Skip to main content

DCQL - Basic Credential Query with trusted authority

This workflow shows how a verifier requests a single University Degree credential from a trusted authority, such as issuers in the EU Trust List, EBSI, or an OpenID Federation trust anchor.

For the underlying DCQL query, diagram and video walkthrough, see the “Basic credential query with trusted authority” use case in our DCQL concepts article.

Fig 01: Require a University Degree credential, only if issued by an authority listed in the trusted list.

Step 1: Get the API Key (Issuer Admin)

To obtain your API key, please contact [email protected]. Once you have received your API key, enter it in the field below and click the Set API Key button to save it for future use.

Step 2: Create Credential Definitions (Issuer Admin)

To create a credential definition, run the code block below using the Run button. Alternatively, you can manually copy the code block and use it in the body of the API request available here.

Note: The kid value is mandatory with trust anchor x509. To obtain the kid value for the respective organisation use the API available here.

From the API response, copy the credentialDefinitionId and id value from the credentialDefinitions array for use in the Step 3.

Aegean University Degree - Master's (Issuer Admin)

Use this step to create the credential definition for the Aegean University Master's degree that is present in the EWC Trust List and trust anchor x509.

Request

Response

Aegean University Degree - Bachelor's (Issuer Admin)

This step creates the credential definition for the Aegean University Bachelor's degree, also present in the EWC Trust List and trust anchor x509.

Request

Response

ABC University Degree - Bachelor's (Issuer Admin)

In this step you create the credential definition for a Bachelor's degree issued by ABC University, Australia. This university is not in the EWC Trust List, so the trust anchor is a did:key.

Request

Response

Step 3: Issue and Receive Credential (Issuer/Holder)

The holder of the wallet submits a request for the issuance of a credential by executing the JSON code block below using the Run button in the InTime issuance mode. For each credential type (UAegean University Degree (Master's), UAegean University Degree (Bachelor's), and ABC University (Bachelor's), replace <credentialDefinitionId> and <id> with the actual values obtained from Step 2, and run the request separately for each credential. Alternatively, you may use the API available here.

After receiving the response, toggle the provided button to dynamically generate a QR code. The EUDI Wallet/Holder can then accept the credential offer using the Data Wallet (or any other EU Digital Identity Wallet) by either scanning the QR code or directly accessing the credential offer on their mobile device (e.g. via a browser).

Request

Response

To receive and accept the credential via API. First, use the credentialOffer to call the Receive Credential API. Once you have the response, copy the credentialId and provide it at Accept Credential API to accept the credential.

Step 4: Create Presentation Definition (Verifier Admin)

To create a presentation definition for requesting proof, you can run the code block below using the Run button. Alternatively, you can manually copy the code block and use it in the body of the API request provided here.

Note: The kid value is mandatory with trust anchor x509. To obtain the kid value for the respective organisation use the API available here.

  • Create a Presentation Definition by executing the code block below.

Request

Response

Once a presentation definition has been created, the presentationDefinitionId can be reused to verify multiple credentials (Step 5).

Step 5: Create Verification Request (Verifier/Relying Party)

To create the verification request, execute the code block below using the Run button. Alternatively, you can manually copy the JSON and use it in the body of the API available here.

After receiving the response, toggle the button provided to dynamically generate a QR code. The EUDI Wallet/Holder can then accept the verification request using the Data Wallet (or any other EU Digital Identity Wallet) by either scanning the QR code or directly accessing the verification request on their mobile device, such as via a browser.

Request

Response

Step 6: Send and Receive Verifiable Presentation (Holder)

The holder wallet accepts (consents) to send the requested credentials.

  • Receive Verification:
    • Use the vpTokenQrCode(step 5) with the API available here to receive the verification.
    • Copy the presentationId from the JSON response received from Receive Verification for use in Step 6b.
  • Filter Verification:
    • Use that presentationId with the API available here to find matching credentials.
    • Save the <id> and <credentialId> from the response.
  • Send Verification:
    • Use the presentationId, <id> and <credentialId> with the API available here to send the credentials to the verifier.

Step 7: Send and Receive Verifiable Presentation (Verifier/Relying Party)

  • The Verfier (Relying Party) receives the requested credentials and can verify it. They may read the received credential by executing the Read Verification History API.
  • From the response received, the vpTokenResponse can be decoded using JWT Decoder.
  • From the decoded response, the verifiableCredential inside the 'vp' can be further decoded to view the received credentials.