Verifier API FAQs

This page addresses common questions about the walt.id Verifier API for the Community Stack.

General Questions

Q: What is the difference between the Community Stack and Enterprise Stack Verifier APIs?

A: The Community Stack Verifier API is stateless and typically deployed as a single instance via Docker. It's designed for simpler use cases where you manage your own infrastructure. The Enterprise Stack is stateful, supports multiple instances with shared databases, includes a tenant system for B2B scenarios, and provides built-in GUI management tools, verification session management, and analytics dashboards.

Q: What credential formats does the Verifier support?

A: The Verifier supports multiple credential formats including:

  • SD-JWT VC (IETF): Selective Disclosure JSON Web Token Verifiable Credentials
  • W3C Verifiable Credentials: Versions 1.1+ and 2.0 with JWT or SDD-JWT signatures
  • ISO 18013-5 mDL: Mobile Driver's License format

Q: Which OID4VP draft versions are supported?

A: The Verifier supports OID4VP Draft 14 and Draft 20, with support for DCQL (Draft 28) coming soon. The authorization request can be expressed using either the Presentation Definition protocol or DCQL language.

Credential Request & Exchange

Q: How do I define what credentials to request from a wallet?

A: There are three main approaches for defining credential requests:

  1. Simple: Combine credential types and formats in a basic request
  2. Presentation Exchange (2.1.1): Use the Presentation Definition protocol for full flexibility with various filters and constraints
  3. DCQL (OpenID4VP Draft 28): Formulate requests using the DCQL language for maximum flexibility - coming soon

Q: How does the credential exchange process work?

A: The process involves:

  1. Creating an authorization request that defines required credentials and attributes
  2. Generating a standard-compliant OID4VP authorization request URL
  3. Sharing the URL with the credential holder via link or QR code
  4. The wallet responds with a VP token containing the requested credentials
  5. The verifier validates signatures, applies policies, and creates a verification report

Q: Can I request multiple credentials from different issuers in a single verification session?

A: Yes, the verifier is designed to handle verifiable presentations that include multiple credentials, including "combined credentials" from different authorities and trust chains. Each credential is validated individually.

Credential Validation & Policies

Q: What types of validation policies are available?

A: The verifier supports three types of policies:

  1. Static policies: Address common use cases including signature verification, presentation definitions, validity periods, and schema compliance
  2. Parameterized policies: Offer flexibility with inputs like "allow-issuer" and "webhook" options for external system delegation
  3. Custom policies: Written in REGO language and evaluated by Open Policy Agent (OPA) for flexible checks on any attributes

Q: How do webhook policies work?

A: Webhook policies allow complete delegation of specific checks to external systems. The external system receives the full Verifiable Presentation (VP) token, including both the Verifiable Presentation and the Presented Credentials, and can perform any necessary checks before returning a validation result.

Q: Can I validate credentials against external systems?

A: Yes, you can use webhook policies to delegate validation to external systems, or use parameterized policies to integrate with your existing infrastructure. The verifier also supports custom REGO-based policies for complex validation logic.

Key Management & Security

Q: What cryptographic algorithms are supported for credential verification?

A: The verifier supports multiple asymmetric key types including ed25519, secp256k1, secp256r1, and RSA for signature verification of credentials.

Integration & Deployment

Q: How do I get started with the Verifier API?

A: Start with the getting started guide which covers setup and basic credential verification. You can also explore the SDKs for Kotlin/Java integration or the white-label portal for a GUI-based approach.

Q: Can I integrate the Verifier with my existing identity infrastructure?

A: Yes, the Verifier API can integrate with external systems through webhook policies and parameterized policies. This allows you to leverage your existing identity infrastructure and validation logic while using the verifier for credential exchange and basic validation.

Q: How do I handle verification sessions and results?

A: In the Community Stack, verification session information is stored in memory. You can access verification reports via API calls. The Enterprise Stack provides GUI tools to view and manage verification sessions, view verification results based on applied policies, and trigger credential requests with a multi-tenant setup.

Standards & Compliance

Q: What standards does the Verifier support?

A: The Verifier supports multiple standards including:

  • OID4VP: Draft 14 and 20, with DCQL (Draft 28) coming soon
  • ISO/IEC 18013-7: For mDL verification
  • Presentation Exchange 2.1.1: For flexible credential request definitions
  • REGO/Open Policy Agent: For custom validation policies

Q: How does the Verifier handle different credential formats?

A: The verifier uses a unified architecture powered by core libraries (crypto, did, openid4vc, policies, digital-credentials, dif-definitions-parser, dcql-parser) that abstract away different credential formats. This allows validation of heterogeneous credential sets within a single verification session.

Q: Can I extend the Verifier to support new credential formats?

A: Yes, the verifier system is built for extensibility. New credential formats can be integrated through the digital-credential abstraction layer, and custom validation logic can be implemented through REGO policies or webhook integrations. Reach out for more info to tamino@walt.id

Q: Is the Verifier API compliant with eIDAS2 requirements?

A: Yes, the Verifier is aligned with the EU's emerging digital ID ecosystem under eIDAS2, including ARF and implementing acts. This ensures credentials can be requested & verified from different wallets, including EUDI wallets.

Last updated on July 22, 2025
Full API ReferenceAPI