#Create a Profile

This guide walks you through creating credential profiles for the Issuer2 API. Profiles are defined in configuration files and loaded when the service starts.

#Configuration File

Profiles are defined in the issuer2-profiles.conf file located in your config directory:

waltid-issuer-api2/config/issuer2-profiles.conf

#Profile Structure

Each profile is defined as a key-value pair in the profiles block:

profiles {
  profile-id {
    name = "Profile Name"
    credentialConfigurationId = "credential_type_id"
    issuerKey = { ... }
    issuerDid = "did:..."
    credentialData = { ... }
    mapping = { ... }
  }
}

#Examples

#SD-JWT VC Profile

profiles {
  identity-credential {
    name = "Identity Credential"
    credentialConfigurationId = "identity_credential_dc+sd-jwt"
    issuerKey = {
      type = "jwk"
      jwk = "{\"kty\":\"EC\",\"d\":\"...\",\"crv\":\"P-256\",\"x\":\"...\",\"y\":\"...\"}"
    }
    credentialData = {
      vct = "https://example.com/credentials/identity"
      given_name = "John"
      family_name = "Doe"
      birthdate = "1990-01-01"
    }
    mapping = {
      iat = "<timestamp-seconds>"
      nbf = "<timestamp-seconds>"
    }
    selectiveDisclosure = {
      fields = {
        given_name = { sd = true }
        family_name = { sd = true }
        birthdate = { sd = true }
      }
    }
  }
}

#W3C JWT VC Profile with Bitstring Status List

profiles {
  university-degree {
    name = "University Degree"
    credentialConfigurationId = "UniversityDegree_jwt_vc_json"
    issuerKey = {
      type = "jwk"
      jwk = "{\"kty\":\"EC\",\"d\":\"...\",\"crv\":\"P-256\",\"x\":\"...\",\"y\":\"...\"}"
    }
    issuerDid = "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK"
    credentialData = {
      "@context" = [
        "https://www.w3.org/2018/credentials/v1",
        "https://www.w3.org/2018/credentials/examples/v1"
      ]
      type = ["VerifiableCredential", "UniversityDegree"]
      credentialSubject = {
        degree = {
          type = "BachelorDegree"
          name = "Bachelor of Science"
        }
      }
    }
    mapping = {
      id = "<uuid>"
      "issuer.id" = "<issuerDid>"
      "credentialSubject.id" = "<subjectDid>"
      issuanceDate = "<timestamp>"
      expirationDate = "<timestamp-in:365d>"
    }
    credentialStatus = {
      id = "https://issuer.example.com/status/1#94567"
      type = "BitstringStatusListEntry"
      statusPurpose = "revocation"
      statusListIndex = "94567"
      statusListCredential = "https://issuer.example.com/status/1"
    }
  }
}

#mDoc/mDL Profile with Token Status List

profiles {
  mobile-drivers-license {
    name = "Mobile Driver's License"
    credentialConfigurationId = "org.iso.18013.5.1.mDL"
    issuerKey = {
      type = "jwk"
      jwk = "{\"kty\":\"EC\",\"d\":\"...\",\"crv\":\"P-256\",\"x\":\"...\",\"y\":\"...\"}"
    }
    x5Chain = [
      "MIIBkTCB+wIJAK..."
    ]
    credentialData = {
      "org.iso.18013.5.1" = {
        family_name = "Doe"
        given_name = "John"
        birth_date = "1990-01-01"
        issue_date = "2024-01-01"
        expiry_date = "2029-01-01"
        issuing_country = "US"
        issuing_authority = "State DMV"
        document_number = "DL123456789"
        driving_privileges = [
          {
            vehicle_category_code = "B"
            issue_date = "2024-01-01"
            expiry_date = "2029-01-01"
          }
        ]
      }
    }
    mDocNameSpacesDataMappingConfig = {
      "org.iso.18013.5.1" = {
        birth_date = { type = "full-date" }
        issue_date = { type = "full-date" }
        expiry_date = { type = "full-date" }
        "driving_privileges.issue_date" = { type = "full-date" }
        "driving_privileges.expiry_date" = { type = "full-date" }
      }
    }
    credentialStatus = {
      status_list = {
        idx = 94567
        uri = "https://issuer.example.com/status/1"
      }
    }
  }
}

#Profile with Notifications

Configure webhook notifications to receive events when credentials are issued:

profiles {
  notified-credential {
    name = "Notified Credential"
    credentialConfigurationId = "identity_credential_dc+sd-jwt"
    issuerKey = { ... }
    credentialData = { ... }
    notifications = {
      webhook = {
        url = "https://your-server.com/webhook/issuance"
      }
    }
  }
}

#Profile with ID Token Claims Mapping

For authorization code flow, map claims from the external IdP to credential fields:

profiles {
  authenticated-credential {
    name = "Authenticated Credential"
    credentialConfigurationId = "identity_credential_dc+sd-jwt"
    issuerKey = { ... }
    credentialData = {
      vct = "https://example.com/credentials/identity"
      given_name = ""
      family_name = ""
      email = ""
    }
    idTokenClaimsMapping = {
      given_name = "$.given_name"
      family_name = "$.family_name"
      email = "$.email"
    }
  }
}

#Default Issuer Configuration

You can set default issuer key and DID at the top level to avoid repeating them in each profile:

defaultIssuerKey = {
  type = "jwk"
  jwk = "{\"kty\":\"EC\",\"d\":\"...\",\"crv\":\"P-256\",\"x\":\"...\",\"y\":\"...\"}"
}
defaultIssuerDid = "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK"

profiles {
  profile-1 {
    name = "Profile 1"
    credentialConfigurationId = "..."
    credentialData = { ... }
  }
  profile-2 {
    name = "Profile 2"
    credentialConfigurationId = "..."
    issuerKey = { ... }  # Override default
    credentialData = { ... }
  }
}

#Verifying Your Configuration

After updating the configuration file, restart the Issuer2 service and verify your profiles are loaded:

curl -X GET 'http://localhost:7002/issuer2/profiles'

You should see your configured profiles in the response.

#Next Steps

Credential Offers – Create offers from your profiles
Data Functions – Learn about dynamic data population
Notifications – Configure webhook notifications

Last updated on June 16, 2026

Overview Credential Profiles