Skip to main content

Read presentation definition

GET 
/v2/config/digital-wallet/openid/sdjwt/presentation-definition/:presentationDefinitionId

Retrieves a presentation definition by its ID.

Request

Path Parameters

    presentationDefinitionId stringrequired

    Unique identifier of the presentation definition that specifies the credential and claims requirements for OpenID4VP verification.

Responses

Presentation definition retrieved successfully

Response Headers
    Schema
      presentationDefinition object
      id stringrequired

      Unique identifier for this presentation definition. Same value as presentationDefinitionId.

      openIdOrganisationId stringrequired

      Identifier of the OpenID4VP organisation that owns this presentation definition.

      presentationDefinitionId stringrequired

      Unique identifier assigned to the presentation definition upon creation. Use this ID when sending verification requests.

      label stringrequired

      Human-readable label describing the purpose of this presentation definition (e.g. 'Verify Portable Document A1'). Used to identify the presentation definition in the verifier's dashboard.

      presentationDefinition object

      JSON object defining the credential requirements for verification, following the DIF Presentation Exchange specification. Specifies which credential types and claims the verifier requires from the holder. Reference: https://identity.foundation/presentation-exchange/

      property name* any

      JSON object defining the credential requirements for verification, following the DIF Presentation Exchange specification. Specifies which credential types and claims the verifier requires from the holder. Reference: https://identity.foundation/presentation-exchange/

      transactionDataDefinitionType string

      Possible values: [payment_data]

      Type of transaction data to bind to the verification request. payment_data enables payment confirmation flows where the holder must confirm transaction details before presenting credentials.

      enforceWUA boolean

      When true, the verifier requires the holder to present a valid Wallet Unit Attestation (WUA) alongside the Verifiable Presentation, as defined in the EUDI Wallet Architecture Reference Framework.

      createdAt numberrequired

      Unix timestamp (in seconds) when this presentation definition was created.

      updatedAt numberrequired

      Unix timestamp (in seconds) when this presentation definition was last modified.

      version string

      Possible values: [draft_14, draft_18, draft_23, version_01]

      OpenID for Verifiable Presentation (OpenID4VP) specification draft version to use for verification protocol interactions. Determines the Authorization Request format and supported features.

      kid string

      Key Identifier (kid) referencing the cryptographic key used by the verifier for signing the Authorization Request or for response encryption. Must reference a valid key when dcApiRequestType is signed.

      trustAnchor string

      Possible values: [jwk, did:key, did:ebsi, did:web, did:tdw]

      DID method or key type used as the verifier's trust anchor. Determines how the verifier's identity is published and resolved by holders.

      scope string

      OAuth 2.0 scope value for scope-based credential presentation requests.

      responseType string

      Possible values: [id_token, vp_token]

      OAuth 2.0 response type for the OpenID4VP Authorization Request. vp_token requests a Verifiable Presentation. id_token requests an OpenID Connect ID Token.

      dcqlQuery object

      Digital Credentials Query Language (DCQL) query object defining the credentials and claims requested from the holder. DCQL is an alternative to DIF Presentation Exchange for specifying credential requirements in OpenID4VP.

      property name* any

      Digital Credentials Query Language (DCQL) query object defining the credentials and claims requested from the holder. DCQL is an alternative to DIF Presentation Exchange for specifying credential requirements in OpenID4VP.

      clientIdScheme string

      Possible values: [redirect_uri, did, verifier_attestation, x509_san_dns, x509_hash]

      Client ID scheme used by the verifier in the OpenID4VP Authorization Request. Determines how the verifier identifies itself to the holder's wallet. redirect_uri uses a redirect URI, did uses a DID, verifier_attestation uses a Verifier Attestation JWT, x509_san_dns uses an X.509 certificate SAN DNS name, x509_hash uses an X.509 certificate hash. When using DC API response modes, redirect_uri serves as a logical identifier rather than an actual redirect target.

      directPostRedirectUri string

      URI that the holder's wallet redirects to after posting the Authorization Response via direct_post response mode. Used to return the user to the verifier's application. Not applicable when responseMode is dc_api or dc_api.jwt.

      responseMode string

      Possible values: [direct_post, direct_post.jwt, dc_api, dc_api.jwt]

      OpenID4VP response mode. Direct Post: direct_post sends the response via HTTP POST. direct_post.jwt sends an encrypted JWT via HTTP POST. DC API: dc_api uses the W3C Digital Credentials API for browser-based credential exchange. The Authorization Response is returned without JWE encryption. dc_api.jwt uses the DC API with the response encrypted as a JWE.

      dcApiRequestType string

      Possible values: [signed, unsigned]

      DC API request signing type. Only applicable when responseMode is dc_api or dc_api.jwt. signed means the authorization request is signed by the verifier's key. unsigned means the request is sent unsigned.

      expectedOrigins string[]

      Array of expected origin URLs for the DC API. Returned when dcApiRequestType is signed.

      encryptedResponseEncValuesSupported string[]

      Possible values: [A128CBC-HS256, A128GCM, A256GCM]

      Array of JWE content encryption algorithms supported by the verifier for encrypting the OpenID4VP Authorization Response. Only applicable when responseMode is direct_post.jwt or dc_api.jwt. MUST be present when using an encryption algorithm other than the default A128GCM.

    Loading...
    Last updated on