Issue credential
POST/v2/config/digital-wallet/openid/sdjwt/credential/issue
This endpoint is used to issue credentials based on the OID4VCI specification. It supports two issuance modes: InTime and Deferred. In InTime mode, the credential is mandatory and is issued immediately. In Deferred mode, the credential can be issued at a later time by calling the Issue deferred credential API.
Request
- application/json
Body
- With credential definition
- Dynamic credential request
- Array [
- ]
- Array [
- ]
Issuance mode: InTime for immediate availability, Deferred for issuance after backend processing.
Indicates if a userPin is needed with the Token Request. If not needed, this object is absent by default.
Identifier for the credential definition.
credential object
The credential being issued, containing various attributes. It contains type,credentialSubject and credentialMetadata fields. The type indicates the credential type for e.g. PortableDocumentA1, credentialSubject defines the data attributes for a verifiable credential and credentialMetadata defines additional metadata for a verifiable credential
credentialSubject object
credentialMetadata object
Credential offer endpoint of the holder wallet. If specified, the issuer will send the credential offer directly to this endpoint making it an issuer initiated issuance.
credentials object[]
credentialSubject object
credentialMetadata object
Possible values: [openid-credential-offer://, haip://]
Indicates the url scheme to be used for the credential offer
The identifier of the individual. If specified, the issuer will send the credential offer directly to the configured individuals device.
Issuance mode: InTime for immediate availability, Deferred for issuance after backend processing.
Identifier for the credential definition. Either this or credential must be present.
credential object
The credential being issued, containing various attributes. It contains type,credentialSubject and credentialMetadata fields. The type indicates the credential type for e.g. PortableDocumentA1, credentialSubject defines the data attributes for a verifiable credential and credentialMetadata defines additional metadata for a verifiable credential
credentialSubject object
credentialMetadata object
Identifier for the presentation definition.
Credential offer endpoint of the holder wallet. If specified, the issuer will send the credential offer directly to this endpoint making it an issuer initiated issuance.
transactionData object
credentials object[]
credentialSubject object
credentialMetadata object
Responses
- 200
Response Headers
- application/json
- Schema
- Example (from schema)
Schema
- CredentialHistoryForOpenId
- MOD2
- Array [
- ]
credentialHistory object
Identifier for the credential exchange record
Issuance mode: InTime for immediate availability, Deferred for issuance after backend processing.
Indicates if the grant type is pre-authorized or uses the Authorized Code Flow.
Credential offer defined as per OID4VCI draft 12 specification.
Possible values: [pending, ready]
Credential status: pending for issuance, ready for issuance.
Possible values: [offer_sent, offer_received, credential_issued, credential_acked, credential_accepted, credential_deleted, issuance_denied]
It support 6 credential offer statuses: 1. offer_sent: Indicates the credential offer has been sent to the holder. 2. offer_received: Indicates the credential offer has been received/scanned by the holder. 3. credential_issued: Indicates the credential has been issued to the holder. 4. credential_acked: Indicates the credential has been seen by the holder. 5. credential_accepted: Indicates the credential has been accepted by the holder. 6. credential_deleted: Indicates the credential has been deleted by the holder. 7. issuance_denied: Indicates that credential issunace has been denied by the issuer.
Identifier for the client. For e.g. DID or URL e.t.c
Indicates if a userPin is needed with the Token Request. If not needed, this object is absent by default.
Timestamp when the record was created.
Timestamp when the record was updated.
credential object
The credential being issued, containing various attributes. It contains type and credentialSubject fields. The type indicates the credential type for e.g. PortableDocumentA1 and credentialSubject defines the data attributes for a verifiable credential.
The credential being issued, containing various attributes. It contains type and credentialSubject fields. The type indicates the credential type for e.g. PortableDocumentA1 and credentialSubject defines the data attributes for a verifiable credential.
disclosureMapping object
Mapping of credential subject attributes to limited disclosure for SD-JWT credentials.
Mapping of credential subject attributes to limited disclosure for SD-JWT credentials.
Identifier for the presentation definition
Identifier for the presentation exchange record.
holder object
Contains the metadata describing a holder. For e.g. Name, location, logo e.t.c
Identifier of the holder. For .e.g. DID or Name obtained from client metadata if available.
Possible values: [jwt_vc_json, dc+sd-jwt, mso_mdoc]
Specifies the credential format for verifiable credential.
Specifies the verifiable credential supports revocation.
Possible values: [Operational, Revoked, Suspended]
Specifies the revocation status for verifiable credential.
Client assertion token of the holder
Client assertion token type
Specifies client assertion token is verified or not
Specifies the wallet unit attestation credential.
Specifies the wallet unit attestation pop credential.
Specifies the wallet unit attestation credential is verified.
Specifies the credential being issued to the holder.
cnf object
Specifies the public key jwk of the holder.
Specifies the public key jwk of the holder.
Unique jwt token identifier for credential token
Credential request proof jwt
Credential request proof type
decodedWalletUnitAttestation object
The decoded wallet unit attestation credential presented by the holder.
The decoded wallet unit attestation credential presented by the holder.
Specifies the ID token that has shared by the holder
Specifies the decoded ID token jwk that shared by the holder
Specifies the ID token is verified.
Specifies the issuance denied reason.
Contains expired credential tokens
Contains expired credentials decoded objects
credentialResponseEncryption object
The identifier of the individual where the credential offer is send to
The mapper identifier of the individual where the credential offer is send to
Identifier for the credential exchange record
Issuance mode: InTime for immediate availability, Deferred for issuance after backend processing.
Indicates if the grant type is pre-authorized or uses the Authorized Code Flow.
Credential offer defined as per OID4VCI draft 12 specification.
Possible values: [pending, ready]
Credential status: pending for issuance, ready for issuance.
Possible values: [offer_sent, offer_received, credential_issued, credential_acked, credential_accepted, credential_deleted, issuance_denied]
It support 6 credential offer statuses: 1. offer_sent: Indicates the credential offer has been sent to the holder. 2. offer_received: Indicates the credential offer has been received/scanned by the holder. 3. credential_issued: Indicates the credential has been issued to the holder. 4. credential_acked: Indicates the credential has been seen by the holder. 5. credential_accepted: Indicates the credential has been accepted by the holder. 6. credential_deleted: Indicates the credential has been deleted by the holder. 7. issuance_denied: Indicates that credential issunace has been denied by the issuer.
Identifier for the client. For e.g. DID or URL e.t.c
Indicates if a userPin is needed with the Token Request. If not needed, this object is absent by default.
Timestamp when the record was created.
Timestamp when the record was updated.
credential object
The credential being issued, containing various attributes. It contains type and credentialSubject fields. The type indicates the credential type for e.g. PortableDocumentA1 and credentialSubject defines the data attributes for a verifiable credential.
The credential being issued, containing various attributes. It contains type and credentialSubject fields. The type indicates the credential type for e.g. PortableDocumentA1 and credentialSubject defines the data attributes for a verifiable credential.
disclosureMapping object
Mapping of credential subject attributes to limited disclosure for SD-JWT credentials.
Mapping of credential subject attributes to limited disclosure for SD-JWT credentials.
Identifier for the presentation definition
Identifier for the presentation exchange record.
holder object
Contains the metadata describing a holder. For e.g. Name, location, logo e.t.c
Identifier of the holder. For .e.g. DID or Name obtained from client metadata if available.
Possible values: [jwt_vc_json, dc+sd-jwt, mso_mdoc]
Specifies the credential format for verifiable credential.
Specifies the verifiable credential supports revocation.
Possible values: [Operational, Revoked, Suspended]
Specifies the revocation status for verifiable credential.
Client assertion token of the holder
Client assertion token type
Specifies client assertion token is verified or not
Specifies the wallet unit attestation credential.
Specifies the wallet unit attestation pop credential.
Specifies the wallet unit attestation credential is verified.
Specifies the credential being issued to the holder.
cnf object
Specifies the public key jwk of the holder.
Specifies the public key jwk of the holder.
Unique jwt token identifier for credential token
Credential request proof jwt
Credential request proof type
decodedWalletUnitAttestation object
The decoded wallet unit attestation credential presented by the holder.
The decoded wallet unit attestation credential presented by the holder.
Specifies the ID token that has shared by the holder
Specifies the decoded ID token jwk that shared by the holder
Specifies the ID token is verified.
Specifies the issuance denied reason.
Contains expired credential tokens
Contains expired credentials decoded objects
credentialResponseEncryption object
The identifier of the individual where the credential offer is send to
The mapper identifier of the individual where the credential offer is send to
{
  "credentialHistory": {}
}