#Data Retention

#What is stored

The verifier service stores the following ojects during the verification process:

#PresentationSession

session metadata and auth state

#SessionVerificationInformation

verification policies and redirect URIs

#PolicyResults

verification results (potentially contains PII)

#Retention policy

Default expiration: 5 minutes
Storage backend: Configurable (memory/Redis/Redis-cluster)
Automatic cleanup: Yes, via TTL expiration

#How to configure the retention policy

#Per-Request TTL Override

You can override the default TTL for individual sessions via HTTP headers:

Include the sessionTtl header in your issuance request:

POST /openid4vc/verify
sessionTtl: 600
Content-Type: application/json
Body: {...}

The sessionTtl value is in seconds. Example above sets TTL to 600 seconds (10 minutes).

#Storage backend

This is useful for distributed architectures. You can configure the storage backend to use a shared database to store session data.

In the waltid-services/waltid-issuer-api/config/persistence.conf config file, you can configure the storage backend to use a shared database to store session data.

// Default storage backend is memory.
type = "memory"

// Using redis as a shared database to store session data.

type = "redis"
nodes = [{host = "127.0.0.1", port = 6379}]
user: ""
password: ""

Last updated on December 29, 2025

Distributed Architecture Overview