Setup

We will setup a Credential Status service inside of a tenant. If you don't have a tenant yet, you can learn how to create one here.

Currently, status credentials can be stored and made available via three types of external services:

  1. AWS S3 Bucket
  2. Azure Blob Storage
  3. Google Cloud Storage
  4. In-Memory
CURL

Endpoint: /v1/{target}/resource-api/services/create | API Reference

AWS
Azure
Google
In-Memory

Configuration options vary based on the bucket's hosting environment and its access method.

AWS domain
CDN (custom domain)
s3-compatible registry

Example Request

curl -X 'POST' \
  'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/resource-api/services/create' \
  -H 'accept: */*' \
  -H 'Authorization: Bearer {yourToken}' \
  -H 'Content-Type: application/json' \
  -d '{
  "type": "credential-status",
  "config": {
    "registry": {
      "type": "aws",
      "bucketName": "bucket-name",
      "region": "region",
      "accessKeyId": "s3-access-key-id",
      "secretKey": "s3-secret-key"
    }
  }
}'

Body

{
  "type": "credential-status",
  "config": {
    "registry": {
      "type": "aws",
      "bucketName": "bucket-name",
      "region": "region",
      "accessKeyId": "s3-access-key-id",
      "secretKey": "s3-secret-key"
    }
  }
}

Body Parameters

  • type: credential-status - Specifies the type of service to create. In this case, it is credential-status.
  • config: object - Storage configurations for status credential service.
  • registry: object - Defines registry & access credentials for chosen registry.
    • type: aws - Indicates the type of registry, which is aws in this context.
    • bucketName: string - The name of the AWS S3 bucket.
    • region: string - The AWS region where the bucket is located.
    • accessKeyId: string - (Optional) The access key ID for accessing the AWS S3 bucket.
    • secretKey: string - (Optional) The secret access key for accessing the AWS S3 bucket.
    • endpointUrl: string - (Optional) The URL of the S3-compatible registry bucket, e.g. https://s3-mock.com.
  • bucketUrl: string - (Optional) The URL of the registry bucket custom domain, e.g. https://custom-domain.com.

    AWS access credentials are optional. If not provided, the default Credential Provider Chain will be executed, relying on AWS environment configuration (e.g. EC2 instance IAM role-provided credentials).

Example Request

curl -X 'POST' \
  'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/resource-api/services/create' \
  -H 'accept: */*' \
  -H 'Authorization: Bearer {yourToken}' \
  -H 'Content-Type: application/json' \
  -d '{
  "type": "credential-status",
  "config": {
    "registry": {
      "type": "in-memory"
    }
  }
}'

Body

{
  "type": "credential-status",
  "config": {
    "registry": {
      "type": "in-memory"
    }
  }
}

::

Path Parameters

  • orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is named test, your default Base URL will be test.enterprise-sandbox.walt.dev when using the sandbox environment.
  • target: resourceIdentifier - The target indicates the organization + tenant in which to create the new credential status service and the service's ID ({organizationID}.{tenantID}.[NewCredentialStatusServiceID]), e.g. waltid.tenant1.credential-status-service-id

Response Codes

  • 201 - Service created successfully.
  • 401 - Invalid authentication.
Last updated on January 24, 2026
OverviewManage