Presenting SD-JWT VC Credentials via OID4VP
This guide shows you how to present an IETF SD-JWT VC credential from a wallet using the walt.id Wallet API v2. You'll take a presentation request — for example one created with Verifier2 — and satisfy it in a single call.
SD-JWT VC: An IETF credential format supporting selective disclosure — the wallet reveals only the claims the verifier asks for.
OID4VP: The protocol used to deliver the presentation from the wallet to the verifier. Credential matching uses DCQL.
This page uses the full presentation flow — one call that matches, signs, and submits. To preview what will be shared, let the user choose between matches, or present a credential that isn't stored in the wallet, see Custom Flow.
Prerequisites
- Wallet API v2 running — Follow the Setup guide. The examples use
http://localhost:7005as the base URL. - A wallet holding an SD-JWT VC — Receive one first; you'll need the wallet's
walletId. - A presentation request — For a full end-to-end run, create one with the Verifier2 SD-JWT VC guide. The request is an
openid4vp://URL.
Running via Docker Compose? The quick-start stack exposes Wallet API v2 on http://localhost:7006 (Verifier2 on 7004). Use that base URL instead.
Present the Credential
Hand the verifier's request to the wallet. This single call resolves the request, matches a stored SD-JWT VC against the verifier's DCQL query, signs the presentation with the wallet's default key, and submits it.
Endpoint: POST /wallet/{walletId}/credentials/present | API Reference
Example Request
curl -X POST http://localhost:7005/wallet/{walletId}/credentials/present \
-H 'Content-Type: application/json' \
-d '{
"requestUrl": "openid4vp://authorize?client_id=x509_san_dns%3Averifier.example.org&request_uri=http%3A%2F%2Flocalhost%3A7004%2Fopenid4vc%2Frequest%2Fabc123"
}'
Path Parameters
- walletId: String (required) - The wallet holding the credential to present. Returned when you create a wallet; to look up an existing one, list your wallets with
GET /wallet.
Body Parameters
- Presentation request (required) — provide exactly one of:
- requestUrl: String - The OID4VP authorization request URL from the verifier.
- requestObject: Object - A pre-fetched authorization request as an inline JSON object.
- keyId: String (optional) - Key used to sign the presentation. Defaults to the wallet's default key.
- did: String (optional) - DID for the presenter identity. Defaults to the wallet's default DID.
Example Response
{
"transmission_success": true,
"verifier_response": {
"status": "received",
"message": "Presentation received and is being processed."
}
}
Response Fields
- transmission_success: Boolean - Whether the wallet successfully submitted the presentation to the verifier.
- verifier_response: Object - The raw response body returned by the verifier (for a
direct_postsubmission, a status/message acknowledgement as above). - redirect_to: String (optional) - Where to send the user next, if the verifier returned a redirect. Omitted otherwise.
- get_url / form_post_html: String (optional) - Present instead for
direct_post.jwt/ form-post response modes. Omitted for a plaindirect_post.
transmission_success: true means the wallet delivered the presentation — it doesn't by itself mean the verifier's policies passed. Confirm the outcome on the verifier side (e.g. GET /verification-session/{sessionId}/info → status: SUCCESSFUL).
🎉 You've presented an SD-JWT VC credential to the verifier. Only the selectively-disclosable claims the verifier requested were disclosed — see Selective Disclosure for how the verifier's DCQL claims drive what's shared.
Doing It Step by Step
The full-flow call above matches and submits in one shot. If you're building a wallet UI and need to show the user what will be shared before they consent — or present a credential that isn't stored in the wallet — drive the isolated endpoints yourself. Resolving the request, DCQL matching, and inline presentation are documented in Custom Flow.
Next Steps
- Present other credential types — W3C VC or mDL.
- Preview and consent — Use Custom Flow to show the user which credentials match before sharing.
- Receive more credentials — Credential Receiving.
