#Overview

Credential Offers are the mechanism for initiating credential issuance in the Issuer2 API. An offer is created from a credential profile and generates an OID4VCI credential offer URL that can be claimed by any compliant wallet.

#What is a Credential Offer?

A credential offer is a one-time or limited-use invitation for a wallet to receive a credential. When you create an offer, you specify:

Profile – The credential profile to use as the base configuration
Authentication Method – Pre-authorized or authorization code flow
Delivery Mode – Credential offer by reference or by value
Expiration – How long the offer remains valid
Runtime Overrides – Any profile values to override for this specific offer

#Offer Flow

Create Offer – Call the offers endpoint with a profile ID
Share URL – Send the credential offer URL to the user (QR code, deep link, etc.)
Wallet Claims – User's wallet resolves the offer and receives the credential

#Authentication Methods

Method	Description	Use Case
`PRE_AUTHORIZED`	No user authentication required	Known users, pre-verified data
`AUTHORIZED`	User must authenticate via IdP	Unknown users, dynamic data collection

#Pre-Authorized Code Flow

The pre-authorized flow is simpler and faster:

Issuer creates offer with all credential data
User scans QR code or clicks link
Wallet receives credential immediately (optionally with PIN)

#Authorization Code Flow

The authorization code flow supports user authentication:

Issuer creates offer (optionally with partial data)
User scans QR code or clicks link
Wallet redirects to IdP for authentication
ID token claims are mapped to credential data
Wallet receives credential

#Offer Delivery Modes

Mode	Description
`BY_REFERENCE`	Offer URL contains a reference; wallet fetches full offer from issuer (default)
`BY_VALUE`	Full credential offer is embedded in the URL

BY_REFERENCE is recommended for most use cases as it keeps URLs shorter and allows the issuer to track when offers are resolved.

#API Endpoints

#Create a Credential Offer

curl -X POST 'http://localhost:7002/issuer2/credential-offers' \
  -H 'Content-Type: application/json' \
  -d '{
    "profileId": "university-degree",
    "authMethod": "PRE_AUTHORIZED"
  }'

Response:

{
  "offerId": "abc123-def456-ghi789",
  "profileId": "university-degree",
  "authMethod": "PRE_AUTHORIZED",
  "expiresAt": 1704067500000,
  "credentialOffer": "openid-credential-offer://?credential_offer_uri=http%3A%2F%2Flocalhost%3A7002%2Fopenid4vci%2Fcredential-offer%3Fid%3Dabc123-def456-ghi789"
}

#List Sessions

curl -X GET 'http://localhost:7002/issuer2/sessions'

#Get Session Details

curl -X GET 'http://localhost:7002/issuer2/sessions/{sessionId}'

#Using the Credential Offer

The credentialOffer URL in the response can be:

Displayed as QR Code – User scans with their wallet app
Sent as Deep Link – User clicks link on mobile device
Embedded in Email/Message – User clicks to open in wallet

When the wallet resolves this URL, it will:

Fetch the full credential offer from the issuer
Display the credential details to the user
Request the credential using the appropriate flow

#Next Steps

Create an Offer – Step-by-step guide to creating credential offers
Notifications – Monitor issuance progress via webhooks or SSE

Last updated on June 15, 2026

Credential Profiles Create an Offer