Verifying Verifiable Credentials via Digital Credentials API
This guide shows you how to verify credentials using the browser-native Digital Credentials API (DC API). The DC API enables secure, native credential sharing directly through the user's browser or operating system, providing a seamless user experience without redirects or QR codes.
We recommend checking out our Digital Credential Button project, which provides a reference for how to invoke the Browser-based DC API. It contains up to date tutorials for setting up and end to end demo utilizing the DC API. This guide will just focus on how to configure the Verifier API for this use case.
Prerequisites
Before you begin, ensure you have:
- Verifier2 API running — Follow the Getting Started or Setup guide
- DC API-compatible browser — Chrome 121+, Safari 18+, or Edge 121+ (desktop or mobile)
- HTTPS enabled — The DC API only works over secure connections (required for production; localhost is allowed for development)
- Test credentials — Use the walt.id Wallet or any DC API-compatible wallet for testing
- X.509 certificate and key (for signed requests) — Required for HAIP profile and ISO 18013-7 Annex C flows
Local Development: When running locally via Docker, the API is available at
http://localhost:7003(standalone) orhttp://localhost:7004(Docker Compose). The DC API will work with localhost URLs during development.
Understanding DC API Protocols
The Verifier2 API supports two DC API protocols:
- Over 18013-7 (Annex C) using flow_type = "dc_api-annex-c"
- Over OpenID4VP 1.0 (Annex D) using flow_type = "dc_api"
For each of these, we support both same device and cross device flows. You can find many examples in the Digital Credential Button project as well as the swagger documentation for the Verifier API.
Step 1: Preparing the Verification Session
This example requests an mDL credential using the ISO 18013-7 Annex C protocol with signed requests. The user will see a native browser credential picker to select and share their credential.
CURL
Endpoint: /verification-session/create | API Reference
Example Request
curl -X 'POST' \
'http://localhost:7003/verification-session/create' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-d '{
"flow_type": "dc_api",
"core_flow": {
"dcql_query": {
"credentials": [
{
"id": "my_mdl",
"format": "mso_mdoc",
"meta": {
"doctype_value": "org.iso.18013.5.1.mDL"
},
"claims": [
{
"path": [
"org.iso.18013.5.1",
"family_name"
]
},
{
"path": [
"org.iso.18013.5.1",
"given_name"
]
},
{
"path": [
"org.iso.18013.5.1",
"age_over_21"
]
}
]
}
]
},
"signed_request": true,
"encrypted_response": true,
"clientId": "x509_hash:abc-xyz-base64url-sha256-hash-of-der-x509-leaf",
"key": {
"type": "jwk",
"jwk": {
"kty": "EC",
"d": "AEb4k1BeTR9xt2NxYZggdzkFLLUkhyyWvyUOq3qSiwA",
"crv": "P-256",
"kid": "_nd-T2YRYLSmuKkJZlRI641zrCIJLTpiHeqMwXuvdug",
"x": "G_TgBc0BkmMipiQ_6gkamIn3mmp7hcTrZuyrLTmknP0",
"y": "VkRMZdXYXSMff5AJLrnHiN0x5MV6u_8vrAcytGUe4z4"
}
}
},
"expectedOrigins": [
"http://localhost:7003"
]
}'
Body Parameters
- flow_type: String (required) - Specifies how the credential request will be delivered to the holder's wallet. Options:
"cross_device"— User scans a QR code on a different device (e.g. desktop browser → phone wallet)"same_device"— User clicks a deep link on the same device (e.g. phone browser → wallet app on same phone)"dc_api"— Browser/OS-native Digital Credentials API (Chrome, Safari, iOS/Android native)
- core_flow: Object (required) - Defines what credentials to request and which policies to apply. Contains:
- dcql_query: Object (required) - Specifies the credential type, format, and claims to request using the DCQL query language. You can also use the DCQL builder here.
- credentials: Array - List of credential queries. Each credential query contains:
- id: String - Unique identifier for this credential in the request (used in policy results)
- format: String - Credential format. For mDL, use
"mso_mdoc"(mobile security object document). - meta.doctype_value: String - The ISO mDL document type. For mobile driver's licenses, use
"org.iso.18013.5.1.mDL". - claims: Array (optional) - Specific claims to request from the credential. Each claim has a
patharray with namespace and claim name (e.g.["org.iso.18013.5.1", "family_name"]). If omitted, all claims that are non-selectively disclosable are provided by the wallet.
- credentials: Array - List of credential queries. Each credential query contains:
- policies: Object (optional) - Validation rules applied to the received credential. Defaults to signature verification only if omitted.
- vc_policies: Array - Policies applied to individual credentials. Each policy has a
policyfield specifying the policy name. Available policies:signature,expired,not-before,revoked-status-list,schema, and more. See Policies for the complete list. - vp_policies: Array (optional) - Policies applied to the entire presentation (not shown in this example)
- vc_policies: Array - Policies applied to individual credentials. Each policy has a
- dcql_query: Object (required) - Specifies the credential type, format, and claims to request using the DCQL query language. You can also use the DCQL builder here.
- redirects: Object (optional) - Success and error redirect URLs (only for
cross_deviceandsame_deviceflows)- successRedirectUri: String - URL to redirect the user after successful verification
- errorRedirectUri: String - URL to redirect the user if verification fails
- url_config: Object (optional) - URL configuration for this session. Only applies to
cross_deviceandsame_deviceflows (notdc_api).- url_prefix: String (optional) - The publicly accessible base URL where the wallet will fetch the authorization request and post its response. Overrides the
urlPrefixfromverifier-service.conf.- The service constructs: Request URI:
{urlPrefix}/{sessionId}/requestand Response URI:{urlPrefix}/{sessionId}/response - Must be reachable by the wallet (use ngrok or public URL for local development)
- The service constructs: Request URI:
- url_host: String (optional) - The base URL used to construct the authorization request link. Overrides the
urlHostfromverifier-service.conf.- For standard OID4VP flows, use
"openid4vp://authorize"(default) - For custom authorization endpoints (e.g. conformance testing), provide a full HTTPS URL
- For standard OID4VP flows, use
- url_prefix: String (optional) - The publicly accessible base URL where the wallet will fetch the authorization request and post its response. Overrides the
- signed_request - Whether the request should be signed.
- encrypted_response - Whether the response should be encrypted.
- expectedOrigins: The expected origins for the verification. This is a requirement of the DC API.
- clientId: The client ID to be used for the verification as per the HAIP specification.
- key: The key used by the wallet to encrypt the response to the verifier (optional based on if you are using encrypted_response).
Many parameters have defaults configured in
verifier-service.conf. Request-level parameters override these defaults for that specific session only. See Configuration Defaults below.
Response
{
"sessionId": "ff4f0c86-56ce-4e4a-a137-dd5569049ff3",
"bootstrapAuthorizationRequestUrl": "openid4vp://authorize?client_id=did%3Ajwk%3AeyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5Iiwia2lkIjoiU05JZ1ItTHZzSEUtNkhUUGxYYUpQVDVubHRZMFpqZlA0VkpTWEwzQ2ZkMCIsIngiOiJIVWM1ZHY1eFREV3VMVmZQcFdvVXBWTjZ1QTNJNzBsVzVnNEhoMG5VaDQ0In0&request_uri=http%3A%2F%2Forg.enterprise.localhost%3A3000%2Fv1%2Forg.tenant.verifier%2Fverifier2-service-api%2Fff4f0c86-56ce-4e4a-a137-dd5569049ff3%2Frequest",
"fullAuthorizationRequestUrl": "openid4vp://authorize?response_type=vp_token&client_id=did%3Ajwk%3AeyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5Iiwia2lkIjoiU05JZ1ItTHZzSEUtNkhUUGxYYUpQVDVubHRZMFpqZlA0VkpTWEwzQ2ZkMCIsIngiOiJIVWM1ZHY1eFREV3VMVmZQcFdvVXBWTjZ1QTNJNzBsVzVnNEhoMG5VaDQ0In0&state=8faa6212-465f-4e3f-9a44-649d3d65845c&response_mode=direct_post&nonce=9a054852-46ab-4bbe-8fc1-b96882afcc4f&response_uri=http%3A%2F%2Forg.enterprise.localhost%3A3000%2Fv1%2Forg.tenant.verifier%2Fverifier2-service-api%2Fff4f0c86-56ce-4e4a-a137-dd5569049ff3%2Fresponse&dcql_query=%7B%22credentials%22%3A%5B%7B%22id%22%3A%22pid%22%2C%22format%22%3A%22dc%2Bsd-jwt%22%2C%22meta%22%3A%7B%22vct_values%22%3A%5B%22http%3A%2F%2Forg.enterprise.localhost%3A3000%2Fv1%2Fwaltid.issuer%2Fissuer-service-api%2Fopenid4vc%2Fdraft13%2Fidentity_credential%22%5D%7D%2C%22claims%22%3A%5B%7B%22path%22%3A%5B%22given_name%22%5D%7D%2C%7B%22path%22%3A%5B%22family_name%22%5D%7D%2C%7B%22path%22%3A%5B%22address%22%2C%22street_address%22%5D%7D%5D%7D%5D%7D&client_metadata=%7B%22client_name%22%3A%22walt.id+Enterprise+Verifier%22%2C%22logo_uri%22%3A%22https%3A%2F%2Fcdn.walt.id%2Fverifier%2Flogo.png%22%7D"
}
You will receive a response containing the following fields:
- sessionId: String - The unique ID of this verification session. Use this to query the session status.
- bootstrapAuthorizationRequestUrl: String - Shortened URL using
request_uriby reference. Use this for QR codes to minimize QR code density. - fullAuthorizationRequestUrl: String - Complete URL with all parameters embedded. Use this if the wallet doesn't support
request_uri(rare).
Step 2: Generating the DC API Request
For the next step, take the sessionId and make the following request to get the DC API request URL.
CURL
curl -X 'GET' \
''http://localhost:7003/verification-session/{sessionId}/request' \
-H 'accept: application/json'
Which will return the DC API request URL, which can be used with the Browser API. We recommend checking out our Digital Credential Button project, which provides a reference for how to invoke the Browser-based DC API.
{
"digital": {
"requests": [
{
"protocol": "openid4vp-v1-signed",
"data": {
"client_id": "x509_hash:abc-xyz-base64url-sha256-hash-of-der-x509-leaf",
"expected_origins": [
"https://digital-credentials.walt.id"
],
"request": "eyJ0eXAiOiJvYXV0aC1hdXRoei1yZXErand0IiwiZXhwIjoxNzY0Nzc4NjE3LCJpYXQiOjE3NjQ3NzgzMTcsImFsZyI6IkVTMjU2IiwieDVjIjpbIk1JSUJWekNCL2FBREFnRUNBZ2dOS1pBdlVydGltekFLQmdncWhrak9QUVFEQWpBZk1SMHdHd1lEVlFRRERCUjJaWEpwWm1sbGNpNWxlR0Z0Y0d4bExtTnZiVEFlRncweU5URXdNVFF3TmpJME1qQmFGdzB5TmpFd01UUXdOakkwTWpCYU1COHhIVEFiQmdOVkJBTU1GSFpsY21sbWFXVnlMbVY0WVcxd2JHVXVZMjl0TUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFRy9UZ0JjMEJrbU1pcGlRLzZna2FtSW4zbW1wN2hjVHJadXlyTFRta25QMVdSRXhsMWRoZEl4OS9rQWt1dWNlSTNUSGt4WHE3L3krc0J6SzBaUjdqUHFNak1DRXdId1lEVlIwUkJCZ3dGb0lVZG1WeWFXWnBaWEl1WlhoaGJYQnNaUzVqYjIwd0NnWUlLb1pJemowRUF3SURTUUF3UmdJaEFPdTBSR002QmpWUVVlcGVMQm9ndytaRDNNUTl2RnBwYlBJR01QanRuL3FkQWlFQXR0ZmRmeVhIZnpKMnRyK1Bjenlja3p2M05sTTQzNDYxY3ZQOTZzSXpPUUE9Il19.eyJyZXNwb25zZV90eXBlIjoidnBfdG9rZW4iLCJjbGllbnRfaWQiOiJ4NTA5X2hhc2g6YWJjLXh5ei1iYXNlNjR1cmwtc2hhMjU2LWhhc2gtb2YtZGVyLXg1MDktbGVhZiIsInJlc3BvbnNlX21vZGUiOiJkY19hcGkiLCJub25jZSI6IjE1ZmI2YTQ2LTQyNTktNDVlYy05NDFkLWU0NWQwYjA4YTlhZiIsImRjcWxfcXVlcnkiOnsiY3JlZGVudGlhbHMiOlt7ImlkIjoibXlfbWRsIiwiZm9ybWF0IjoibXNvX21kb2MiLCJtZXRhIjp7ImRvY3R5cGVfdmFsdWUiOiJvcmcuaXNvLjE4MDEzLjUuMS5tREwifSwiY2xhaW1zIjpbeyJwYXRoIjpbIm9yZy5pc28uMTgwMTMuNS4xIiwiZmFtaWx5X25hbWUiXX0seyJwYXRoIjpbIm9yZy5pc28uMTgwMTMuNS4xIiwiZ2l2ZW5fbmFtZSJdfSx7InBhdGgiOlsib3JnLmlzby4xODAxMy41LjEiLCJhZ2Vfb3Zlcl8yMSJdfV19XX0sImNsaWVudF9tZXRhZGF0YSI6e30sImV4cGVjdGVkX29yaWdpbnMiOlsiaHR0cHM6Ly9kaWdpdGFsLWNyZWRlbnRpYWxzLndhbHQuaWQiXX0.ESqmoJ_vpD-GQMSmw8CCdQWbiZQ9CBiuHnVi87DO3Jd94HPb48n-Zz9CwDw7R_ytd6_pPlZTUnpKLuVHMfWlog"
}
}
]
}
}
Step 3: Handling the response
Once the wallet presents the credential, you will receive a response from the DC API containing the verifiable presentation like so from the wallet
{
"protocol": "openid4vp-v1-signed",
"data": {
"vp_token": {
"my_mdl": [
"o2d2ZXJzaW9uYzEuMGlkb2N1bWVudHOBo2dkb2NUeXBldW9yZy5pc28uMTgwMTMuNS4xLm1ETGxpc3N1ZXJTaWduZWSiam5hbWVTcGFjZXOhcW9yZy5pc28uMTgwMTMuNS4xg9gYWFSkaGRpZ2VzdElEAGZyYW5kb21QEloNL96oPMkJmnXv9ESbW3FlbGVtZW50SWRlbnRpZmllcmtmYW1pbHlfbmFtZWxlbGVtZW50VmFsdWVlU21pdGjYGFhRpGhkaWdlc3RJRAFmcmFuZG9tUKQwy6zsJN0wZkMPQxjbyWJxZWxlbWVudElkZW50aWZpZXJqZ2l2ZW5fbmFtZWxlbGVtZW50VmFsdWVjSm9u2BhYT6RoZGlnZXN0SUQCZnJhbmRvbVBfiTVUPq1IQvzu0cugg7b9cWVsZW1lbnRJZGVudGlmaWVya2FnZV9vdmVyXzIxbGVsZW1lbnRWYWx1ZfVqaXNzdWVyQXV0aIRDoQEmoRghWQLEMIICwDCCAmegAwIBAgIUHn8bMq1PNO_ksMwHt7DjM6cLGE0wCgYIKoZIzj0EAwIweTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHDAaBgNVBAoME0RpZ2l0YWwgQ3JlZGVudGlhbHMxHzAdBgNVBAMMFmRpZ2l0YWxjcmVkZW50aWFscy5kZXYwHhcNMjUwMjE5MjMzMDE4WhcNMjYwMjE5MjMzMDE4WjB5MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEcMBoGA1UECgwTRGlnaXRhbCBDcmVkZW50aWFsczEfMB0GA1UEAwwWZGlnaXRhbGNyZWRlbnRpYWxzLmRldjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOt5Nivi1_OXw1AEfYPh42Is41VrNg9qaMdYuw3cavhsCa-aXV0NmTl2EsNaJ5GWmMoAD8ikwAFszYhIeNgF42mjgcwwgckwHwYDVR0jBBgwFoAUok_0idl8Ruhuo4bZR0jOzL7cz_UwHQYDVR0OBBYEFN_-aloS6cBixLyYpyXS2XD3emAoMDQGA1UdHwQtMCswKaAnoCWGI2h0dHBzOi8vZGlnaXRhbC1jcmVkZW50aWFscy5kZXYvY3JsMCoGA1UdEgQjMCGGH2h0dHBzOi8vZGlnaXRhbC1jcmVkZW50aWFscy5kZXYwDgYDVR0PAQH_BAQDAgeAMBUGA1UdJQEB_wQLMAkGByiBjF0FAQIwCgYIKoZIzj0EAwIDRwAwRAIgYcXL9XzB43vy4LEz2h8gMQRdcJtaIRQOemgwm8sHQucCIHCvouHEm_unjBXMCeUZ7QR_ympjGyHITw25_B9H9QsCWQOk2BhZA5-mZ3ZlcnNpb25jMS4wb2RpZ2VzdEFsZ29yaXRobWdTSEEtMjU2Z2RvY1R5cGV1b3JnLmlzby4xODAxMy41LjEubURMbHZhbHVlRGlnZXN0c6Fxb3JnLmlzby4xODAxMy41LjGxAFggng2tWJR7fp49froXSRnsklR_sI-cX_vtNAgkCpdH7KcBWCC0FPEWRP0z6_Rt-ttqzJN5g6hoLJ3nrVljFBcO7RybfwJYIO6B7hZWOTAt0Kz_o7zCJclTcb6SJr_404PWx8RAzjN_A1ggeLRVnN98xkCw3ysIv4PDTCAhZkTqgDSVi-jkN9poMYUEWCDowY3mzymtYR69jFIoHo-NrNdCCxD9k9OogqIHrU3m0QVYILN8AZMmJ9Qq9bwUbsVAQVUP-QtoPmlYdIBTmXJNbr1oBlggzqXSfF8t4hF5hU5wGmxZa0he4VTpAQOCeUTNKP5rA5wHWCATqvZD_qvPdBVcFyUxmIRAK3CgDFrAdzfLMkkRyIIDzAhYIKzeNnZGdWcMC2mXpck7pWMHiVOMDGqSA5M_1lfqO7-wCVggVOyCZq3s73xJMoLhL4b1zoa_hV_twW4xUtyyoWm98nMKWCAzTGC3kG1f25U5RLQUOPNZ1fslnEvfMeLrRXgj19yFxgtYII0QK_PhhkC_VYFaCysXkdtwBGJb6Z3I8fFufwgIGo2NDFggQHxV4YQJLdbpxcfZiPIuocbCZDozc1f0fe9m4-lwVnENWCCY0f4Pabks2V2efyNUpA-Bc0qSG88o0gYgg6mZ-d48ww5YIHDHCfY18n5O6_740xNe_5HMn7D0jHFFymsk5FCNRSQ2D1gg4Qu7JMWCmI1bO1L8kN59jpJyZ9QXNgsG2p679UzAomAQWCAbGPycoabYvTGW6hX0onS3jiCLdi874pBb-hzB1STJ4W1kZXZpY2VLZXlJbmZvoWlkZXZpY2VLZXmkAQIgASFYIEgd6IsLll1JJy7WL7pRu_fcGKaJ8xCKt6klhXBcQJ9PIlggni7iZtdNwuuORu3f_5AeypnVHIu_U5rm4FtrGy-YyIJsdmFsaWRpdHlJbmZvo2ZzaWduZWTAeBsyMDI1LTA5LTI5VDAwOjE5OjUzLjYwODQ3M1ppdmFsaWRGcm9twHgbMjAyNS0wOS0yOVQwMDoxOTo1My42MDg0OTFaanZhbGlkVW50aWzAeBsyMDM1LTA5LTE3VDAwOjE5OjUzLjYwODQ5MlpYQCm_oEaEsbGd7vTDkT1DyLfJ8AYw4AVYYH5mvypCWe09qV2-iLNWF_Q5QMUwOotaJrblStdSZQK-HQydqYXumaxsZGV2aWNlU2lnbmVkompuYW1lU3BhY2Vz2BhBoGpkZXZpY2VBdXRooW9kZXZpY2VTaWduYXR1cmWEQ6EBJqD2WEAsvLdoWQ6ZxizNT8YFz3Kl0nkZDPv1UGjMTDuvCJcH7QCetj6_obSYXIQik5bBY4Pw1CmEsOwMMccuCincIxkoZnN0YXR1cwA"
]
}
}
}
Which you pass to the following verifier endpoint to verify the credential and run any policies you have configured.
CURL
curl -X 'POST' \
''http://localhost:7003/verification-session/{sessionId}/response' \
-H 'accept: application/json' \
-d '
"protocol": "openid4vp-v1-signed",
"data": {
"vp_token": {
"my_mdl": [
"o2d2ZXJzaW9uYzEuMGlkb2N1bWVudHOBo2dkb2NUeXBldW9yZy5pc28uMTgwMTMuNS4xLm1ETGxpc3N1ZXJTaWduZWSiam5hbWVTcGFjZXOhcW9yZy5pc28uMTgwMTMuNS4xg9gYWFSkaGRpZ2VzdElEAGZyYW5kb21QEloNL96oPMkJmnXv9ESbW3FlbGVtZW50SWRlbnRpZmllcmtmYW1pbHlfbmFtZWxlbGVtZW50VmFsdWVlU21pdGjYGFhRpGhkaWdlc3RJRAFmcmFuZG9tUKQwy6zsJN0wZkMPQxjbyWJxZWxlbWVudElkZW50aWZpZXJqZ2l2ZW5fbmFtZWxlbGVtZW50VmFsdWVjSm9u2BhYT6RoZGlnZXN0SUQCZnJhbmRvbVBfiTVUPq1IQvzu0cugg7b9cWVsZW1lbnRJZGVudGlmaWVya2FnZV9vdmVyXzIxbGVsZW1lbnRWYWx1ZfVqaXNzdWVyQXV0aIRDoQEmoRghWQLEMIICwDCCAmegAwIBAgIUHn8bMq1PNO_ksMwHt7DjM6cLGE0wCgYIKoZIzj0EAwIweTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHDAaBgNVBAoME0RpZ2l0YWwgQ3JlZGVudGlhbHMxHzAdBgNVBAMMFmRpZ2l0YWxjcmVkZW50aWFscy5kZXYwHhcNMjUwMjE5MjMzMDE4WhcNMjYwMjE5MjMzMDE4WjB5MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEcMBoGA1UECgwTRGlnaXRhbCBDcmVkZW50aWFsczEfMB0GA1UEAwwWZGlnaXRhbGNyZWRlbnRpYWxzLmRldjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOt5Nivi1_OXw1AEfYPh42Is41VrNg9qaMdYuw3cavhsCa-aXV0NmTl2EsNaJ5GWmMoAD8ikwAFszYhIeNgF42mjgcwwgckwHwYDVR0jBBgwFoAUok_0idl8Ruhuo4bZR0jOzL7cz_UwHQYDVR0OBBYEFN_-aloS6cBixLyYpyXS2XD3emAoMDQGA1UdHwQtMCswKaAnoCWGI2h0dHBzOi8vZGlnaXRhbC1jcmVkZW50aWFscy5kZXYvY3JsMCoGA1UdEgQjMCGGH2h0dHBzOi8vZGlnaXRhbC1jcmVkZW50aWFscy5kZXYwDgYDVR0PAQH_BAQDAgeAMBUGA1UdJQEB_wQLMAkGByiBjF0FAQIwCgYIKoZIzj0EAwIDRwAwRAIgYcXL9XzB43vy4LEz2h8gMQRdcJtaIRQOemgwm8sHQucCIHCvouHEm_unjBXMCeUZ7QR_ympjGyHITw25_B9H9QsCWQOk2BhZA5-mZ3ZlcnNpb25jMS4wb2RpZ2VzdEFsZ29yaXRobWdTSEEtMjU2Z2RvY1R5cGV1b3JnLmlzby4xODAxMy41LjEubURMbHZhbHVlRGlnZXN0c6Fxb3JnLmlzby4xODAxMy41LjGxAFggng2tWJR7fp49froXSRnsklR_sI-cX_vtNAgkCpdH7KcBWCC0FPEWRP0z6_Rt-ttqzJN5g6hoLJ3nrVljFBcO7RybfwJYIO6B7hZWOTAt0Kz_o7zCJclTcb6SJr_404PWx8RAzjN_A1ggeLRVnN98xkCw3ysIv4PDTCAhZkTqgDSVi-jkN9poMYUEWCDowY3mzymtYR69jFIoHo-NrNdCCxD9k9OogqIHrU3m0QVYILN8AZMmJ9Qq9bwUbsVAQVUP-QtoPmlYdIBTmXJNbr1oBlggzqXSfF8t4hF5hU5wGmxZa0he4VTpAQOCeUTNKP5rA5wHWCATqvZD_qvPdBVcFyUxmIRAK3CgDFrAdzfLMkkRyIIDzAhYIKzeNnZGdWcMC2mXpck7pWMHiVOMDGqSA5M_1lfqO7-wCVggVOyCZq3s73xJMoLhL4b1zoa_hV_twW4xUtyyoWm98nMKWCAzTGC3kG1f25U5RLQUOPNZ1fslnEvfMeLrRXgj19yFxgtYII0QK_PhhkC_VYFaCysXkdtwBGJb6Z3I8fFufwgIGo2NDFggQHxV4YQJLdbpxcfZiPIuocbCZDozc1f0fe9m4-lwVnENWCCY0f4Pabks2V2efyNUpA-Bc0qSG88o0gYgg6mZ-d48ww5YIHDHCfY18n5O6_740xNe_5HMn7D0jHFFymsk5FCNRSQ2D1gg4Qu7JMWCmI1bO1L8kN59jpJyZ9QXNgsG2p679UzAomAQWCAbGPycoabYvTGW6hX0onS3jiCLdi874pBb-hzB1STJ4W1kZXZpY2VLZXlJbmZvoWlkZXZpY2VLZXmkAQIgASFYIEgd6IsLll1JJy7WL7pRu_fcGKaJ8xCKt6klhXBcQJ9PIlggni7iZtdNwuuORu3f_5AeypnVHIu_U5rm4FtrGy-YyIJsdmFsaWRpdHlJbmZvo2ZzaWduZWTAeBsyMDI1LTA5LTI5VDAwOjE5OjUzLjYwODQ3M1ppdmFsaWRGcm9twHgbMjAyNS0wOS0yOVQwMDoxOTo1My42MDg0OTFaanZhbGlkVW50aWzAeBsyMDM1LTA5LTE3VDAwOjE5OjUzLjYwODQ5MlpYQCm_oEaEsbGd7vTDkT1DyLfJ8AYw4AVYYH5mvypCWe09qV2-iLNWF_Q5QMUwOotaJrblStdSZQK-HQydqYXumaxsZGV2aWNlU2lnbmVkompuYW1lU3BhY2Vz2BhBoGpkZXZpY2VBdXRooW9kZXZpY2VTaWduYXR1cmWEQ6EBJqD2WEAsvLdoWQ6ZxizNT8YFz3Kl0nkZDPv1UGjMTDuvCJcH7QCetj6_obSYXIQik5bBY4Pw1CmEsOwMMccuCincIxkoZnN0YXR1cwA"
]
}
}
}
'
Validating the Verification Session
You can query the verification session to check if the user has presented their credential and whether validation succeeded.
CURL
Endpoint: GET /verification-session/{sessionId}/info | API Reference
Example Request
curl -X 'GET' \
'http://localhost:7003/verification-session/{sessionId}/info' \
-H 'accept: application/json'
Path Parameters
- sessionId: String (required) - The unique ID of the verification session returned when you created the session. Use this to query the current status and results.
Example Response
The response contains the complete session information including setup, status, policy results, and presented credentials.
{
"id": "4a803c4b-1dc3-4210-806d-3fb52f1780c8",
"setup":{
"flow_type": "dc_api",
"core_flow": {
"dcql_query": {
"credentials": [
{
"id": "my_mdl",
"format": "mso_mdoc",
"meta": {
"doctype_value": "org.iso.18013.5.1.mDL"
},
"claims": [
{
"path": [
"org.iso.18013.5.1",
"family_name"
]
},
{
"path": [
"org.iso.18013.5.1",
"given_name"
]
},
{
"path": [
"org.iso.18013.5.1",
"age_over_21"
]
}
]
}
]
},
"signed_request": true,
"encrypted_response": true,
"clientId": "x509_hash:abc-xyz-base64url-sha256-hash-of-der-x509-leaf",
"key": {
"type": "jwk",
"jwk": {
"kty": "EC",
"d": "AEb4k1BeTR9xt2NxYZggdzkFLLUkhyyWvyUOq3qSiwA",
"crv": "P-256",
"kid": "_nd-T2YRYLSmuKkJZlRI641zrCIJLTpiHeqMwXuvdug",
"x": "G_TgBc0BkmMipiQ_6gkamIn3mmp7hcTrZuyrLTmknP0",
"y": "VkRMZdXYXSMff5AJLrnHiN0x5MV6u_8vrAcytGUe4z4"
}
}
},
"expectedOrigins": [
"http://localhost:7003"
]
},
"creationDate": "2026-05-18T07:48:39.335523256Z",
"expirationDate": "2026-05-18T07:53:39.335523256Z",
"retentionDate": "2036-05-18T07:48:39.335523256Z",
"status": "SUCCESSFUL",
"attempted": true,
"reattemptable": true,
"bootstrapAuthorizationRequest": {
"client_id": "verifier2",
"request_uri": "https://575e-2a02-8388-17c1-5580-b97f-5031-3eee-c8a4.ngrok-free.app/verification-session/4a803c4b-1dc3-4210-806d-3fb52f1780c8/request"
},
"bootstrapAuthorizationRequestUrl": "openid4vp://authorize?client_id=verifier2&request_uri=https%3A%2F%2F575e-2a02-8388-17c1-5580-b97f-5031-3eee-c8a4.ngrok-free.app%2Fverification-session%2F4a803c4b-1dc3-4210-806d-3fb52f1780c8%2Frequest",
"authorizationRequest": {
"response_type": "vp_token",
"client_id": "verifier2",
"state": "da82aed7-ea36-4303-9c4a-3ded03cdedb4",
"response_mode": "direct_post",
"nonce": "74b0efc4-331c-488f-9489-7ce72b1c698f",
"response_uri": "https://575e-2a02-8388-17c1-5580-b97f-5031-3eee-c8a4.ngrok-free.app/verification-session/4a803c4b-1dc3-4210-806d-3fb52f1780c8/response",
"dcql_query": {
"credentials": [
{
"id": "credential_1",
"format": "mso_mdoc",
"multiple": false,
"meta": {
"doctype_value": "org.iso.18013.5.1.mDL",
"format": "mso_mdoc"
},
"require_cryptographic_holder_binding": true,
"claims": [
{
"path": [
"org.iso.18013.5.1",
"family_name"
]
},
{
"path": [
"org.iso.18013.5.1",
"given_name"
]
},
{
"path": [
"org.iso.18013.5.1",
"birth_date"
]
}
]
}
]
},
"client_metadata": {
"vp_formats_supported": {
"mso_mdoc": {
"issuerauth_alg_values": [
-7,
-9,
-50
],
"deviceauth_alg_values": [
-7,
-9,
-50,
-65537
]
}
},
"client_name": "Verifier2",
"logo_uri": "https://images.squarespace-cdn.com/content",
"tos_uri": "https://example.com/terms",
"policy_uri": "https://example.com/privacy",
"client_uri": "https://verifier.example.com",
"client_name#fr-FR": "Vérificateur2",
"logo_uri#fr-FR": "https://example.com/logo-fr.png",
"tos_uri#fr-FR": "https://example.com/terms-fr",
"policy_uri#fr-FR": "https://example.com/privacy-fr",
"client_uri#fr-FR": "https://verifier.example.com/fr"
}
},
"authorizationRequestUrl": "openid4vp://authorize?response_type=vp_token&client_id=verifier2&state=da82aed7-ea36-4303-9c4a-3ded03cdedb4&response_mode=direct_post&nonce=74b0efc4-331c-488f-9489-7ce72b1c698f&response_uri=https%3A%2F%2F575e-2a02-8388-17c1-5580-b97f-5031-3eee-c8a4.ngrok-free.app%2Fverification-session%2F4a803c4b-1dc3-4210-806d-3fb52f1780c8%2Fresponse&dcql_query=%7B%22credentials%22%3A%5B%7B%22id%22%3A%22credential_1%22%2C%22format%22%3A%22mso_mdoc%22%2C%22meta%22%3A%7B%22doctype_value%22%3A%22org.iso.18013.5.1.mDL%22%7D%2C%22claims%22%3A%5B%7B%22path%22%3A%5B%22org.iso.18013.5.1%22%2C%22family_name%22%5D%7D%2C%7B%22path%22%3A%5B%22org.iso.18013.5.1%22%2C%22given_name%22%5D%7D%2C%7B%22path%22%3A%5B%22org.iso.18013.5.1%22%2C%22birth_date%22%5D%7D%5D%7D%5D%7D&client_metadata=%7B%22vp_formats_supported%22%3A%7B%22mso_mdoc%22%3A%7B%22issuerauth_alg_values%22%3A%5B-7%2C-9%2C-50%5D%2C%22deviceauth_alg_values%22%3A%5B-7%2C-9%2C-50%2C-65537%5D%7D%7D%2C%22client_name%22%3A%22Verifier2%22%2C%22logo_uri%22%3A%22https%3A%2F%2Fimages.squarespace-cdn.com%2Fcontent%22%2C%22tos_uri%22%3A%22https%3A%2F%2Fexample.com%2Fterms%22%2C%22policy_uri%22%3A%22https%3A%2F%2Fexample.com%2Fprivacy%22%2C%22client_uri%22%3A%22https%3A%2F%2Fverifier.example.com%22%2C%22client_name%23fr-FR%22%3A%22V%C3%A9rificateur2%22%2C%22logo_uri%23fr-FR%22%3A%22https%3A%2F%2Fexample.com%2Flogo-fr.png%22%2C%22tos_uri%23fr-FR%22%3A%22https%3A%2F%2Fexample.com%2Fterms-fr%22%2C%22policy_uri%23fr-FR%22%3A%22https%3A%2F%2Fexample.com%2Fprivacy-fr%22%2C%22client_uri%23fr-FR%22%3A%22https%3A%2F%2Fverifier.example.com%2Ffr%22%7D",
"requestMode": "REQUEST_URI",
"policies": {
"vp_policies": {
"jwt_vc_json": [
"jwt_vc_json/audience-check",
"jwt_vc_json/nonce-check",
"jwt_vc_json/envelope_signature"
],
"dc+sd-jwt": [
"dc+sd-jwt/audience-check",
"dc+sd-jwt/kb-jwt_signature",
"dc+sd-jwt/nonce-check",
"dc+sd-jwt/sd_hash-check"
],
"mso_mdoc": [
"mso_mdoc/device-auth",
"mso_mdoc/device_key_auth",
"mso_mdoc/issuer_auth",
"mso_mdoc/issuer_signed_integrity",
"mso_mdoc/mso"
]
},
"vc_policies": [
{
"policy": "signature",
"id": "signature"
}
]
},
"policy_results": {
"vp_policies": {
"credential_1": {
"mso_mdoc/device-auth": {
"policy_executed": {
"policy": "mso_mdoc/device-auth",
"id": "mso_mdoc/device-auth",
"description": "Verify device authentication"
},
"success": true,
"results": {
"device_public_jwk": {
"kty": "OKP",
"crv": "Ed25519",
"x": "jxQwRV7tHc3W_JkKVsDZL7_DtP4zyNJtQ4Yr1z7-Md4"
},
"device_auth_bytes_hex": "d8185868847444657669636541757468656e7469636174696f6e83f6f682714f70656e494434565048616e646f7665725820bdb670da65dae163a8fe31c591c82da53c6da1b38232c8f4d3657405e4220a43756f72672e69736f2e31383031332e352e312e6d444cd81841a0"
},
"errors": [],
"execution_time": "PT0.002658542S"
},
"mso_mdoc/device_key_auth": {
"policy_executed": {
"policy": "mso_mdoc/device_key_auth",
"id": "mso_mdoc/device_key_auth",
"description": "Verify holder-verified data"
},
"success": true,
"results": {
"empty_device_signed_namespaces": true
},
"errors": [],
"execution_time": "PT0.000800334S"
},
"mso_mdoc/issuer_auth": {
"policy_executed": {
"policy": "mso_mdoc/issuer_auth",
"id": "mso_mdoc/issuer_auth",
"description": "Verify issuer authentication"
},
"success": true,
"results": {
"certificate_chain": [
"3082022b308201d1a0030201020214440fe81f511c691ef21f46d51ef752bbde666996300a06082a8648ce3d040302302c310b3009060355040613024154311d301b06035504030c146d444c20497373756572204941434120526f6f74301e170d3236303531383036313932365a170d3237303831383036313932365a3032310b30090603550406130241543123302106035504030c1a6d444c2049737375657220446f63756d656e74205369676e65723059301306072a8648ce3d020106082a8648ce3d03010703420004c9f99bb42b1d410ff81033e0d06b7df20258935ce434ea4633d6c76048b8f667301080b22778927ef1e8a3f7d5bc33469d3cd03e9795b4761b19a673bec228f9a381ca3081c7301f0603551d2304183016801472b2f76f49d0bcb3dd70cc2d6499a3378002e8e3301d0603551d0e041604145c64d6b94b4538b14534525b3942eef8f841827d300e0603551d0f0101ff04040302078030270603551d120420301e861c68747470733a2f2f696163612e74656e616e74312e77616c742e696430150603551d250101ff040b3009060728818c5d05010230350603551d1f042e302c302aa028a026862468747470733a2f2f63726c2e74656e616e74312e77616c742e69642f696163612e63726c300a06082a8648ce3d0403020348003045022006c7eaed38d41d53d35224d5b420ca41109d5f3a7afde473a8e287ed8688a3d7022100eb7882937823711f9bc909e3f88861436da296b882066ced7fdf66f057f0af39"
],
"signer_pem": "-----BEGIN CERTIFICATE-----\nMIICKzCCAdGgAwIBAgIURA/oH1EcaR7yH0bVHvdSu95maZYwCgYIKoZIzj0EAwIw\r\nLDELMAkGA1UEBhMCQVQxHTAbBgNVBAMMFG1ETCBJc3N1ZXIgSUFDQSBSb290MB4X\r\nDTI2MDUxODA2MTkyNloXDTI3MDgxODA2MTkyNlowMjELMAkGA1UEBhMCQVQxIzAh\r\nBgNVBAMMGm1ETCBJc3N1ZXIgRG9jdW1lbnQgU2lnbmVyMFkwEwYHKoZIzj0CAQYI\r\nKoZIzj0DAQcDQgAEyfmbtCsdQQ/4EDPg0Gt98gJYk1zkNOpGM9bHYEi49mcwEICy\r\nJ3iSfvHoo/fVvDNGnTzQPpeVtHYbGaZzvsIo+aOByjCBxzAfBgNVHSMEGDAWgBRy\r\nsvdvSdC8s91wzC1kmaM3gALo4zAdBgNVHQ4EFgQUXGTWuUtFOLFFNFJbOULu+PhB\r\ngn0wDgYDVR0PAQH/BAQDAgeAMCcGA1UdEgQgMB6GHGh0dHBzOi8vaWFjYS50ZW5h\r\nbnQxLndhbHQuaWQwFQYDVR0lAQH/BAswCQYHKIGMXQUBAjA1BgNVHR8ELjAsMCqg\r\nKKAmhiRodHRwczovL2NybC50ZW5hbnQxLndhbHQuaWQvaWFjYS5jcmwwCgYIKoZI\r\nzj0EAwIDSAAwRQIgBsfq7TjUHVPTUiTVtCDKQRCdXzp6/eRzqOKH7YaIo9cCIQDr\r\neIKTeCNxH5vJCeP4iGFDbaKWuIIGbO1/32bwV/CvOQ==\n-----END CERTIFICATE-----",
"signer_jwk": {
"kty": "EC",
"crv": "P-256",
"x": "yfmbtCsdQQ_4EDPg0Gt98gJYk1zkNOpGM9bHYEi49mc",
"y": "MBCAsid4kn7x6KP31bwzRp080D6XlbR2Gxmmc77CKPk"
}
},
"errors": [],
"execution_time": "PT0.004215542S"
},
"mso_mdoc/issuer_signed_integrity": {
"policy_executed": {
"policy": "mso_mdoc/issuer_signed_integrity",
"id": "mso_mdoc/issuer_signed_integrity",
"description": "Verify issuer-verified data integrity"
},
"success": true,
"results": {
"namespace": {
"org.iso.18013.5.1": [
{
"id": "family_name",
"digest_id": 0,
"value": "Doe",
"value_type": "CborString",
"random_hex": "736b060d21fa4e37f17b0b0568285add9d064ba883eb6c35",
"serialized_hex": "a4686469676573744944006672616e646f6d5818736b060d21fa4e37f17b0b0568285add9d064ba883eb6c3571656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756563446f65"
},
{
"id": "given_name",
"digest_id": 1,
"value": "John",
"value_type": "CborString",
"random_hex": "312e734c986fdf279c7d75130b0da4794d16d44bbb3cfd61",
"serialized_hex": "a4686469676573744944016672616e646f6d5818312e734c986fdf279c7d75130b0da4794d16d44bbb3cfd6171656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c7565644a6f686e"
},
{
"id": "birth_date",
"digest_id": 2,
"value": "1986-03-22",
"value_type": "CborString",
"random_hex": "e6864d13d13a9fb1a7fccb729a6330dec975bac5e79fa023",
"serialized_hex": "a4686469676573744944026672616e646f6d5818e6864d13d13a9fb1a7fccb729a6330dec975bac5e79fa02371656c656d656e744964656e7469666965726a62697274685f646174656c656c656d656e7456616c7565d903ec6a313938362d30332d3232"
}
]
},
"matching_digest": {
"org.iso.18013.5.1": [
"family_name",
"given_name",
"birth_date"
]
}
},
"errors": [],
"execution_time": "PT0.003104834S"
},
"mso_mdoc/mso": {
"policy_executed": {
"policy": "mso_mdoc/mso",
"id": "mso_mdoc/mso",
"description": "Verify MSO"
},
"success": true,
"results": {
"signed": "2026-05-18T07:48:27.870905006Z",
"valid_from": "2027-05-18T07:48:27.852289522Z"
},
"errors": [],
"execution_time": "PT0.004245834S"
}
}
},
"vc_policies": [
{
"policy": {
"policy": "signature",
"id": "signature"
},
"success": true,
"result": {
"verification_result": true,
"signed_credential": "o2d2ZXJzaW9uYzEuMGlkb2N1bWVudHOBo2dkb2NUeXBldW9yZy5pc28uMTgwMTMuNS4xLm1ETGxpc3N1ZXJTaWduZWSiam5hbWVTcGFjZXOhcW9yZy5pc28uMTgwMTMuNS4xg9gYWFukaGRpZ2VzdElEAGZyYW5kb21YGHNrBg0h-k438XsLBWgoWt2dBkuog-tsNXFlbGVtZW50SWRlbnRpZmllcmtmYW1pbHlfbmFtZWxlbGVtZW50VmFsdWVjRG9l2BhYW6RoZGlnZXN0SUQBZnJhbmRvbVgYMS5zTJhv3yecfXUTCw2keU0W1Eu7PP1hcWVsZW1lbnRJZGVudGlmaWVyamdpdmVuX25hbWVsZWxlbWVudFZhbHVlZEpvaG7YGFhkpGhkaWdlc3RJRAJmcmFuZG9tWBjmhk0T0Tqfsaf8y3KaYzDeyXW6xeefoCNxZWxlbWVudElkZW50aWZpZXJqYmlydGhfZGF0ZWxlbGVtZW50VmFsdWXZA-xqMTk4Ni0wMy0yMmppc3N1ZXJBdXRohEOhASahGCFZAi8wggIrMIIB0aADAgECAhRED-gfURxpHvIfRtUe91K73mZpljAKBggqhkjOPQQDAjAsMQswCQYDVQQGEwJBVDEdMBsGA1UEAwwUbURMIElzc3VlciBJQUNBIFJvb3QwHhcNMjYwNTE4MDYxOTI2WhcNMjcwODE4MDYxOTI2WjAyMQswCQYDVQQGEwJBVDEjMCEGA1UEAwwabURMIElzc3VlciBEb2N1bWVudCBTaWduZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATJ-Zu0Kx1BD_gQM-DQa33yAliTXOQ06kYz1sdgSLj2ZzAQgLIneJJ-8eij99W8M0adPNA-l5W0dhsZpnO-wij5o4HKMIHHMB8GA1UdIwQYMBaAFHKy929J0Lyz3XDMLWSZozeAAujjMB0GA1UdDgQWBBRcZNa5S0U4sUU0Uls5Qu74-EGCfTAOBgNVHQ8BAf8EBAMCB4AwJwYDVR0SBCAwHoYcaHR0cHM6Ly9pYWNhLnRlbmFudDEud2FsdC5pZDAVBgNVHSUBAf8ECzAJBgcogYxdBQECMDUGA1UdHwQuMCwwKqAooCaGJGh0dHBzOi8vY3JsLnRlbmFudDEud2FsdC5pZC9pYWNhLmNybDAKBggqhkjOPQQDAgNIADBFAiAGx-rtONQdU9NSJNW0IMpBEJ1fOnr95HOo4ofthoij1wIhAOt4gpN4I3Efm8kJ4_iIYUNtopa4ggZs7X_fZvBX8K85WQKV2BhZApCmZ3ZlcnNpb25jMS4wb2RpZ2VzdEFsZ29yaXRobWdTSEEtMjU2bHZhbHVlRGlnZXN0c6Fxb3JnLmlzby4xODAxMy41LjGqAFgglIt2JC3rDbrr6azX5GWPMGyGqyD5gTnyASk37pDhZQYBWCCMQ7Ph45igVnLbvCtlSqLPlaMTXSk2kLoy4Mxn1x37kwJYIOjGjCHBlfvZi74lANZXAWt_FDdDf6NU591eYMGbFladA1ggcdl99l7hzcOFDYUeghGX0gDXYYgEN7WyRFrgSSFVvv4EWCCKwt6H37DEK8kJFcs__AiFZzLDc-4GPFKuYYEJzv_X1QVYIMybLDIPi3G7go7Bq4ggn0UYXEpmKMazxXZH25mnl0RQBlggofgVz7C7i4z0Iz8zrEPhNBRMlZcr4EhqQCR2pjo3qsoHWCDaJ4DszfMYhI0HfyOcSgMEgx_K12dx34khKW6ohKRhZghYIPTE7TeLsXVDSX9l3DTPB4zDhzF1WDTmCw3Ecxv1deNJCVggqueG-PUmdP8sJdsQ6XbuByQzAZXoRdwB-7dn0hxtkCdtZGV2aWNlS2V5SW5mb6FpZGV2aWNlS2V5owEBIAYhWCCPFDBFXu0dzdb8mQpWwNkvv8O0_jPI0m1DhivXPv4x3mdkb2NUeXBldW9yZy5pc28uMTgwMTMuNS4xLm1ETGx2YWxpZGl0eUluZm-jZnNpZ25lZMB4HjIwMjYtMDUtMThUMDc6NDg6MjcuODcwOTA1MDA2Wml2YWxpZEZyb23AeB4yMDI2LTA1LTE4VDA3OjQ4OjI3Ljg3MDkwNTAwNlpqdmFsaWRVbnRpbMB4HjIwMjctMDUtMThUMDc6NDg6MjcuODUyMjg5NTIyWlhAmRC5DQjAwaNaozniXwKmOoMscEyNwA65Y31zyoCJpiGiZxs-fk9bcsZnrDSu5ATPVEIKrf_4hjY8ODArK76q2WxkZXZpY2VTaWduZWSiam5hbWVTcGFjZXPYGEGgamRldmljZUF1dGihb2RldmljZVNpZ25hdHVyZYRDoQEnoPZYQGQUayxOBk2Wp7g7UhumPbtFSQ5h1h4jArb60UGZOsFMvG6MXHBBPd4JdOX40auhbmKNmBjinPfw96QN9XfV-Q9mc3RhdHVzAA",
"credential_signature": {
"type": "signature-cose",
"signerKey": {
"type": "jwk",
"jwk": {
"kty": "EC",
"crv": "P-256",
"x": "yfmbtCsdQQ_4EDPg0Gt98gJYk1zkNOpGM9bHYEi49mc",
"y": "MBCAsid4kn7x6KP31bwzRp080D6XlbR2Gxmmc77CKPk"
}
},
"x5cList": [
"MIICKzCCAdGgAwIBAgIURA/oH1EcaR7yH0bVHvdSu95maZYwCgYIKoZIzj0EAwIwLDELMAkGA1UEBhMCQVQxHTAbBgNVBAMMFG1ETCBJc3N1ZXIgSUFDQSBSb290MB4XDTI2MDUxODA2MTkyNloXDTI3MDgxODA2MTkyNlowMjELMAkGA1UEBhMCQVQxIzAhBgNVBAMMGm1ETCBJc3N1ZXIgRG9jdW1lbnQgU2lnbmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyfmbtCsdQQ/4EDPg0Gt98gJYk1zkNOpGM9bHYEi49mcwEICyJ3iSfvHoo/fVvDNGnTzQPpeVtHYbGaZzvsIo+aOByjCBxzAfBgNVHSMEGDAWgBRysvdvSdC8s91wzC1kmaM3gALo4zAdBgNVHQ4EFgQUXGTWuUtFOLFFNFJbOULu+PhBgn0wDgYDVR0PAQH/BAQDAgeAMCcGA1UdEgQgMB6GHGh0dHBzOi8vaWFjYS50ZW5hbnQxLndhbHQuaWQwFQYDVR0lAQH/BAswCQYHKIGMXQUBAjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwczovL2NybC50ZW5hbnQxLndhbHQuaWQvaWFjYS5jcmwwCgYIKoZIzj0EAwIDSAAwRQIgBsfq7TjUHVPTUiTVtCDKQRCdXzp6/eRzqOKH7YaIo9cCIQDreIKTeCNxH5vJCeP4iGFDbaKWuIIGbO1/32bwV/CvOQ=="
]
},
"verified_data": {
"docType": "org.iso.18013.5.1.mDL",
"org.iso.18013.5.1": {
"family_name": "Doe",
"given_name": "John",
"birth_date": "1986-03-22"
}
},
"successful_issuer_public_key": {
"kty": "EC",
"crv": "P-256",
"x": "yfmbtCsdQQ_4EDPg0Gt98gJYk1zkNOpGM9bHYEi49mc",
"y": "MBCAsid4kn7x6KP31bwzRp080D6XlbR2Gxmmc77CKPk"
},
"successful_issuer_public_key_id": "FOWc2X5ZSle6u66RwXQoVUwm86vnTnbZ61s_Golepz0"
}
}
],
"specific_vc_policies": {},
"overallSuccess": true
},
"presentation_validation_results": {
"credential_1": {
"mso_mdoc/device-auth": {
"policy_executed": {
"policy": "mso_mdoc/device-auth",
"id": "mso_mdoc/device-auth",
"description": "Verify device authentication"
},
"success": true,
"results": {
"device_public_jwk": {
"kty": "OKP",
"crv": "Ed25519",
"x": "jxQwRV7tHc3W_JkKVsDZL7_DtP4zyNJtQ4Yr1z7-Md4"
},
"device_auth_bytes_hex": "d8185868847444657669636541757468656e7469636174696f6e83f6f682714f70656e494434565048616e646f7665725820bdb670da65dae163a8fe31c591c82da53c6da1b38232c8f4d3657405e4220a43756f72672e69736f2e31383031332e352e312e6d444cd81841a0"
},
"errors": [],
"execution_time": "PT0.002658542S"
},
"mso_mdoc/device_key_auth": {
"policy_executed": {
"policy": "mso_mdoc/device_key_auth",
"id": "mso_mdoc/device_key_auth",
"description": "Verify holder-verified data"
},
"success": true,
"results": {
"empty_device_signed_namespaces": true
},
"errors": [],
"execution_time": "PT0.000800334S"
},
"mso_mdoc/issuer_auth": {
"policy_executed": {
"policy": "mso_mdoc/issuer_auth",
"id": "mso_mdoc/issuer_auth",
"description": "Verify issuer authentication"
},
"success": true,
"results": {
"certificate_chain": [
"3082022b308201d1a0030201020214440fe81f511c691ef21f46d51ef752bbde666996300a06082a8648ce3d040302302c310b3009060355040613024154311d301b06035504030c146d444c20497373756572204941434120526f6f74301e170d3236303531383036313932365a170d3237303831383036313932365a3032310b30090603550406130241543123302106035504030c1a6d444c2049737375657220446f63756d656e74205369676e65723059301306072a8648ce3d020106082a8648ce3d03010703420004c9f99bb42b1d410ff81033e0d06b7df20258935ce434ea4633d6c76048b8f667301080b22778927ef1e8a3f7d5bc33469d3cd03e9795b4761b19a673bec228f9a381ca3081c7301f0603551d2304183016801472b2f76f49d0bcb3dd70cc2d6499a3378002e8e3301d0603551d0e041604145c64d6b94b4538b14534525b3942eef8f841827d300e0603551d0f0101ff04040302078030270603551d120420301e861c68747470733a2f2f696163612e74656e616e74312e77616c742e696430150603551d250101ff040b3009060728818c5d05010230350603551d1f042e302c302aa028a026862468747470733a2f2f63726c2e74656e616e74312e77616c742e69642f696163612e63726c300a06082a8648ce3d0403020348003045022006c7eaed38d41d53d35224d5b420ca41109d5f3a7afde473a8e287ed8688a3d7022100eb7882937823711f9bc909e3f88861436da296b882066ced7fdf66f057f0af39"
],
"signer_pem": "-----BEGIN CERTIFICATE-----\nMIICKzCCAdGgAwIBAgIURA/oH1EcaR7yH0bVHvdSu95maZYwCgYIKoZIzj0EAwIw\r\nLDELMAkGA1UEBhMCQVQxHTAbBgNVBAMMFG1ETCBJc3N1ZXIgSUFDQSBSb290MB4X\r\nDTI2MDUxODA2MTkyNloXDTI3MDgxODA2MTkyNlowMjELMAkGA1UEBhMCQVQxIzAh\r\nBgNVBAMMGm1ETCBJc3N1ZXIgRG9jdW1lbnQgU2lnbmVyMFkwEwYHKoZIzj0CAQYI\r\nKoZIzj0DAQcDQgAEyfmbtCsdQQ/4EDPg0Gt98gJYk1zkNOpGM9bHYEi49mcwEICy\r\nJ3iSfvHoo/fVvDNGnTzQPpeVtHYbGaZzvsIo+aOByjCBxzAfBgNVHSMEGDAWgBRy\r\nsvdvSdC8s91wzC1kmaM3gALo4zAdBgNVHQ4EFgQUXGTWuUtFOLFFNFJbOULu+PhB\r\ngn0wDgYDVR0PAQH/BAQDAgeAMCcGA1UdEgQgMB6GHGh0dHBzOi8vaWFjYS50ZW5h\r\nbnQxLndhbHQuaWQwFQYDVR0lAQH/BAswCQYHKIGMXQUBAjA1BgNVHR8ELjAsMCqg\r\nKKAmhiRodHRwczovL2NybC50ZW5hbnQxLndhbHQuaWQvaWFjYS5jcmwwCgYIKoZI\r\nzj0EAwIDSAAwRQIgBsfq7TjUHVPTUiTVtCDKQRCdXzp6/eRzqOKH7YaIo9cCIQDr\r\neIKTeCNxH5vJCeP4iGFDbaKWuIIGbO1/32bwV/CvOQ==\n-----END CERTIFICATE-----",
"signer_jwk": {
"kty": "EC",
"crv": "P-256",
"x": "yfmbtCsdQQ_4EDPg0Gt98gJYk1zkNOpGM9bHYEi49mc",
"y": "MBCAsid4kn7x6KP31bwzRp080D6XlbR2Gxmmc77CKPk"
}
},
"errors": [],
"execution_time": "PT0.004215542S"
},
"mso_mdoc/issuer_signed_integrity": {
"policy_executed": {
"policy": "mso_mdoc/issuer_signed_integrity",
"id": "mso_mdoc/issuer_signed_integrity",
"description": "Verify issuer-verified data integrity"
},
"success": true,
"results": {
"namespace": {
"org.iso.18013.5.1": [
{
"id": "family_name",
"digest_id": 0,
"value": "Doe",
"value_type": "CborString",
"random_hex": "736b060d21fa4e37f17b0b0568285add9d064ba883eb6c35",
"serialized_hex": "a4686469676573744944006672616e646f6d5818736b060d21fa4e37f17b0b0568285add9d064ba883eb6c3571656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756563446f65"
},
{
"id": "given_name",
"digest_id": 1,
"value": "John",
"value_type": "CborString",
"random_hex": "312e734c986fdf279c7d75130b0da4794d16d44bbb3cfd61",
"serialized_hex": "a4686469676573744944016672616e646f6d5818312e734c986fdf279c7d75130b0da4794d16d44bbb3cfd6171656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c7565644a6f686e"
},
{
"id": "birth_date",
"digest_id": 2,
"value": "1986-03-22",
"value_type": "CborString",
"random_hex": "e6864d13d13a9fb1a7fccb729a6330dec975bac5e79fa023",
"serialized_hex": "a4686469676573744944026672616e646f6d5818e6864d13d13a9fb1a7fccb729a6330dec975bac5e79fa02371656c656d656e744964656e7469666965726a62697274685f646174656c656c656d656e7456616c7565d903ec6a313938362d30332d3232"
}
]
},
"matching_digest": {
"org.iso.18013.5.1": [
"family_name",
"given_name",
"birth_date"
]
}
},
"errors": [],
"execution_time": "PT0.003104834S"
},
"mso_mdoc/mso": {
"policy_executed": {
"policy": "mso_mdoc/mso",
"id": "mso_mdoc/mso",
"description": "Verify MSO"
},
"success": true,
"results": {
"signed": "2026-05-18T07:48:27.870905006Z",
"valid_from": "2027-05-18T07:48:27.852289522Z"
},
"errors": [],
"execution_time": "PT0.004245834S"
}
}
},
"presented_raw_data": {
"vpToken": {
"credential_1": [
"o2d2ZXJzaW9uYzEuMGlkb2N1bWVudHOBo2dkb2NUeXBldW9yZy5pc28uMTgwMTMuNS4xLm1ETGxpc3N1ZXJTaWduZWSiam5hbWVTcGFjZXOhcW9yZy5pc28uMTgwMTMuNS4xg9gYWFukaGRpZ2VzdElEAGZyYW5kb21YGHNrBg0h-k438XsLBWgoWt2dBkuog-tsNXFlbGVtZW50SWRlbnRpZmllcmtmYW1pbHlfbmFtZWxlbGVtZW50VmFsdWVjRG9l2BhYW6RoZGlnZXN0SUQBZnJhbmRvbVgYMS5zTJhv3yecfXUTCw2keU0W1Eu7PP1hcWVsZW1lbnRJZGVudGlmaWVyamdpdmVuX25hbWVsZWxlbWVudFZhbHVlZEpvaG7YGFhkpGhkaWdlc3RJRAJmcmFuZG9tWBjmhk0T0Tqfsaf8y3KaYzDeyXW6xeefoCNxZWxlbWVudElkZW50aWZpZXJqYmlydGhfZGF0ZWxlbGVtZW50VmFsdWXZA-xqMTk4Ni0wMy0yMmppc3N1ZXJBdXRohEOhASahGCFZAi8wggIrMIIB0aADAgECAhRED-gfURxpHvIfRtUe91K73mZpljAKBggqhkjOPQQDAjAsMQswCQYDVQQGEwJBVDEdMBsGA1UEAwwUbURMIElzc3VlciBJQUNBIFJvb3QwHhcNMjYwNTE4MDYxOTI2WhcNMjcwODE4MDYxOTI2WjAyMQswCQYDVQQGEwJBVDEjMCEGA1UEAwwabURMIElzc3VlciBEb2N1bWVudCBTaWduZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATJ-Zu0Kx1BD_gQM-DQa33yAliTXOQ06kYz1sdgSLj2ZzAQgLIneJJ-8eij99W8M0adPNA-l5W0dhsZpnO-wij5o4HKMIHHMB8GA1UdIwQYMBaAFHKy929J0Lyz3XDMLWSZozeAAujjMB0GA1UdDgQWBBRcZNa5S0U4sUU0Uls5Qu74-EGCfTAOBgNVHQ8BAf8EBAMCB4AwJwYDVR0SBCAwHoYcaHR0cHM6Ly9pYWNhLnRlbmFudDEud2FsdC5pZDAVBgNVHSUBAf8ECzAJBgcogYxdBQECMDUGA1UdHwQuMCwwKqAooCaGJGh0dHBzOi8vY3JsLnRlbmFudDEud2FsdC5pZC9pYWNhLmNybDAKBggqhkjOPQQDAgNIADBFAiAGx-rtONQdU9NSJNW0IMpBEJ1fOnr95HOo4ofthoij1wIhAOt4gpN4I3Efm8kJ4_iIYUNtopa4ggZs7X_fZvBX8K85WQKV2BhZApCmZ3ZlcnNpb25jMS4wb2RpZ2VzdEFsZ29yaXRobWdTSEEtMjU2bHZhbHVlRGlnZXN0c6Fxb3JnLmlzby4xODAxMy41LjGqAFgglIt2JC3rDbrr6azX5GWPMGyGqyD5gTnyASk37pDhZQYBWCCMQ7Ph45igVnLbvCtlSqLPlaMTXSk2kLoy4Mxn1x37kwJYIOjGjCHBlfvZi74lANZXAWt_FDdDf6NU591eYMGbFladA1ggcdl99l7hzcOFDYUeghGX0gDXYYgEN7WyRFrgSSFVvv4EWCCKwt6H37DEK8kJFcs__AiFZzLDc-4GPFKuYYEJzv_X1QVYIMybLDIPi3G7go7Bq4ggn0UYXEpmKMazxXZH25mnl0RQBlggofgVz7C7i4z0Iz8zrEPhNBRMlZcr4EhqQCR2pjo3qsoHWCDaJ4DszfMYhI0HfyOcSgMEgx_K12dx34khKW6ohKRhZghYIPTE7TeLsXVDSX9l3DTPB4zDhzF1WDTmCw3Ecxv1deNJCVggqueG-PUmdP8sJdsQ6XbuByQzAZXoRdwB-7dn0hxtkCdtZGV2aWNlS2V5SW5mb6FpZGV2aWNlS2V5owEBIAYhWCCPFDBFXu0dzdb8mQpWwNkvv8O0_jPI0m1DhivXPv4x3mdkb2NUeXBldW9yZy5pc28uMTgwMTMuNS4xLm1ETGx2YWxpZGl0eUluZm-jZnNpZ25lZMB4HjIwMjYtMDUtMThUMDc6NDg6MjcuODcwOTA1MDA2Wml2YWxpZEZyb23AeB4yMDI2LTA1LTE4VDA3OjQ4OjI3Ljg3MDkwNTAwNlpqdmFsaWRVbnRpbMB4HjIwMjctMDUtMThUMDc6NDg6MjcuODUyMjg5NTIyWlhAmRC5DQjAwaNaozniXwKmOoMscEyNwA65Y31zyoCJpiGiZxs-fk9bcsZnrDSu5ATPVEIKrf_4hjY8ODArK76q2WxkZXZpY2VTaWduZWSiam5hbWVTcGFjZXPYGEGgamRldmljZUF1dGihb2RldmljZVNpZ25hdHVyZYRDoQEnoPZYQGQUayxOBk2Wp7g7UhumPbtFSQ5h1h4jArb60UGZOsFMvG6MXHBBPd4JdOX40auhbmKNmBjinPfw96QN9XfV-Q9mc3RhdHVzAA"
]
},
"state": "da82aed7-ea36-4303-9c4a-3ded03cdedb4"
},
"presented_presentations": {
"credential_1": {
"type": "mso_mdoc",
"format": "mso_mdoc",
"mdoc": {
"credentialData": {
"docType": "org.iso.18013.5.1.mDL",
"org.iso.18013.5.1": {
"family_name": "Doe",
"given_name": "John",
"birth_date": "1986-03-22"
}
},
"signed": "o2d2ZXJzaW9uYzEuMGlkb2N1bWVudHOBo2dkb2NUeXBldW9yZy5pc28uMTgwMTMuNS4xLm1ETGxpc3N1ZXJTaWduZWSiam5hbWVTcGFjZXOhcW9yZy5pc28uMTgwMTMuNS4xg9gYWFukaGRpZ2VzdElEAGZyYW5kb21YGHNrBg0h-k438XsLBWgoWt2dBkuog-tsNXFlbGVtZW50SWRlbnRpZmllcmtmYW1pbHlfbmFtZWxlbGVtZW50VmFsdWVjRG9l2BhYW6RoZGlnZXN0SUQBZnJhbmRvbVgYMS5zTJhv3yecfXUTCw2keU0W1Eu7PP1hcWVsZW1lbnRJZGVudGlmaWVyamdpdmVuX25hbWVsZWxlbWVudFZhbHVlZEpvaG7YGFhkpGhkaWdlc3RJRAJmcmFuZG9tWBjmhk0T0Tqfsaf8y3KaYzDeyXW6xeefoCNxZWxlbWVudElkZW50aWZpZXJqYmlydGhfZGF0ZWxlbGVtZW50VmFsdWXZA-xqMTk4Ni0wMy0yMmppc3N1ZXJBdXRohEOhASahGCFZAi8wggIrMIIB0aADAgECAhRED-gfURxpHvIfRtUe91K73mZpljAKBggqhkjOPQQDAjAsMQswCQYDVQQGEwJBVDEdMBsGA1UEAwwUbURMIElzc3VlciBJQUNBIFJvb3QwHhcNMjYwNTE4MDYxOTI2WhcNMjcwODE4MDYxOTI2WjAyMQswCQYDVQQGEwJBVDEjMCEGA1UEAwwabURMIElzc3VlciBEb2N1bWVudCBTaWduZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATJ-Zu0Kx1BD_gQM-DQa33yAliTXOQ06kYz1sdgSLj2ZzAQgLIneJJ-8eij99W8M0adPNA-l5W0dhsZpnO-wij5o4HKMIHHMB8GA1UdIwQYMBaAFHKy929J0Lyz3XDMLWSZozeAAujjMB0GA1UdDgQWBBRcZNa5S0U4sUU0Uls5Qu74-EGCfTAOBgNVHQ8BAf8EBAMCB4AwJwYDVR0SBCAwHoYcaHR0cHM6Ly9pYWNhLnRlbmFudDEud2FsdC5pZDAVBgNVHSUBAf8ECzAJBgcogYxdBQECMDUGA1UdHwQuMCwwKqAooCaGJGh0dHBzOi8vY3JsLnRlbmFudDEud2FsdC5pZC9pYWNhLmNybDAKBggqhkjOPQQDAgNIADBFAiAGx-rtONQdU9NSJNW0IMpBEJ1fOnr95HOo4ofthoij1wIhAOt4gpN4I3Efm8kJ4_iIYUNtopa4ggZs7X_fZvBX8K85WQKV2BhZApCmZ3ZlcnNpb25jMS4wb2RpZ2VzdEFsZ29yaXRobWdTSEEtMjU2bHZhbHVlRGlnZXN0c6Fxb3JnLmlzby4xODAxMy41LjGqAFgglIt2JC3rDbrr6azX5GWPMGyGqyD5gTnyASk37pDhZQYBWCCMQ7Ph45igVnLbvCtlSqLPlaMTXSk2kLoy4Mxn1x37kwJYIOjGjCHBlfvZi74lANZXAWt_FDdDf6NU591eYMGbFladA1ggcdl99l7hzcOFDYUeghGX0gDXYYgEN7WyRFrgSSFVvv4EWCCKwt6H37DEK8kJFcs__AiFZzLDc-4GPFKuYYEJzv_X1QVYIMybLDIPi3G7go7Bq4ggn0UYXEpmKMazxXZH25mnl0RQBlggofgVz7C7i4z0Iz8zrEPhNBRMlZcr4EhqQCR2pjo3qsoHWCDaJ4DszfMYhI0HfyOcSgMEgx_K12dx34khKW6ohKRhZghYIPTE7TeLsXVDSX9l3DTPB4zDhzF1WDTmCw3Ecxv1deNJCVggqueG-PUmdP8sJdsQ6XbuByQzAZXoRdwB-7dn0hxtkCdtZGV2aWNlS2V5SW5mb6FpZGV2aWNlS2V5owEBIAYhWCCPFDBFXu0dzdb8mQpWwNkvv8O0_jPI0m1DhivXPv4x3mdkb2NUeXBldW9yZy5pc28uMTgwMTMuNS4xLm1ETGx2YWxpZGl0eUluZm-jZnNpZ25lZMB4HjIwMjYtMDUtMThUMDc6NDg6MjcuODcwOTA1MDA2Wml2YWxpZEZyb23AeB4yMDI2LTA1LTE4VDA3OjQ4OjI3Ljg3MDkwNTAwNlpqdmFsaWRVbnRpbMB4HjIwMjctMDUtMThUMDc6NDg6MjcuODUyMjg5NTIyWlhAmRC5DQjAwaNaozniXwKmOoMscEyNwA65Y31zyoCJpiGiZxs-fk9bcsZnrDSu5ATPVEIKrf_4hjY8ODArK76q2WxkZXZpY2VTaWduZWSiam5hbWVTcGFjZXPYGEGgamRldmljZUF1dGihb2RldmljZVNpZ25hdHVyZYRDoQEnoPZYQGQUayxOBk2Wp7g7UhumPbtFSQ5h1h4jArb60UGZOsFMvG6MXHBBPd4JdOX40auhbmKNmBjinPfw96QN9XfV-Q9mc3RhdHVzAA",
"docType": "org.iso.18013.5.1.mDL",
"signature": {
"type": "signature-cose",
"signerKey": {
"type": "jwk",
"jwk": {
"kty": "EC",
"crv": "P-256",
"x": "yfmbtCsdQQ_4EDPg0Gt98gJYk1zkNOpGM9bHYEi49mc",
"y": "MBCAsid4kn7x6KP31bwzRp080D6XlbR2Gxmmc77CKPk"
}
},
"x5cList": [
"MIICKzCCAdGgAwIBAgIURA/oH1EcaR7yH0bVHvdSu95maZYwCgYIKoZIzj0EAwIwLDELMAkGA1UEBhMCQVQxHTAbBgNVBAMMFG1ETCBJc3N1ZXIgSUFDQSBSb290MB4XDTI2MDUxODA2MTkyNloXDTI3MDgxODA2MTkyNlowMjELMAkGA1UEBhMCQVQxIzAhBgNVBAMMGm1ETCBJc3N1ZXIgRG9jdW1lbnQgU2lnbmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyfmbtCsdQQ/4EDPg0Gt98gJYk1zkNOpGM9bHYEi49mcwEICyJ3iSfvHoo/fVvDNGnTzQPpeVtHYbGaZzvsIo+aOByjCBxzAfBgNVHSMEGDAWgBRysvdvSdC8s91wzC1kmaM3gALo4zAdBgNVHQ4EFgQUXGTWuUtFOLFFNFJbOULu+PhBgn0wDgYDVR0PAQH/BAQDAgeAMCcGA1UdEgQgMB6GHGh0dHBzOi8vaWFjYS50ZW5hbnQxLndhbHQuaWQwFQYDVR0lAQH/BAswCQYHKIGMXQUBAjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwczovL2NybC50ZW5hbnQxLndhbHQuaWQvaWFjYS5jcmwwCgYIKoZIzj0EAwIDSAAwRQIgBsfq7TjUHVPTUiTVtCDKQRCdXzp6/eRzqOKH7YaIo9cCIQDreIKTeCNxH5vJCeP4iGFDbaKWuIIGbO1/32bwV/CvOQ=="
]
},
"format": "mso_mdoc",
"mso": {
"version": "1.0",
"digestAlgorithm": "SHA-256",
"valueDigests": {
"org.iso.18013.5.1": {
"0": [
-108,
-117,
118,
36,
45,
-21,
13,
-70,
-21,
-23,
-84,
-41,
-28,
101,
-113,
48,
108,
-122,
-85,
32,
-7,
-127,
57,
-14,
1,
41,
55,
-18,
-112,
-31,
101,
6
],
"1": [
-116,
67,
-77,
-31,
-29,
-104,
-96,
86,
114,
-37,
-68,
43,
101,
74,
-94,
-49,
-107,
-93,
19,
93,
41,
54,
-112,
-70,
50,
-32,
-52,
103,
-41,
29,
-5,
-109
],
"2": [
-24,
-58,
-116,
33,
-63,
-107,
-5,
-39,
-117,
-66,
37,
0,
-42,
87,
1,
107,
127,
20,
55,
67,
127,
-93,
84,
-25,
-35,
94,
96,
-63,
-101,
22,
86,
-99
],
"3": [
113,
-39,
125,
-10,
94,
-31,
-51,
-61,
-123,
13,
-123,
30,
-126,
17,
-105,
-46,
0,
-41,
97,
-120,
4,
55,
-75,
-78,
68,
90,
-32,
73,
33,
85,
-66,
-2
],
"4": [
-118,
-62,
-34,
-121,
-33,
-80,
-60,
43,
-55,
9,
21,
-53,
63,
-4,
8,
-123,
103,
50,
-61,
115,
-18,
6,
60,
82,
-82,
97,
-127,
9,
-50,
-1,
-41,
-43
],
"5": [
-52,
-101,
44,
50,
15,
-117,
113,
-69,
-126,
-114,
-63,
-85,
-120,
32,
-97,
69,
24,
92,
74,
102,
40,
-58,
-77,
-59,
118,
71,
-37,
-103,
-89,
-105,
68,
80
],
"6": [
-95,
-8,
21,
-49,
-80,
-69,
-117,
-116,
-12,
35,
63,
51,
-84,
67,
-31,
52,
20,
76,
-107,
-105,
43,
-32,
72,
106,
64,
36,
118,
-90,
58,
55,
-86,
-54
],
"7": [
-38,
39,
-128,
-20,
-51,
-13,
24,
-124,
-115,
7,
127,
35,
-100,
74,
3,
4,
-125,
31,
-54,
-41,
103,
113,
-33,
-119,
33,
41,
110,
-88,
-124,
-92,
97,
102
],
"8": [
-12,
-60,
-19,
55,
-117,
-79,
117,
67,
73,
127,
101,
-36,
52,
-49,
7,
-116,
-61,
-121,
49,
117,
88,
52,
-26,
11,
13,
-60,
115,
27,
-11,
117,
-29,
73
],
"9": [
-86,
-25,
-122,
-8,
-11,
38,
116,
-1,
44,
37,
-37,
16,
-23,
118,
-18,
7,
36,
51,
1,
-107,
-24,
69,
-36,
1,
-5,
-73,
103,
-46,
28,
109,
-112,
39
]
}
},
"deviceKeyInfo": {
"deviceKey": {
"kty": 1,
"crv": 6,
"x": [
-113,
20,
48,
69,
94,
-19,
29,
-51,
-42,
-4,
-103,
10,
86,
-64,
-39,
47,
-65,
-61,
-76,
-2,
51,
-56,
-46,
109,
67,
-122,
43,
-41,
62,
-2,
49,
-34
]
}
},
"docType": "org.iso.18013.5.1.mDL",
"validityInfo": {
"signed": "2026-05-18T07:48:27.870905006Z",
"validFrom": "2026-05-18T07:48:27.870905006Z",
"validUntil": "2027-05-18T07:48:27.852289522Z"
}
}
}
}
},
"presented_credentials": {
"credential_1": [
{
"type": "vc-mdocs",
"credentialData": {
"docType": "org.iso.18013.5.1.mDL",
"org.iso.18013.5.1": {
"family_name": "Doe",
"given_name": "John",
"birth_date": "1986-03-22"
}
},
"signed": "o2d2ZXJzaW9uYzEuMGlkb2N1bWVudHOBo2dkb2NUeXBldW9yZy5pc28uMTgwMTMuNS4xLm1ETGxpc3N1ZXJTaWduZWSiam5hbWVTcGFjZXOhcW9yZy5pc28uMTgwMTMuNS4xg9gYWFukaGRpZ2VzdElEAGZyYW5kb21YGHNrBg0h-k438XsLBWgoWt2dBkuog-tsNXFlbGVtZW50SWRlbnRpZmllcmtmYW1pbHlfbmFtZWxlbGVtZW50VmFsdWVjRG9l2BhYW6RoZGlnZXN0SUQBZnJhbmRvbVgYMS5zTJhv3yecfXUTCw2keU0W1Eu7PP1hcWVsZW1lbnRJZGVudGlmaWVyamdpdmVuX25hbWVsZWxlbWVudFZhbHVlZEpvaG7YGFhkpGhkaWdlc3RJRAJmcmFuZG9tWBjmhk0T0Tqfsaf8y3KaYzDeyXW6xeefoCNxZWxlbWVudElkZW50aWZpZXJqYmlydGhfZGF0ZWxlbGVtZW50VmFsdWXZA-xqMTk4Ni0wMy0yMmppc3N1ZXJBdXRohEOhASahGCFZAi8wggIrMIIB0aADAgECAhRED-gfURxpHvIfRtUe91K73mZpljAKBggqhkjOPQQDAjAsMQswCQYDVQQGEwJBVDEdMBsGA1UEAwwUbURMIElzc3VlciBJQUNBIFJvb3QwHhcNMjYwNTE4MDYxOTI2WhcNMjcwODE4MDYxOTI2WjAyMQswCQYDVQQGEwJBVDEjMCEGA1UEAwwabURMIElzc3VlciBEb2N1bWVudCBTaWduZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATJ-Zu0Kx1BD_gQM-DQa33yAliTXOQ06kYz1sdgSLj2ZzAQgLIneJJ-8eij99W8M0adPNA-l5W0dhsZpnO-wij5o4HKMIHHMB8GA1UdIwQYMBaAFHKy929J0Lyz3XDMLWSZozeAAujjMB0GA1UdDgQWBBRcZNa5S0U4sUU0Uls5Qu74-EGCfTAOBgNVHQ8BAf8EBAMCB4AwJwYDVR0SBCAwHoYcaHR0cHM6Ly9pYWNhLnRlbmFudDEud2FsdC5pZDAVBgNVHSUBAf8ECzAJBgcogYxdBQECMDUGA1UdHwQuMCwwKqAooCaGJGh0dHBzOi8vY3JsLnRlbmFudDEud2FsdC5pZC9pYWNhLmNybDAKBggqhkjOPQQDAgNIADBFAiAGx-rtONQdU9NSJNW0IMpBEJ1fOnr95HOo4ofthoij1wIhAOt4gpN4I3Efm8kJ4_iIYUNtopa4ggZs7X_fZvBX8K85WQKV2BhZApCmZ3ZlcnNpb25jMS4wb2RpZ2VzdEFsZ29yaXRobWdTSEEtMjU2bHZhbHVlRGlnZXN0c6Fxb3JnLmlzby4xODAxMy41LjGqAFgglIt2JC3rDbrr6azX5GWPMGyGqyD5gTnyASk37pDhZQYBWCCMQ7Ph45igVnLbvCtlSqLPlaMTXSk2kLoy4Mxn1x37kwJYIOjGjCHBlfvZi74lANZXAWt_FDdDf6NU591eYMGbFladA1ggcdl99l7hzcOFDYUeghGX0gDXYYgEN7WyRFrgSSFVvv4EWCCKwt6H37DEK8kJFcs__AiFZzLDc-4GPFKuYYEJzv_X1QVYIMybLDIPi3G7go7Bq4ggn0UYXEpmKMazxXZH25mnl0RQBlggofgVz7C7i4z0Iz8zrEPhNBRMlZcr4EhqQCR2pjo3qsoHWCDaJ4DszfMYhI0HfyOcSgMEgx_K12dx34khKW6ohKRhZghYIPTE7TeLsXVDSX9l3DTPB4zDhzF1WDTmCw3Ecxv1deNJCVggqueG-PUmdP8sJdsQ6XbuByQzAZXoRdwB-7dn0hxtkCdtZGV2aWNlS2V5SW5mb6FpZGV2aWNlS2V5owEBIAYhWCCPFDBFXu0dzdb8mQpWwNkvv8O0_jPI0m1DhivXPv4x3mdkb2NUeXBldW9yZy5pc28uMTgwMTMuNS4xLm1ETGx2YWxpZGl0eUluZm-jZnNpZ25lZMB4HjIwMjYtMDUtMThUMDc6NDg6MjcuODcwOTA1MDA2Wml2YWxpZEZyb23AeB4yMDI2LTA1LTE4VDA3OjQ4OjI3Ljg3MDkwNTAwNlpqdmFsaWRVbnRpbMB4HjIwMjctMDUtMThUMDc6NDg6MjcuODUyMjg5NTIyWlhAmRC5DQjAwaNaozniXwKmOoMscEyNwA65Y31zyoCJpiGiZxs-fk9bcsZnrDSu5ATPVEIKrf_4hjY8ODArK76q2WxkZXZpY2VTaWduZWSiam5hbWVTcGFjZXPYGEGgamRldmljZUF1dGihb2RldmljZVNpZ25hdHVyZYRDoQEnoPZYQGQUayxOBk2Wp7g7UhumPbtFSQ5h1h4jArb60UGZOsFMvG6MXHBBPd4JdOX40auhbmKNmBjinPfw96QN9XfV-Q9mc3RhdHVzAA",
"docType": "org.iso.18013.5.1.mDL",
"signature": {
"type": "signature-cose",
"signerKey": {
"type": "jwk",
"jwk": {
"kty": "EC",
"crv": "P-256",
"x": "yfmbtCsdQQ_4EDPg0Gt98gJYk1zkNOpGM9bHYEi49mc",
"y": "MBCAsid4kn7x6KP31bwzRp080D6XlbR2Gxmmc77CKPk"
}
},
"x5cList": [
"MIICKzCCAdGgAwIBAgIURA/oH1EcaR7yH0bVHvdSu95maZYwCgYIKoZIzj0EAwIwLDELMAkGA1UEBhMCQVQxHTAbBgNVBAMMFG1ETCBJc3N1ZXIgSUFDQSBSb290MB4XDTI2MDUxODA2MTkyNloXDTI3MDgxODA2MTkyNlowMjELMAkGA1UEBhMCQVQxIzAhBgNVBAMMGm1ETCBJc3N1ZXIgRG9jdW1lbnQgU2lnbmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyfmbtCsdQQ/4EDPg0Gt98gJYk1zkNOpGM9bHYEi49mcwEICyJ3iSfvHoo/fVvDNGnTzQPpeVtHYbGaZzvsIo+aOByjCBxzAfBgNVHSMEGDAWgBRysvdvSdC8s91wzC1kmaM3gALo4zAdBgNVHQ4EFgQUXGTWuUtFOLFFNFJbOULu+PhBgn0wDgYDVR0PAQH/BAQDAgeAMCcGA1UdEgQgMB6GHGh0dHBzOi8vaWFjYS50ZW5hbnQxLndhbHQuaWQwFQYDVR0lAQH/BAswCQYHKIGMXQUBAjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwczovL2NybC50ZW5hbnQxLndhbHQuaWQvaWFjYS5jcmwwCgYIKoZIzj0EAwIDSAAwRQIgBsfq7TjUHVPTUiTVtCDKQRCdXzp6/eRzqOKH7YaIo9cCIQDreIKTeCNxH5vJCeP4iGFDbaKWuIIGbO1/32bwV/CvOQ=="
]
},
"format": "mso_mdoc",
"mso": {
"version": "1.0",
"digestAlgorithm": "SHA-256",
"valueDigests": {
"org.iso.18013.5.1": {
"0": [
-108,
-117,
118,
36,
45,
-21,
13,
-70,
-21,
-23,
-84,
-41,
-28,
101,
-113,
48,
108,
-122,
-85,
32,
-7,
-127,
57,
-14,
1,
41,
55,
-18,
-112,
-31,
101,
6
],
"1": [
-116,
67,
-77,
-31,
-29,
-104,
-96,
86,
114,
-37,
-68,
43,
101,
74,
-94,
-49,
-107,
-93,
19,
93,
41,
54,
-112,
-70,
50,
-32,
-52,
103,
-41,
29,
-5,
-109
],
"2": [
-24,
-58,
-116,
33,
-63,
-107,
-5,
-39,
-117,
-66,
37,
0,
-42,
87,
1,
107,
127,
20,
55,
67,
127,
-93,
84,
-25,
-35,
94,
96,
-63,
-101,
22,
86,
-99
],
"3": [
113,
-39,
125,
-10,
94,
-31,
-51,
-61,
-123,
13,
-123,
30,
-126,
17,
-105,
-46,
0,
-41,
97,
-120,
4,
55,
-75,
-78,
68,
90,
-32,
73,
33,
85,
-66,
-2
],
"4": [
-118,
-62,
-34,
-121,
-33,
-80,
-60,
43,
-55,
9,
21,
-53,
63,
-4,
8,
-123,
103,
50,
-61,
115,
-18,
6,
60,
82,
-82,
97,
-127,
9,
-50,
-1,
-41,
-43
],
"5": [
-52,
-101,
44,
50,
15,
-117,
113,
-69,
-126,
-114,
-63,
-85,
-120,
32,
-97,
69,
24,
92,
74,
102,
40,
-58,
-77,
-59,
118,
71,
-37,
-103,
-89,
-105,
68,
80
],
"6": [
-95,
-8,
21,
-49,
-80,
-69,
-117,
-116,
-12,
35,
63,
51,
-84,
67,
-31,
52,
20,
76,
-107,
-105,
43,
-32,
72,
106,
64,
36,
118,
-90,
58,
55,
-86,
-54
],
"7": [
-38,
39,
-128,
-20,
-51,
-13,
24,
-124,
-115,
7,
127,
35,
-100,
74,
3,
4,
-125,
31,
-54,
-41,
103,
113,
-33,
-119,
33,
41,
110,
-88,
-124,
-92,
97,
102
],
"8": [
-12,
-60,
-19,
55,
-117,
-79,
117,
67,
73,
127,
101,
-36,
52,
-49,
7,
-116,
-61,
-121,
49,
117,
88,
52,
-26,
11,
13,
-60,
115,
27,
-11,
117,
-29,
73
],
"9": [
-86,
-25,
-122,
-8,
-11,
38,
116,
-1,
44,
37,
-37,
16,
-23,
118,
-18,
7,
36,
51,
1,
-107,
-24,
69,
-36,
1,
-5,
-73,
103,
-46,
28,
109,
-112,
39
]
}
},
"deviceKeyInfo": {
"deviceKey": {
"kty": 1,
"crv": 6,
"x": [
-113,
20,
48,
69,
94,
-19,
29,
-51,
-42,
-4,
-103,
10,
86,
-64,
-39,
47,
-65,
-61,
-76,
-2,
51,
-56,
-46,
109,
67,
-122,
43,
-41,
62,
-2,
49,
-34
]
}
},
"docType": "org.iso.18013.5.1.mDL",
"validityInfo": {
"signed": "2026-05-18T07:48:27.870905006Z",
"validFrom": "2026-05-18T07:48:27.870905006Z",
"validUntil": "2027-05-18T07:48:27.852289522Z"
}
}
}
]
}
}
Key Response Fields:
- id: String - The verification session ID
- setup: Object - The complete session configuration that was used to create this verification session (the
VerificationSessionSetupfrom the create request) - creationDate: String - ISO 8601 timestamp when the session was created
- expirationDate: String - ISO 8601 timestamp when the session expires (default: 10 minutes after creation). Session will expire if left unused (no presentation pushed). Once a presentation is received, the session is no longer eligible for expiry.
- status: String - The current status of the verification session. Possible values:
"UNKNOWN"— Session ended up in unknown flow (should be avoided)"ACTIVE"— Session was created and is active (can be used)"UNUSED"— Session was not used yet, but not expired (can be used)"IN_USE"— AuthorizationRequest was requested by wallet"VALIDATING_RECEIVED_REQUEST"— Checking if received presentation will be processed"PROCESSING_FLOW"— Received presentation is being processed (validation + policy execution)"EXPIRED"— Verification request expired without being utilized"SUCCESSFUL"— Verification completed fully successfully (all validation & policies passed)"FAILED"— Verification was unsuccessful (presentation validation or policies failed)
- attempted: Boolean - Whether the wallet has attempted to respond to the verification request
- reattemptable: Boolean - Whether the user can retry this verification session if it failed
- policies: Object - The policies configured for this session:
- vp_policies: Object (optional) - Policies to run on presentations
- vc_policies: Array (optional) - Policies to run on credentials
- specific_vc_policies: Object (optional) - Policies to run on specific credential IDs
- policy_results: Object (optional) - Detailed results for all policies applied to the verification (only present after presentation is received):
- vp_policies: Object - Results for presentation-level policies (audience check, nonce check, envelope signature), organized by credential ID. Structure:
{ "credential_id": { "policy_name": { ... } } } - vc_policies: Array - Results for credential-level policies (signature, expiry, schema, etc.). Each item contains
policy,success, andresult. - specific_vc_policies: Object - Results for credential-specific policies
- overallSuccess: Boolean (computed) - Whether all policies passed
- vp_policies: Object - Results for presentation-level policies (audience check, nonce check, envelope signature), organized by credential ID. Structure:
- redirects: Object (optional) - Success and error redirect URIs if configured
Instead of polling the session status, you can use callbacks or Server Sent Events (SSE) to be notified when the verification completes. See Callbacks & SSE for details.
Understanding Flow Types and Core Concepts
Now that you've seen verification in action, let's understand the underlying structure.
Verification Session Structure
A VerificationSession defines the full lifecycle: authorization request → user presentation → policy validation → final result.
Every verification request follows this structure:
{
"flow_type": "cross_device | same_device | dc_api",
"core_flow": { /* common to all flows */ },
"url_config": { /* specific to cross_device and same_device */ },
"redirects": { /* optional */ }
}
Why this structure?
- flow_type determines how the credential request is delivered (QR code vs deep link vs browser API)
- core_flow contains the credential query and policies (same regardless of delivery method)
- url_config and redirects are flow-specific attributes
This separation makes it easy to switch between flows without changing your credential requirements.
Flow Type Comparison
| Flow Type | Use Case | Required Attributes | User Experience |
|---|---|---|---|
cross_device | User scans QR code from desktop | None beyond core flow | Desktop shows QR → User scans with phone → Phone wallet opens |
same_device | User clicks link on mobile | redirects (success/error URLs) | Browser redirects to wallet → Wallet opens → User returns to browser |
dc_api | Browser-native credential exchange | expectedOrigins (array of allowed origins) | Browser shows native credential picker → User selects → Instant return |
Configuration Defaults
Many session parameters can be configured globally in verifier-service.conf and overridden per-request when needed.
| Parameter | Config File Location | Request Override Path | When to Override |
|---|---|---|---|
urlPrefix | verifier-service.conf → urlPrefix | url_config.url_prefix | Testing with ngrok, different environments per session |
urlHost | verifier-service.conf → urlHost | url_config.url_host | Custom authorization endpoints, conformance testing |
clientId | verifier-service.conf → clientId | core_flow.clientId | Different verifier identities per use case |
clientMetadata | verifier-service.conf → clientMetadata | core_flow.client_metadata | Session-specific branding, multi-tenant scenarios |
| Signing key | verifier-service.conf → key | core_flow.key | Different signing keys per session (advanced) |
| Certificate chain | verifier-service.conf → x5c | core_flow.x5c | Different certificate chains per session (x509 flows) |
Best Practice: Set defaults in verifier-service.conf for your primary use case, and override per-request only when necessary. This keeps your API calls clean and reduces duplication.
See Verifier Service Configuration for detailed configuration documentation.
Additional
You can find more information on how to configure different DC API request flows, and how to interact with the Browser-based DC API in our Digital Credential Button project.
Next Steps
- Apply custom policies — See Policies for validation rules beyond signature verification
- Set up notifications — Use Callbacks & SSE instead of polling for session status
- Verify other credential types — Try W3C VC or SD-JWT VC
Last updated on May 20, 2026