Payment Authenticator
This workflow implements European Wallet Consortium (EWC) RFC007, as specified by the EWC Payment Task Force.
It uses the OpenID4VCI Dynamic Credential Request protocol to issue a Payment Authenticator by authenticating the user with an identity document (e.g., PID, Passport, etc.). The following steps outline the process using OpenID4VCI as illustrated below:
Step 1: Get the API Key (Bank Issuer Admin)
To obtain your API key, please contact support@igrant.io. Once you have received your API key, enter it in the field below and click the Set API Key button to save it for future use.
Step 2: Create Webhook (Bank Issuer Admin)
To create a webhook, you can run the code block below using the Run button. Alternatively, you can manually copy the code block and use it in the body of the API request available here.
Request
Response
Step 3: Create Presentation Definition (Bank Issuer Admin)
To create a presentation definition for requesting proof, you can run the code block below using the Run button. Alternatively, you can manually copy the code block and use it in the body of the API request provided here.
From the API response, copy the presentationDefinitionId for use in Step 5.
In the example below, a national passport is used as the identification document. This can also be a EU Person Identification Data (PID) or any other similar identification as required by the Bank Issuer.
Request
Response
Once a presentation definition is created, the presentationDefinitionId can be reused to issue multiple credentials (Step 5).
Step 4: Create Credential Definition (Bank Issuer Admin)
To create a credential definition as per EWC RFC007, you can run the code block below using the Run button. Alternatively, you can manually copy the code block and use it in the body of the API request available here. From the API response, copy the credentialDefinitionId for use in Step 5.
Request
Response
Once a credential definition is created, the credentialDefinitionId can be reused to issue multiple credentials (Step 5).
Step 5: Issue Credential (Bank Issuer)
The Bank Issuer issues the Payment Authenticator in deferred mode after completing the necessary validations. Replace <credentialDefinitionId> and <presentationDefinitionId> with the actual IDs obtained in the previous steps. You can run the JSON code block below using the Run button.
After receiving the response, toggle the button provided to dynamically generate a QR code. The EUDI Wallet/Holder can then accept the credential offer using the Data Wallet (or any other EU Digital Identity Wallet) by either scanning the QR code or directly accessing the credential offer on their mobile device, such as via a browser.
Request
Response
Copy the credentialExchangeId from the response for use in Step 6.
Alternatively, you can manually copy the code block, update the placeholders, and use it in the body of the API request available here. From the response received, copy the credentialOffer and generate a QR code using a QR code generator tool, or paste the response into our tool here. The EUDI Wallet/Holder can then accept the credential offer using the Data Wallet (or any other EU Digital Identity Wallet) by either scanning the QR code or directly accessing the credential offer on their mobile device (e.g., in a browser).
Before scanning the QR code, ensure that the Holder Wallet has onboarded the user's identity credentials as required by banking guidelines, such as a national passport or Person Identification Data (PID).
Step 6: Update Credential Offer (Bank Issuer)
Upon receiving the openid.presentation.presentation_acked webhook event and completing the requisite identity mapping in the bank backend, update the credential offer by running the code block below using the Run button.
Alternatively, you can manually copy the code block, update the placeholders, and use the credentialExchangeId from the response as the path parameter in the API request available here.
Path Parameter
Request
Response
Try It Yourself (With Demo Video)
Watch the below demo to learn Payment Authenticator issuance and try it out yourselves: