DCQL - Student transport pass with mandatory and optional credentials

This workflow demonstrates how a public transport authority can request a discounted student transport pass using a combination of mandatory and optional credentials:

• PID (Person Identification Data) for identity (mandatory)
• Student ID or Enrolment Letter to prove active student status (mandatory)
• Utility Bill or Rental Agreement to prove local residency for an additional discount (optional)

The workflow is executed using OpenID4VC APIs and DCQL-based presentation requests, combining mandatory and optional credential sets with selective claim disclosure in a single query.

For the underlying DCQL query, diagram and example, see the “Student transport pass with mandatory and optional credentials” use case in our DCQL concepts article.

Step 1: Get the API Key (Issuer Admin)

To obtain your API key, please contact [email protected]. Once you have received your API key, enter it in the field below and click the Set API Key button to save it for future use.

Step 2: Create Credential Definition (Issuer Admin)

To create a credential definition, run the code blocks below using the Run button. Alternatively, you can manually copy the JSON body and use it in the API request available here.

Note: The kid value is mandatory with trust anchor x509. To obtain the kid value for the respective organisation use the API available here.

From the API response, copy the credentialDefinitionId and id value from the credentialDefinitions array for use in the Step 3.

Credential definitions for this use case:

The issuer can define credential definitions for the following identity credentials:

• PID with credential format mso_mdoc
• Student ID with credential format dc+sd-jwt
• Enrolment Letter with credential format dc+sd-jwt
• Utility Bill with credential format dc+sd-jwt
• Rental Agreement with credential format dc+sd-jwt

PID

Person Identification Data (PID) is a standardised European identity credential defined under the EU Digital Identity Framework (eIDAS 2.0). It contains essential personal information including family name, given name, date of birth and address, enabling secure digital identification across EU member states.

Request

Response

Student ID

A Student ID credential is an official digital identification document issued by European educational institutions. It contains student information including enrolment status, student number and academic details in accordance with the European Student Card Initiative standards, providing proof of student status for various services and benefits across the European Higher Education Area.

Request

Response

Enrolment Letter

An Enrolment Letter credential is an official document from a European educational institution confirming a student's enrolment in a specific program. It includes details such as the program of study, enrolment dates and academic standing, serving as a proof of current student status in compliance with European higher education standards.

Request

Response

Utility Bill

A Utility Bill credential contains verified address information from utility service providers such as electricity, water or telecommunications companies. It serves as proof of residence and is commonly required for address verification in accordance with EU identity verification standards.

Request

Response

Rental Agreement

A Rental Agreement credential is a digital version of a legally binding contract between a landlord and tenant, compliant with European housing policies. It contains verified information about the rental property, terms of lease, and tenant details, serving as proof of residence for official purposes across EU member states.

Request

Response

Step 3: Issue and Receive Credential (Issuer/Holder)

The holder of the wallet submits a request for the issuance of a credential by executing the JSON code block below using the Run button in InTime issuance mode. Choose the credential format and replace <credentialDefinitionId> and <id> with the actual values obtained from the previous step. Alternatively, you may use the API available here.

The user needs to issue five credentials to the holder wallet:

• PID with credential format mso_mdoc
• Student ID with credential format dc+sd-jwt
• Enrolment Letter with credential format dc+sd-jwt
• Utility Bill with credential format dc+sd-jwt
• Rental Agreement with credential format dc+sd-jwt

After receiving the response, toggle the button provided to dynamically generate a QR code. The EUDI Wallet/Holder can then accept the credential offer using the Data Wallet (or any other EU Digital Identity Wallet) by either scanning the QR code or directly accessing the credential offer on their mobile device, such as via a browser.

PID

Request

Response

Student ID

Request

Response

Enrolment Letter

Request

Response

Utility Bill

Request

Response

Rental Agreement

Request

Response

To receive and accept the credential via API. First, use the credentialOffer to call the Receive Credential API. Once you have the response, copy the credentialId and provide it at Accept Credential API to accept the credential.

Step 4: Create Presentation Definition (Verifier Admin)

To create a presentation definition for requesting proof, you can run the code block below using the Run button. Alternatively, you can manually copy the code block and use it in the body of the API request provided here.

Note: The kid value is mandatory with trust anchor x509. To obtain the kid value for the respective organisation use the API available here.

Request

Response

Once a presentation definition is created, the presentationDefinitionId can be reused to verify multiple credentials (Step 6).

Step 5: Create Verification Request (Verifier/Relying Party)

To create the verification request, execute the code block below using the Run button. Alternatively, you can manually copy the JSON and use it in the body of the API available here.

After receiving the response, toggle the button provided to dynamically generate a QR code. The EUDI Wallet/Holder can then accept the verification request using the Data Wallet (or any other EU Digital Identity Wallet) by either scanning the QR code or directly accessing the verification request on their mobile device, such as via a browser.

Request

Response

Users can copy the presentationExchangeId from the JSON response for use in Step 8 to read verification history.

Step 6: Send and Receive Verifiable Presentation (Holder)

The holder wallet accepts (consents) to send the requested credentials.

• Receive Verification:
  • Use the vpTokenQrCode(step 5) with the API available here to receive the verification.
  • Copy the presentationId from the JSON response received from Receive Verification for use in Step 6b.
• Filter Verification:
  • Use that presentationId with the API available here to find matching credentials.
  • Save the <id> and <credentialId> from the response.
• Send Verification:
  • Use the presentationId, <id> and <credentialId> with the API available here to send the credentials to the verifier.

Step 7: Send and Receive Verifiable Presentation (Verifier/Relying Party)

• The Verfier (Relying Party) receives the requested credentials and can verify it. They may read the received credential by executing the Read Verification History API.
• From the response received, the vpTokenResponse can be decoded using JWT Decoder.
• From the decoded response, the verifiableCredential inside the 'vp' can be further decoded to view the received credentials.