General Config
The issuer, similar to other services in the Enterprise Stack, maintains a collection of configurations. These configurations include internal configs such as signing keys for access tokens and the base URL, which are used solely within the Enterprise Stack. Additionally, the issuer holds configurations that is both internally used and externally shared, such as supported credential types and issuer display information. This external information is made available through the OpenID issuer metadata endpoint, which can be accessed by wallets and other external applications involved in the credential exchange process.
Get Issuer Config
CURL
Endpoint: /v1/{target}/issuer-service-api/configuration/view | API Reference
Example Request
curl -X 'GET' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/issuer-service-api/configuration/view' \
-H 'Authorization: Bearer {yourToken}' \
-H 'Content-Type: application/json'
Path Parameters
orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is namedtest, your default Base URL will betest.enterprise-sandbox.walt.devwhen using the sandbox environment.target: resourceIdentifier - The target indicates the organization + tenant + issuer service from which to receive the configuration({organizationID}.{tenantID}.{issuerServiceID}), e.g.waltid.tenant1.issuer1
Response
201- Service created successfully.
{
"dependencies": [],
"traversable": true,
"_id": "waltid.tenant1.issuer1",
"baseUrl": "http://waltid.enterprise.localhost:3000",
"kms": "waltid.tenant1.kms1",
"tokenKeyId": "waltid.tenant1.kms1.key1",
"parent": "waltid.tenant1",
"supportedCredentialTypes": {
"identity_credential_vc+sd-jwt": {
"format": "vc+sd-jwt",
"vct": "{vctBaseURL}/identity_credential",
"cryptographic_binding_methods_supported": [
"jwk"
],
"credential_signing_alg_values_supported": [
"ES256"
],
"sdJwtVcTypeMetadata": {
"name": "Identity Credential",
"description": "The Identity Verifiable Credential",
"vct": "{vctBaseURL}/identity_credential"
}
},
"OpenBadgeCredential_jwt_vc_json": {
"format": "jwt_vc_json",
"cryptographic_binding_methods_supported": [
"did"
],
"credential_signing_alg_values_supported": [
"ES256"
],
"credential_definition": {
"type": [
"VerifiableCredential",
"OpenBadgeCredential"
]
}
}
},
"displayConfigurations": [
{
"name": "walt.id Enterprise Issuer Service",
"locale": "en-US",
"logo": {
"uri": "http://cdn.walt.id/issuer/logo.png",
"alt_text": "logo specific text goes here"
}
}
]
}
dependencies: List - List of service dependencies.id: ID - Unique ID of this service.baseUrl: String - This URL will be included in the generated OIDC4VC offer, allowing the wallet to know how to reach the issuer. It should reflect your organization's base URL. The general format for this URL ishttps://{orgID}.yourEnterpriseStackUrl.com. For example, if your organization is named myorg and the Enterprise Stack is hosted at the domain enterprise-stack.com, your base URL would be: https://myorg.enterprise-stack.com.kms: - resourceIdentifier - The KMS service used for signing access tokens. The exact key is specified in via thetokenKeyIdfield.tokenKeyId: - resourceIdentifier - A key in the connected KMS service used to sign the access token, which is used by the wallet to get the credential from the credential endpointsupportedCredentialTypes: Object - A map of credentials the issuer supports. This list will be used to generate the issuer metadata.displayConfigurations- issuer display metadata configs. Each object contains specific display information for different languages. To learn more about the display config in general go here
Update Issuer Config
CURL
Endpoint: /v1/{target}/issuer-service-api/configuration/update | API Reference
Example Request
curl -X 'POST' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/issuer-service-api/configuration/update' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourToken}' \
-H 'Content-Type: application/json' \
-d '{
"dependencies": [],
"traversable": true,
"_id": "waltid.tenant1.issuer1",
"supportedCredentialTypes": {
"identity_credential_vc+sd-jwt": {
"format": "vc+sd-jwt",
"vct": "{vctBaseURL}/identity_credential",
"cryptographic_binding_methods_supported": [
"jwk"
],
"credential_signing_alg_values_supported": [
"ES256"
],
"sdJwtVcTypeMetadata": {
"name": "Identity Credential",
"description": "The Identity Verifiable Credential",
"vct": "{vctBaseURL}/identity_credential"
}
},
"OpenBadgeCredential_jwt_vc_json": {
"format": "jwt_vc_json",
"cryptographic_binding_methods_supported": [
"did"
],
"credential_signing_alg_values_supported": [
"ES256"
],
"credential_definition": {
"type": [
"VerifiableCredential",
"OpenBadgeCredential"
]
}
}
},
"tokenKeyId": "waltid.tenant1.kms1.key1",
"kms": "waltid.tenant1.kms1",
"baseUrl": "http://waltid.enterprise.localhost:3000",
"parent": "waltid.tenant1",
"displayConfigurations": [
{
"name": "walt.id Enterprise Issuer Service",
"locale": "en-US",
"logo": {
"uri": "http://cdn.walt.id/issuer/logo.png",
"alt_text": "logo specific text goes here"
}
}
]
}'
Path Parameters
orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is namedtest, your default Base URL will betest.enterprise-sandbox.walt.devwhen using the sandbox environment.target: resourceIdentifier - The target indicates the organization + tenant + issuer service in which to update the configuration({organizationID}.{tenantID}.{issuerServiceID}), e.g.waltid.tenant1.issuer1
Body Parameters
dependencies: List - List of service dependencies.traversable: Boolean - Must betrue.id: ID - Unique ID of this service.supportedCredentialTypes: Object - A map of credentials the issuer supports. This list will be used to generate the issuer metadata.Expand For W3C JWT & SD-JWT Credentials
To specify the support of a W3C credential the object will look as follows:"OpenBadgeCredential_jwt_vc_json": { "format": "jwt_vc_json", "cryptographic_binding_methods_supported": [ "did" ], "credential_signing_alg_values_supported": [ "ES256" ], "credential_definition": { "type": [ "VerifiableCredential", "OpenBadgeCredential" ] } }The key will have the following structure:
[CustomCredentialType]_jwt_vc_json, e.g.OpenBadgeCredential_jwt_vc_jsonInside the object:
format- will bejwt_vc_jsonfor W3C JWT & SD-JWT credentialscryptographic_binding_methods_supported- will bedidcredential_signing_alg_values_supported- will beES256credential_definitiontype- specifies a list of credential types. E.g.[VerifiableCredential, MyCustomCredential]- First Entry: Your list must always start with
VerifiableCredential. - Subsequent Entries: After
VerifiableCredential, you have two options:
- You can add your custom type, such as
CustomCredential. - If your credential is based on another credential (for example,
VerifiableAttestation), first list all the credentials it builds upon, and then add your custom type at the end.
- First Entry: Your list must always start with
Expand For SD-JWT VC Credentials
To specify the support of a SD-JWT VC credential the object will look as follows:"identity_credential_vc+sd-jwt": { "format": "vc+sd-jwt", "vct": "{vctBaseURL}/identity_credential", "cryptographic_binding_methods_supported": [ "jwk" ], "credential_signing_alg_values_supported": [ "ES256" ], "sdJwtVcTypeMetadata": { "name": "Identity Credential", "description": "The Identity Verifiable Credential", "vct": "{vctBaseURL}/identity_credential" } }The key will have the following structure:
[custom_credential_type]_vc+sd-jwt, e.g.identity_credential_vc+sd-jwtInside the object:
format- will bevc+sd-jwtfor SD-JWT VC credentials.vct- will follow the structure{vctBaseURL}/[custom_credential_type], e.g.{vctBaseURL}/custom_credential_type. The vctBaseURL will be replaced during issuance by the issuer API.cryptographic_binding_methods_supported- will bejwkcredential_signing_alg_values_supported- will beES256sdJwtVcTypeMetadataname- Name of the credentialdescription- Description of the credentialvct- Holding the same value as thevctabove.
baseUrl: String - This URL will be included in the generated OIDC4VC offer, allowing the wallet to know how to
reach the issuer. It should reflect your organization's base URL. The general format for this URL
is https://{orgID}.yourEnterpriseStackUrl.com.
For example, if your organization is named myorg and the Enterprise Stack is hosted at the domain
enterprise-stack.com, your base URL would be:
https://myorg.enterprise-stack.com.kms: - resourceIdentifier - A KMS service connect with
the Issuer service. It should be setup under the same tenant.tokenKeyId: - resourceIdentifier - A key in the connected KMS service used
to sign the access token, which is used to get the credential from the credential endpointdisplayConfigurations (optional) - an optional list of objects, where each object contains specific display
information for the issuer for different languages. Including the local option is not mandatory; you can simply provide one object if
localization is not required. To learn more about the display config in general
go here, for object property details
expand below.Expand to learn more about the display config object properties
Display Config Object
{
"name": "walt.id Enterprise Issuer Service",
"locale": "en-US",
"logo": {
"uri": "http://cdn.walt.id/issuer/logo.png",
"alt_text": "Logo of walt.id Enterprise Issuer Service"
}
}
name(optional) String: String value of a display name for the Credential Issuer.locale(optional) String: String value that identifies the language of this object represented as a language tag taken from values defined in BCP47 RFC5646. There MUST be only one object for each language identifier. Example values are:en-US,de-DE, orfr-FR.logo(optional) Object: Object with information about the logo of the Credential Issuer.uriString: String value that contains a URI where the Wallet can obtain the logo of the Credential Issuer.alt_text(optional) String: String value of the alternative text for the logo image.
Response Codes
200- Config updated successfully.