Import a Credential

Import a signed Verifiable Credential in JWT or SD-JWT format directly into a wallet. This is useful when a credential has been issued outside of the standard OID4VCI flow and needs to be stored manually.

The import endpoint validates the credential's format, verifies its signature, checks the DID binding, and prevents duplicate imports.

Import a Credential

CURL

Endpoint: POST /wallet-api/wallet/{walletId}/credentials/import | API Reference

Example Request
curl -X 'POST' \
  'http://0.0.0.0:7001/wallet-api/wallet/{walletId}/credentials/import' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer {token}' \
  -d '{
    "jwt": "<signed-jwt-or-sd-jwt>",
    "associated_did": "<did-in-your-wallet>"
  }'

Path Parameters

  • walletId: String - The ID of the wallet to import the credential into. See Accounts & Wallets for how to retrieve it.

Header Parameters

  • Authorization: String - Bearer token obtained from the login endpoint. Format: Bearer {token}.

Body Parameters

  • jwt: String - The signed Verifiable Credential in JWT or SD-JWT format.
  • associated_did: String - A DID owned by the wallet to associate the credential with. The credential's sub claim must match this DID.
Example Response

On success, the API returns 201 Created with no response body.

StatusDescription
201Credential imported successfully
400Invalid JWT format, VC structure, or validation failed
401Invalid or missing authentication
409Credential already exists in the wallet

Validation

The following checks are performed on every import:

  • Format — The value must be a valid JWT or SD-JWT (three Base64URL-encoded parts separated by dots, or an SD-JWT with ~-separated disclosures).
  • VC structure — The JWT payload must contain valid W3C Verifiable Credential claims.
  • Signature — The issuer's cryptographic signature is verified.
  • DID binding — The sub claim must match the associated_did provided.
  • Time window — The iat must not be in the future; exp (if present) must not be in the past.
  • Duplicate check — If a credential with the same id already exists, the import is rejected with 409 Conflict.

SD-JWT Support

The endpoint accepts both regular JWTs and SD-JWTs. SD-JWTs follow the format:

<issuer-signed-jwt>~<disclosure1>~<disclosure2>~...~<optional-key-binding-jwt>

The full credential including all disclosures is stored in the wallet, and all validation checks apply equally.

For receiving credentials from issuers through the standard protocol, see Credential Exchange.

Last updated on April 29, 2026
Delete a CredentialFeature Manger