},
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"certId": {
"type": "string"
},
"cert": {
"$ref": "#/components/schemas/CertEntity"
},
"data": {
"type": "object",
"description": "The full trust list JSON (generated LoTE structure)"
},
"entityConfig": {
"description": "The original entity configuration used to create this trust list.\nStored for round-tripping when editing.",
"type": "array",
"items": {
"type": "object"
}
},
"sequenceNumber": {
"type": "number",
"description": "The sequence number for versioning (incremented on updates)"
},
"jwt": {
"type": "string",
"description": "The signed JWT representation of this trust list"
},
"createdAt": {
"format": "date-time",
"type": "string"
},
"updatedAt": {
"format": "date-time",
"type": "string"
}
},
"required": [
"id",
"tenantId",
"tenant",
"certId",
"cert",
"sequenceNumber",
"jwt",
"createdAt",
"updatedAt"
]
}
DELETE /trust-list/{id}¶
Deletes a trust list
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
GET /trust-list/{id}/export¶
Exports the trust list in LoTE format
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"certId": {
"type": "string"
},
"entities": {
"type": "array",
"items": {
"type": "object"
}
},
"description": {
"type": "string"
},
"data": {
"type": "object",
"description": "The full trust list JSON (generated LoTE structure)"
}
},
"required": [
"entities"
]
}
GET /trust-list/{id}/versions¶
Returns the version history for a trust list
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
[
{
"id": "string",
"trustListId": "string",
"trustList": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"certId": "string",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": "string",
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"data": {},
"entityConfig": [
{}
],
"sequenceNumber": 10.12,
"jwt": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"tenantId": "string",
"sequenceNumber": 10.12,
"data": {},
"entityConfig": {},
"jwt": "string",
"createdAt": "2022-04-13T15:42:05.901Z"
}
]
GET /trust-list/{id}/versions/{versionId}¶
Returns a specific version of a trust list
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No | ||
versionId |
path | string | No |
Response 200 OK
{
"id": "string",
"trustListId": "string",
"trustList": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"certId": "string",
"cert": {
"keyId": "039af178-3ca0-48f4-a2e4-7b1209f30376",
"id": "string",
"tenantId": "string",
"tenant": null,
"crt": "string",
"usages": [
{
"tenantId": "string",
"certId": "string",
"usage": "access",
"cert": null
}
],
"description": "string",
"key": {
"id": "string",
"description": "string",
"tenantId": "string",
"tenant": null,
"key": {},
"usage": {},
"certificates": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"data": {},
"entityConfig": [
{}
],
"sequenceNumber": 10.12,
"jwt": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z"
},
"tenantId": "string",
"sequenceNumber": 10.12,
"data": {},
"entityConfig": {},
"jwt": "string",
"createdAt": "2022-04-13T15:42:05.901Z"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"trustListId": {
"type": "string"
},
"trustList": {
"$ref": "#/components/schemas/TrustList"
},
"tenantId": {
"type": "string"
},
"sequenceNumber": {
"type": "number",
"description": "The sequence number at the time this version was created"
},
"data": {
"type": "object",
"description": "The full trust list JSON at this version"
},
"entityConfig": {
"type": "object",
"description": "The entity configuration at this version"
},
"jwt": {
"type": "string",
"description": "The signed JWT at this version"
},
"createdAt": {
"format": "date-time",
"type": "string"
}
},
"required": [
"id",
"trustListId",
"trustList",
"tenantId",
"sequenceNumber",
"data",
"jwt",
"createdAt"
]
}
GET /{tenantId}/trust-list/{id}¶
Returns the JWT of the trust list
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
id |
path | string | No | ||
tenantId |
path | string | No |
Response 200 OK
Registrar¶
GET /registrar/config¶
Get registrar configuration
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
{
"registrarUrl": "https://sandbox.eudi-wallet.org/api",
"oidcUrl": "https://auth.example.com/realms/my-realm",
"clientId": "registrar-client",
"clientSecret": "string",
"username": "admin@example.com",
"password": "string",
"tenantId": "string",
"tenant": null
}
Schema of the response body
{
"type": "object",
"properties": {
"registrarUrl": {
"type": "string",
"description": "The base URL of the registrar API",
"format": "uri",
"example": "https://sandbox.eudi-wallet.org/api"
},
"oidcUrl": {
"type": "string",
"description": "The OIDC issuer URL for authentication (e.g., Keycloak realm URL)",
"format": "uri",
"example": "https://auth.example.com/realms/my-realm"
},
"clientId": {
"type": "string",
"description": "The OIDC client ID for the registrar",
"example": "registrar-client"
},
"clientSecret": {
"type": "string",
"description": "The OIDC client secret (optional, for confidential clients)"
},
"username": {
"type": "string",
"description": "The username for OIDC login",
"example": "admin@example.com"
},
"password": {
"type": "string",
"description": "The password for OIDC login (stored in plaintext)"
},
"tenantId": {
"type": "string",
"description": "The tenant ID this configuration belongs to."
},
"tenant": {
"description": "The tenant that owns this configuration.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
}
},
"required": [
"registrarUrl",
"oidcUrl",
"clientId",
"username",
"password",
"tenantId",
"tenant"
]
}
Response 404 Not Found
POST /registrar/config¶
Create or replace registrar configuration
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"registrarUrl": "https://sandbox.eudi-wallet.org/api",
"oidcUrl": "https://auth.example.com/realms/my-realm",
"clientId": "registrar-client",
"clientSecret": "string",
"username": "admin@example.com",
"password": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"registrarUrl": {
"type": "string",
"description": "The base URL of the registrar API",
"format": "uri",
"example": "https://sandbox.eudi-wallet.org/api"
},
"oidcUrl": {
"type": "string",
"description": "The OIDC issuer URL for authentication (e.g., Keycloak realm URL)",
"format": "uri",
"example": "https://auth.example.com/realms/my-realm"
},
"clientId": {
"type": "string",
"description": "The OIDC client ID for the registrar",
"example": "registrar-client"
},
"clientSecret": {
"type": "string",
"description": "The OIDC client secret (optional, for confidential clients)"
},
"username": {
"type": "string",
"description": "The username for OIDC login",
"example": "admin@example.com"
},
"password": {
"type": "string",
"description": "The password for OIDC login (stored in plaintext)"
}
},
"required": [
"registrarUrl",
"oidcUrl",
"clientId",
"username",
"password"
]
}
Response 201 Created
{
"registrarUrl": "https://sandbox.eudi-wallet.org/api",
"oidcUrl": "https://auth.example.com/realms/my-realm",
"clientId": "registrar-client",
"clientSecret": "string",
"username": "admin@example.com",
"password": "string",
"tenantId": "string",
"tenant": null
}
Schema of the response body
{
"type": "object",
"properties": {
"registrarUrl": {
"type": "string",
"description": "The base URL of the registrar API",
"format": "uri",
"example": "https://sandbox.eudi-wallet.org/api"
},
"oidcUrl": {
"type": "string",
"description": "The OIDC issuer URL for authentication (e.g., Keycloak realm URL)",
"format": "uri",
"example": "https://auth.example.com/realms/my-realm"
},
"clientId": {
"type": "string",
"description": "The OIDC client ID for the registrar",
"example": "registrar-client"
},
"clientSecret": {
"type": "string",
"description": "The OIDC client secret (optional, for confidential clients)"
},
"username": {
"type": "string",
"description": "The username for OIDC login",
"example": "admin@example.com"
},
"password": {
"type": "string",
"description": "The password for OIDC login (stored in plaintext)"
},
"tenantId": {
"type": "string",
"description": "The tenant ID this configuration belongs to."
},
"tenant": {
"description": "The tenant that owns this configuration.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
}
},
"required": [
"registrarUrl",
"oidcUrl",
"clientId",
"username",
"password",
"tenantId",
"tenant"
]
}
Response 400 Bad Request
PATCH /registrar/config¶
Update registrar configuration
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"registrarUrl": "https://sandbox.eudi-wallet.org/api",
"oidcUrl": "https://auth.example.com/realms/my-realm",
"clientId": "registrar-client",
"clientSecret": "string",
"username": "admin@example.com",
"password": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"registrarUrl": {
"type": "string",
"description": "The base URL of the registrar API",
"format": "uri",
"example": "https://sandbox.eudi-wallet.org/api"
},
"oidcUrl": {
"type": "string",
"description": "The OIDC issuer URL for authentication (e.g., Keycloak realm URL)",
"format": "uri",
"example": "https://auth.example.com/realms/my-realm"
},
"clientId": {
"type": "string",
"description": "The OIDC client ID for the registrar",
"example": "registrar-client"
},
"clientSecret": {
"type": "string",
"description": "The OIDC client secret (optional, for confidential clients)"
},
"username": {
"type": "string",
"description": "The username for OIDC login",
"example": "admin@example.com"
},
"password": {
"type": "string",
"description": "The password for OIDC login (stored in plaintext)"
}
}
}
Response 200 OK
{
"registrarUrl": "https://sandbox.eudi-wallet.org/api",
"oidcUrl": "https://auth.example.com/realms/my-realm",
"clientId": "registrar-client",
"clientSecret": "string",
"username": "admin@example.com",
"password": "string",
"tenantId": "string",
"tenant": null
}
Schema of the response body
{
"type": "object",
"properties": {
"registrarUrl": {
"type": "string",
"description": "The base URL of the registrar API",
"format": "uri",
"example": "https://sandbox.eudi-wallet.org/api"
},
"oidcUrl": {
"type": "string",
"description": "The OIDC issuer URL for authentication (e.g., Keycloak realm URL)",
"format": "uri",
"example": "https://auth.example.com/realms/my-realm"
},
"clientId": {
"type": "string",
"description": "The OIDC client ID for the registrar",
"example": "registrar-client"
},
"clientSecret": {
"type": "string",
"description": "The OIDC client secret (optional, for confidential clients)"
},
"username": {
"type": "string",
"description": "The username for OIDC login",
"example": "admin@example.com"
},
"password": {
"type": "string",
"description": "The password for OIDC login (stored in plaintext)"
},
"tenantId": {
"type": "string",
"description": "The tenant ID this configuration belongs to."
},
"tenant": {
"description": "The tenant that owns this configuration.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
}
},
"required": [
"registrarUrl",
"oidcUrl",
"clientId",
"username",
"password",
"tenantId",
"tenant"
]
}
Response 400 Bad Request
Response 404 Not Found
DELETE /registrar/config¶
Delete registrar configuration
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 204 No Content
POST /registrar/access-certificate¶
Create an access certificate for a key
Description
Creates an access certificate at the registrar for the specified key. Requires a relying party to be already registered at the registrar. The certificate is automatically stored in EUDIPLO.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Response 201 Created
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Response 400 Bad Request
Response 404 Not Found
Verifier¶
GET /verifier/config¶
Returns the presentation request configurations.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Response 200 OK
[
{
"id": "string",
"tenant": null,
"description": "string",
"lifeTime": 10.12,
"dcql_query": null,
"registrationCert": null,
"webhook": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z",
"attached": [
{
"format": "string",
"data": {},
"credential_ids": [
"string"
]
}
],
"redirectUri": "https://example.com/callback?session={sessionId}",
"accessCertId": "string"
}
]
POST /verifier/config¶
Store a presentation request configuration. If it already exists, it will be updated.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
{
"id": "string",
"description": "string",
"lifeTime": 10.12,
"dcql_query": null,
"registrationCert": null,
"webhook": null,
"attached": [
{
"format": "string",
"data": {},
"credential_ids": [
"string"
]
}
],
"redirectUri": "https://example.com/callback?session={sessionId}",
"accessCertId": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the VP request."
},
"description": {
"type": "string",
"nullable": true,
"description": "Description of the presentation configuration."
},
"lifeTime": {
"type": "number",
"description": "Lifetime how long the presentation request is valid after creation, in seconds."
},
"dcql_query": {
"description": "The DCQL query to be used for the VP request.",
"allOf": [
{
"$ref": "#/components/schemas/DCQL"
}
]
},
"registrationCert": {
"nullable": true,
"description": "The registration certificate request containing the necessary details.",
"allOf": [
{
"$ref": "#/components/schemas/RegistrationCertificateRequest"
}
]
},
"webhook": {
"nullable": true,
"description": "Optional webhook URL to receive the response.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"attached": {
"nullable": true,
"description": "Attestation that should be attached",
"type": "array",
"items": {
"$ref": "#/components/schemas/PresentationAttachment"
}
},
"redirectUri": {
"type": "string",
"nullable": true,
"description": "Redirect URI to which the user-agent should be redirected after the presentation is completed.\nYou can use the `{sessionId}` placeholder in the URI, which will be replaced with the actual session ID.",
"example": "https://example.com/callback?session={sessionId}"
},
"accessCertId": {
"type": "string",
"nullable": true,
"description": "Optional ID of the access certificate to use for signing the presentation request.\nIf not provided, the default access certificate for the tenant will be used.\n\nNote: This is intentionally NOT a TypeORM relationship because CertEntity uses\na composite primary key (id + tenantId), and SQLite cannot create foreign keys\nthat reference only part of a composite primary key. The relationship is handled\nat the application level in the service layer."
}
},
"required": [
"id",
"dcql_query"
]
}
Response 201 Created
GET /verifier/config/{id}¶
Get a presentation request configuration by its ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
{
"id": "string",
"tenant": null,
"description": "string",
"lifeTime": 10.12,
"dcql_query": null,
"registrationCert": null,
"webhook": null,
"createdAt": "2022-04-13T15:42:05.901Z",
"updatedAt": "2022-04-13T15:42:05.901Z",
"attached": [
{
"format": "string",
"data": {},
"credential_ids": [
"string"
]
}
],
"redirectUri": "https://example.com/callback?session={sessionId}",
"accessCertId": "string"
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the VP request."
},
"tenant": {
"description": "The tenant that owns this object.",
"allOf": [
{
"$ref": "#/components/schemas/TenantEntity"
}
]
},
"description": {
"type": "string",
"nullable": true,
"description": "Description of the presentation configuration."
},
"lifeTime": {
"type": "number",
"description": "Lifetime how long the presentation request is valid after creation, in seconds."
},
"dcql_query": {
"description": "The DCQL query to be used for the VP request.",
"allOf": [
{
"$ref": "#/components/schemas/DCQL"
}
]
},
"registrationCert": {
"nullable": true,
"description": "The registration certificate request containing the necessary details.",
"allOf": [
{
"$ref": "#/components/schemas/RegistrationCertificateRequest"
}
]
},
"webhook": {
"nullable": true,
"description": "Optional webhook URL to receive the response.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"createdAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the VP request was created."
},
"updatedAt": {
"format": "date-time",
"type": "string",
"description": "The timestamp when the VP request was last updated."
},
"attached": {
"nullable": true,
"description": "Attestation that should be attached",
"type": "array",
"items": {
"$ref": "#/components/schemas/PresentationAttachment"
}
},
"redirectUri": {
"type": "string",
"nullable": true,
"description": "Redirect URI to which the user-agent should be redirected after the presentation is completed.\nYou can use the `{sessionId}` placeholder in the URI, which will be replaced with the actual session ID.",
"example": "https://example.com/callback?session={sessionId}"
},
"accessCertId": {
"type": "string",
"nullable": true,
"description": "Optional ID of the access certificate to use for signing the presentation request.\nIf not provided, the default access certificate for the tenant will be used.\n\nNote: This is intentionally NOT a TypeORM relationship because CertEntity uses\na composite primary key (id + tenantId), and SQLite cannot create foreign keys\nthat reference only part of a composite primary key. The relationship is handled\nat the application level in the service layer."
}
},
"required": [
"id",
"tenant",
"dcql_query",
"createdAt",
"updatedAt"
]
}
PATCH /verifier/config/{id}¶
Update a presentation request configuration by its ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Request body
{
"id": "string",
"description": "string",
"lifeTime": 10.12,
"dcql_query": null,
"registrationCert": null,
"webhook": null,
"attached": [
{
"format": "string",
"data": {},
"credential_ids": [
"string"
]
}
],
"redirectUri": "https://example.com/callback?session={sessionId}",
"accessCertId": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the VP request."
},
"description": {
"type": "string",
"nullable": true,
"description": "Description of the presentation configuration."
},
"lifeTime": {
"type": "number",
"description": "Lifetime how long the presentation request is valid after creation, in seconds."
},
"dcql_query": {
"description": "The DCQL query to be used for the VP request.",
"allOf": [
{
"$ref": "#/components/schemas/DCQL"
}
]
},
"registrationCert": {
"nullable": true,
"description": "The registration certificate request containing the necessary details.",
"allOf": [
{
"$ref": "#/components/schemas/RegistrationCertificateRequest"
}
]
},
"webhook": {
"nullable": true,
"description": "Optional webhook URL to receive the response.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"attached": {
"nullable": true,
"description": "Attestation that should be attached",
"type": "array",
"items": {
"$ref": "#/components/schemas/PresentationAttachment"
}
},
"redirectUri": {
"type": "string",
"nullable": true,
"description": "Redirect URI to which the user-agent should be redirected after the presentation is completed.\nYou can use the `{sessionId}` placeholder in the URI, which will be replaced with the actual session ID.",
"example": "https://example.com/callback?session={sessionId}"
},
"accessCertId": {
"type": "string",
"nullable": true,
"description": "Optional ID of the access certificate to use for signing the presentation request.\nIf not provided, the default access certificate for the tenant will be used.\n\nNote: This is intentionally NOT a TypeORM relationship because CertEntity uses\na composite primary key (id + tenantId), and SQLite cannot create foreign keys\nthat reference only part of a composite primary key. The relationship is handled\nat the application level in the service layer."
}
}
}
Response 200 OK
DELETE /verifier/config/{id}¶
Deletes a presentation request configuration by its ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No | |
id |
path | string | No |
Response 200 OK
POST /verifier/offer¶
Create an presentation request that can be sent to the user
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
Schema of the request body
{
"type": "object",
"properties": {
"response_type": {
"type": "string",
"description": "The type of response expected from the presentation request.",
"enum": [
"qrcode",
"uri",
"dc-api"
]
},
"requestId": {
"type": "string",
"description": "Identifier of the presentation configuration"
},
"webhook": {
"description": "Webhook configuration to receive the response.\nIf not provided, the configured webhook from the configuration will be used.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
},
"redirectUri": {
"type": "string",
"description": "Optional redirect URI to which the user-agent should be redirected after the presentation is completed.\nYou can use the `{sessionId}` placeholder in the URI, which will be replaced with the actual session ID.",
"example": "https://example.com/callback?session={sessionId}"
}
},
"required": [
"response_type",
"requestId"
]
}
Response 201 Created
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Storage¶
POST /storage¶
Upload files that belong to a tenant like images
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
oauth2 |
header | string | N/A | No |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Response 201 Created
GET /storage/{key}¶
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
key |
path | string | No |
Response 200 OK
Schemas¶
AllowListPolicy¶
| Name | Type |
|---|---|
policy |
string |
values |
Array<string> |
ApiKeyConfig¶
| Name | Type |
|---|---|
headerName |
string |
value |
string |
AttestationBasedPolicy¶
| Name | Type |
|---|---|
policy |
string |
values |
Array<PolicyCredential> |
AuthenticationMethodAuth¶
| Name | Type |
|---|---|
config |
AuthenticationUrlConfig |
method |
string |
AuthenticationMethodNone¶
| Name | Type |
|---|---|
method |
string |
AuthenticationMethodPresentation¶
| Name | Type |
|---|---|
config |
PresentationDuringIssuanceConfig |
method |
string |
AuthenticationUrlConfig¶
| Name | Type |
|---|---|
url |
string |
webhook |
AuthorizeQueries¶
| Name | Type |
|---|---|
auth_session |
string |
client_id |
string |
code_challenge |
string |
code_challenge_method |
string |
dpop_jkt |
string |
issuer_state |
string |
redirect_uri |
string |
request_uri |
string |
resource |
string |
response_type |
string |
scope |
string |
state |
string |
CertEntity¶
| Name | Type |
|---|---|
createdAt |
string(date-time) |
crt |
string |
description |
string |
id |
string |
key |
KeyEntity |
keyId |
string |
tenant |
|
tenantId |
string |
updatedAt |
string(date-time) |
usages |
Array<CertUsageEntity> |
CertImportDto¶
| Name | Type |
|---|---|
certUsageTypes |
Array<string> |
crt |
string |
description |
string |
id |
string |
keyId |
string |
subjectName |
string |
CertResponseDto¶
| Name | Type |
|---|---|
id |
string |
CertUpdateDto¶
| Name | Type |
|---|---|
certUsageTypes |
Array<string> |
description |
string |
usages |
Array<CertUsageEntity> |
CertUsageEntity¶
| Name | Type |
|---|---|
cert |
CertEntity |
certId |
string |
tenantId |
string |
usage |
string |
Claim¶
| Name | Type |
|---|---|
path |
Array<string> |
ClaimsQuery¶
| Name | Type |
|---|---|
id |
string |
path |
Array<string> |
values |
Array<> |
ClientEntity¶
| Name | Type |
|---|---|
clientId |
string |
description |
string |
roles |
Array<string> |
secret |
string |
tenant |
|
tenantId |
string |
ClientSecretResponseDto¶
| Name | Type |
|---|---|
secret |
string |
CreateAccessCertificateDto¶
| Name | Type |
|---|---|
keyId |
string |
CreateClientDto¶
| Name | Type |
|---|---|
clientId |
string |
description |
string |
roles |
Array<string> |
secret |
string |
CreateRegistrarConfigDto¶
| Name | Type |
|---|---|
clientId |
string |
clientSecret |
string |
oidcUrl |
string(uri) |
password |
string |
registrarUrl |
string(uri) |
username |
string |
CreateStatusListDto¶
| Name | Type |
|---|---|
bits |
number |
capacity |
number |
certId |
string |
credentialConfigurationId |
string |
CreateTenantDto¶
| Name | Type |
|---|---|
description |
string |
id |
string |
name |
string |
roles |
Array<string> |
sessionConfig |
|
statusListConfig |
CredentialConfig¶
| Name | Type |
|---|---|
cert |
CertEntity |
certId |
string |
claims |
|
claimsWebhook |
|
config |
IssuerMetadataCredentialConfig |
description |
string| null |
disclosureFrame |
|
embeddedDisclosurePolicy |
|
id |
string |
keyBinding |
boolean |
lifeTime |
number |
notificationWebhook |
|
schema |
|
statusManagement |
boolean |
tenant |
|
vct |
CredentialConfigCreate¶
| Name | Type |
|---|---|
certId |
string |
claims |
|
claimsWebhook |
|
config |
IssuerMetadataCredentialConfig |
description |
string| null |
disclosureFrame |
|
embeddedDisclosurePolicy |
|
id |
string |
keyBinding |
boolean |
lifeTime |
number |
notificationWebhook |
|
schema |
|
statusManagement |
boolean |
vct |
CredentialConfigUpdate¶
| Name | Type |
|---|---|
certId |
string |
claims |
|
claimsWebhook |
|
config |
IssuerMetadataCredentialConfig |
description |
string| null |
disclosureFrame |
|
embeddedDisclosurePolicy |
|
id |
string |
keyBinding |
boolean |
lifeTime |
number |
notificationWebhook |
|
schema |
|
statusManagement |
boolean |
vct |
CredentialQuery¶
| Name | Type |
|---|---|
claims |
Array<Claim> |
format |
string |
id |
string |
meta |
|
multiple |
boolean |
trusted_authorities |
Array<TrustedAuthorityQuery> |
CredentialSetQuery¶
| Name | Type |
|---|---|
options |
Array<Array<string>> |
required |
boolean |
DCQL¶
| Name | Type |
|---|---|
credential_sets |
Array<CredentialSetQuery> |
credentials |
Array<CredentialQuery> |
Display¶
| Name | Type |
|---|---|
background_color |
string |
background_image |
DisplayImage |
description |
string |
locale |
string |
logo |
DisplayImage |
name |
string |
text_color |
string |
DisplayImage¶
| Name | Type |
|---|---|
uri |
string |
DisplayInfo¶
| Name | Type |
|---|---|
locale |
string |
logo |
DisplayLogo |
name |
string |
DisplayLogo¶
| Name | Type |
|---|---|
alt_text |
string |
uri |
string |
EmbeddedDisclosurePolicy¶
| Name | Type |
|---|---|
policy |
string |
FileUploadDto¶
| Name | Type |
|---|---|
file |
string(binary) |
ImportTenantDto¶
| Name | Type |
|---|---|
description |
string |
name |
string |
IssuanceConfig¶
| Name | Type |
|---|---|
authServers |
Array<string> |
batchSize |
number |
createdAt |
string(date-time) |
display |
Array<DisplayInfo> |
dPopRequired |
boolean |
tenant |
|
updatedAt |
string(date-time) |
IssuanceDto¶
| Name | Type |
|---|---|
authServers |
Array<string> |
batchSize |
number |
display |
Array<DisplayInfo> |
dPopRequired |
boolean |
IssuerMetadataCredentialConfig¶
| Name | Type |
|---|---|
claimsByNamespace |
|
display |
Array<Display> |
docType |
string |
format |
string |
namespace |
string |
scope |
string |
Key¶
| Name | Type |
|---|---|
alg |
string |
crv |
string |
d |
string |
kty |
string |
x |
string |
y |
string |
KeyEntity¶
| Name | Type |
|---|---|
certificates |
Array<CertEntity> |
createdAt |
string(date-time) |
description |
string |
id |
string |
key |
|
tenant |
|
tenantId |
string |
updatedAt |
string(date-time) |
usage |
KeyImportDto¶
| Name | Type |
|---|---|
description |
string |
id |
string |
key |
NoneTrustPolicy¶
| Name | Type |
|---|---|
policy |
string |
OfferRequestDto¶
| Name | Type |
|---|---|
credentialClaims |
Example: {'citizen': {'type': 'inline', 'claims': {'given_name': 'John', 'family_name': 'Doe'}}} |
credentialConfigurationIds |
Array<string> |
flow |
string |
notifyWebhook |
|
response_type |
string |
tx_code |
string |
OfferResponse¶
| Name | Type |
|---|---|
session |
string |
uri |
string |
PolicyCredential¶
| Name | Type |
|---|---|
claims |
Array<ClaimsQuery> |
credential_sets |
Array<CredentialSetQuery> |
credentials |
Array<CredentialQuery> |
PresentationAttachment¶
| Name | Type |
|---|---|
credential_ids |
Array<string> |
data |
|
format |
string |
PresentationConfig¶
| Name | Type |
|---|---|
accessCertId |
string| null |
attached |
Array<PresentationAttachment> |
createdAt |
string(date-time) |
dcql_query |
|
description |
string| null |
id |
string |
lifeTime |
number |
redirectUri |
string| null |
registrationCert |
|
tenant |
|
updatedAt |
string(date-time) |
webhook |
PresentationConfigCreateDto¶
| Name | Type |
|---|---|
accessCertId |
string| null |
attached |
Array<PresentationAttachment> |
dcql_query |
|
description |
string| null |
id |
string |
lifeTime |
number |
redirectUri |
string| null |
registrationCert |
|
webhook |
PresentationConfigUpdateDto¶
| Name | Type |
|---|---|
accessCertId |
string| null |
attached |
Array<PresentationAttachment> |
dcql_query |
|
description |
string| null |
id |
string |
lifeTime |
number |
redirectUri |
string| null |
registrationCert |
|
webhook |
PresentationDuringIssuanceConfig¶
| Name | Type |
|---|---|
type |
string |
PresentationRequest¶
| Name | Type |
|---|---|
redirectUri |
string |
requestId |
string |
response_type |
string |
webhook |
RegistrarConfigEntity¶
| Name | Type |
|---|---|
clientId |
string |
clientSecret |
string |
oidcUrl |
string(uri) |
password |
string |
registrarUrl |
string(uri) |
tenant |
|
tenantId |
string |
username |
string |
RegistrationCertificateRequest¶
| Name | Type |
|---|---|
jwt |
string |
RootOfTrustPolicy¶
| Name | Type |
|---|---|
policy |
string |
values |
string |
SchemaResponse¶
| Name | Type |
|---|---|
$schema |
string |
description |
string |
properties |
|
required |
Array<string> |
title |
string |
type |
string |
Session¶
| Name | Type |
|---|---|
auth_queries |
|
authorization_code |
string |
clientId |
string |
createdAt |
string(date-time) |
credentialPayload |
|
credentials |
Array<> |
expiresAt |
string(date-time) |
id |
string |
notifications |
Array<> |
notifyWebhook |
|
offer |
|
offerUrl |
string |
parsedWebhook |
|
redirectUri |
string |
request_uri |
string |
requestId |
string |
requestObject |
string |
requestUrl |
string |
responseUri |
string |
status |
string |
tenant |
|
tenantId |
string |
updatedAt |
string(date-time) |
useDcApi |
boolean |
vp_nonce |
string |
SessionStorageConfig¶
| Name | Type |
|---|---|
cleanupMode |
string |
ttlSeconds |
number |
StatusListConfig¶
| Name | Type |
|---|---|
bits |
number |
capacity |
number |
enableAggregation |
boolean |
immediateUpdate |
boolean |
ttl |
number |
StatusListResponseDto¶
| Name | Type |
|---|---|
availableEntries |
number |
bits |
number |
capacity |
number |
certId |
string| null |
createdAt |
string(date-time) |
credentialConfigurationId |
string| null |
expiresAt |
string(date-time)| null |
id |
string |
tenantId |
string |
uri |
string |
usedEntries |
number |
StatusUpdateDto¶
| Name | Type |
|---|---|
credentialConfigurationId |
string |
sessionId |
string |
status |
number |
TenantEntity¶
| Name | Type |
|---|---|
clients |
Array<ClientEntity> |
description |
string |
id |
string |
name |
string |
sessionConfig |
|
status |
string |
statusListConfig |
TrustedAuthorityQuery¶
| Name | Type |
|---|---|
type |
string |
values |
Array<string> |
TrustList¶
| Name | Type |
|---|---|
cert |
CertEntity |
certId |
string |
createdAt |
string(date-time) |
data |
|
description |
string |
entityConfig |
Array<> |
id |
string |
jwt |
string |
sequenceNumber |
number |
tenant |
|
tenantId |
string |
updatedAt |
string(date-time) |
TrustListCreateDto¶
| Name | Type |
|---|---|
certId |
string |
data |
|
description |
string |
entities |
Array<> |
id |
string |
TrustListVersion¶
| Name | Type |
|---|---|
createdAt |
string(date-time) |
data |
|
entityConfig |
|
id |
string |
jwt |
string |
sequenceNumber |
number |
tenantId |
string |
trustList |
TrustList |
trustListId |
string |
UpdateClientDto¶
| Name | Type |
|---|---|
description |
string |
roles |
Array<string> |
UpdateKeyDto¶
| Name | Type |
|---|---|
description |
string |
id |
string |
UpdateRegistrarConfigDto¶
| Name | Type |
|---|---|
clientId |
string |
clientSecret |
string |
oidcUrl |
string(uri) |
password |
string |
registrarUrl |
string(uri) |
username |
string |
UpdateSessionConfigDto¶
| Name | Type |
|---|---|
cleanupMode |
string |
ttlSeconds |
number| null |
UpdateStatusListConfigDto¶
| Name | Type |
|---|---|
bits |
number| null |
capacity |
number| null |
enableAggregation |
boolean| null |
immediateUpdate |
boolean| null |
ttl |
number| null |
UpdateStatusListDto¶
| Name | Type |
|---|---|
certId |
string| null |
credentialConfigurationId |
string| null |
UpdateTenantDto¶
| Name | Type |
|---|---|
description |
string |
name |
string |
roles |
Array<string> |
sessionConfig |
|
statusListConfig |
VCT¶
| Name | Type |
|---|---|
description |
string |
extends |
string |
extends#integrity |
string |
name |
string |
schema_uri |
string |
schema_uri#integrity |
string |
vct |
string |
WebHookAuthConfigHeader¶
| Name | Type |
|---|---|
config |
|
type |
string |
WebHookAuthConfigNone¶
| Name | Type |
|---|---|
type |
string |
WebhookConfig¶
| Name | Type |
|---|---|
auth |
|
url |
string |
Security schemes¶
| Name | Type | Scheme | Description |
|---|---|---|---|
| oauth2 | oauth2 |
More documentation¶
Documentation
For more information: https://openwallet-foundation-labs.github.io/eudiplo/latest/