Credential Presenting

The Wallet API v2 presents credentials to a verifier using OpenID4VP 1.0 with DCQL (Digital Credential Query Language) for credential matching. You hand the wallet a presentation request — typically an openid4vp:// URL from a verifier such as Verifier2 — and the wallet finds matching credentials, builds a presentation, and submits it.

How It Works

Presenting a credential runs through four steps:

  1. Resolve the request — parse the verifier's authorization request and read its DCQL query.
  2. Match credentials — find stored credentials that satisfy the query.
  3. Build the presentation — sign the selected credential(s) with the holder key.
  4. Submit — send the presentation to the verifier's response endpoint.

Two Ways to Present

  • Full flow — a single call (POST /wallet/{walletId}/credentials/present) auto-matches credentials from the wallet's credential stores, signs, and submits. This is what the credential guides below use.
  • Custom Flow — drive each step yourself. Use it to preview what will be shared (consent UIs), let the user choose between matches, or present credentials that aren't stored in the wallet (managed externally).

Selective Disclosure

For SD-JWT VC and mDL, the wallet reveals only the claims the verifier asks for — you don't tell the wallet which claims to disclose, the verifier does, through the claims array of its DCQL query. The wallet resolves the request and discloses accordingly, automatically, in the full POST /credentials/present call (and identically in the Custom Flow).

What "only what's asked" means differs by format:

  • SD-JWT VC — the verifier's requested paths select which selectively-disclosable claims are revealed. Claims marked selectively-disclosable by the issuer that the verifier does not request stay hidden; a claim that isn't selectively-disclosable is always present and can't be withheld. If the verifier sends no claims at all, only the always-present (non-SD) claims are shared.
  • mDL (mso_mdoc) — every data element is individually disclosable, so the wallet discloses exactly the elements the verifier lists in claims (by [namespace, element] path) and nothing else.
// A verifier asking (via DCQL) for just two claims of an SD-JWT VC
"claims": [
  { "path": ["given_name"] },
  { "path": ["birthdate"] }
]

Supported Formats

Start Presenting

Choose the credential type that matches your use case:

Need fine-grained control? See Custom Flow.

Last updated on July 13, 2026