Setup
We will setup an Issuer service inside of a tenant. If you don't have a tenant yet, you can learn how to create one here.
CURL
Endpoint: /v1/{target}/resource-api/services/create | API Reference
Example Request
curl -X 'POST' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/resource-api/services/create' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourToken}' \
-H 'Content-Type: application/json' \
-d '{
"type": "issuer",
"baseUrl": "http://waltid.enterprise.localhost:3000",
"kms": "waltid.tenant1.kms1",
"tokenKeyId": "waltid.tenant1.kms1.key1",
"supportedCredentialTypes": {
"identity_credential_vc+sd-jwt": {
"format": "vc+sd-jwt",
"vct": "{vctBaseURL}/identity_credential",
"cryptographic_binding_methods_supported": [
"jwk"
],
"credential_signing_alg_values_supported": [
"ES256"
],
"sdJwtVcTypeMetadata": {
"name": "Identity Credential",
"description": "The Identity Verifiable Credential",
"vct": "{vctBaseURL}/identity_credential"
}
},
"OpenBadgeCredential_jwt_vc_json": {
"format": "jwt_vc_json",
"cryptographic_binding_methods_supported": [
"did"
],
"credential_signing_alg_values_supported": [
"ES256"
],
"credential_definition": {
"type": [
"VerifiableCredential",
"OpenBadgeCredential"
]
}
}
},
"displayConfigurations": [
{
"name": "walt.id Enterprise Issuer Service",
"locale": "en-US",
"logo": {
"uri": "http://cdn.walt.id/issuer/logo.png",
"alt_text": "logo specific text goes here"
}
}
]
}'
Body
{
"type": "issuer",
"baseUrl": "http://waltid.enterprise.localhost:3000",
"kms": "waltid.tenant1.kms1",
"tokenKeyId": "waltid.tenant1.kms1.key1",
"supportedCredentialTypes": {
"identity_credential_vc+sd-jwt": {
"format": "vc+sd-jwt",
"vct": "{vctBaseURL}/identity_credential",
"cryptographic_binding_methods_supported": [
"jwk"
],
"credential_signing_alg_values_supported": [
"ES256"
],
"sdJwtVcTypeMetadata": {
"name": "Identity Credential",
"description": "The Identity Verifiable Credential",
"vct": "{vctBaseURL}/identity_credential"
}
},
"OpenBadgeCredential_jwt_vc_json": {
"format": "jwt_vc_json",
"cryptographic_binding_methods_supported": [
"did"
],
"credential_signing_alg_values_supported": [
"ES256"
],
"credential_definition": {
"type": [
"VerifiableCredential",
"OpenBadgeCredential"
]
}
}
},
"displayConfigurations": [
{
"name": "walt.id Enterprise Issuer Service",
"locale": "en-US",
"logo": {
"uri": "http://cdn.walt.id/issuer/logo.png",
"alt_text": "logo specific text goes here"
}
}
]
}
Path Parameters
orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is namedtest, your default Base URL will betest.enterprise-sandbox.walt.devwhen using the sandbox environment.target: resourceIdentifier - The target indicates the organization + tenant in which to create the new Issuer service and the service's ID ({organizationID}.{tenantID}.[NewIssuerServiceID]), e.g.waltid.tenant1.issuer1
Body Parameters
type: serviceType - Specifies the type of service to create. In our caseissuerbaseUrl: String - This URL will be included in the generated OIDC4VC offer, allowing the wallet to know how to reach the issuer. It should reflect your organization's base URL. The general format for this URL ishttps://{orgID}.yourEnterpriseStackUrl.com. For example, if your organization is named myorg and the Enterprise Stack is hosted at the domain enterprise-stack.com, your base URL would be: https://myorg.enterprise-stack.com.kms: - resourceIdentifier - A KMS service you want to connect with the to be created Issuer service. It should be setup under the same tenant.tokenKeyId: - resourceIdentifier - A key in the connected KMS service used to sign the access token, which is used to get the credential from the credential endpointsupportedCredentialTypes: Object - A map of credentials the issuer supports. This list will be used to generate the issuer metadata. This list of supported credentials can be updated also after the initial setup.Expand For W3C JWT & SD-JWT Credentials
To specify the support of a W3C credential the object will look as follows:"OpenBadgeCredential_jwt_vc_json": { "format": "jwt_vc_json", "cryptographic_binding_methods_supported": [ "did" ], "credential_signing_alg_values_supported": [ "ES256" ], "credential_definition": { "type": [ "VerifiableCredential", "OpenBadgeCredential" ] } }The key will have the following structure:
[CustomCredentialType]_jwt_vc_json, e.g.OpenBadgeCredential_jwt_vc_jsonInside the object:
format- will bejwt_vc_jsonfor W3C JWT & SD-JWT credentialscryptographic_binding_methods_supported- will bedidcredential_signing_alg_values_supported- will beES256credential_definitiontype- specifies a list of credential types. E.g.[VerifiableCredential, MyCustomCredential]- First Entry: Your list must always start with
VerifiableCredential. - Subsequent Entries: After
VerifiableCredential, you have two options:
- You can add your custom type, such as
CustomCredential. - If your credential is based on another credential (for example,
VerifiableAttestation), first list all the credentials it builds upon, and then add your custom type at the end.
- First Entry: Your list must always start with
Expand For SD-JWT VC Credentials
To specify the support of a SD-JWT VC credential the object will look as follows:"identity_credential_vc+sd-jwt": { "format": "vc+sd-jwt", "vct": "{vctBaseURL}/identity_credential", "cryptographic_binding_methods_supported": [ "jwk" ], "credential_signing_alg_values_supported": [ "ES256" ], "sdJwtVcTypeMetadata": { "name": "Identity Credential", "description": "The Identity Verifiable Credential", "vct": "{vctBaseURL}/identity_credential" } }The key will have the following structure:
[custom_credential_type]_vc+sd-jwt, e.g.identity_credential_vc+sd-jwtInside the object:
format- will bevc+sd-jwtfor SD-JWT VC credentials.vct- will follow the structure{vctBaseURL}/[custom_credential_type], e.g.{vctBaseURL}/custom_credential_type. The vctBaseURL will be replaced during issuance by the issuer API.cryptographic_binding_methods_supported- will bejwkcredential_signing_alg_values_supported- will beES256sdJwtVcTypeMetadataname- Name of the credentialdescription- Description of the credentialvct- Holding the same value as thevctabove.
displayConfigurations (optional) - an optional list of objects, where each object contains specific display
information for different languages. Including the local option is not mandatory; you can simply provide one object if
localization is not required. To learn more about the display config in general
go here, for object property details
expand below.Expand to learn more about the display config object properties
Display Config Object
{
"name": "walt.id Enterprise Issuer Service",
"locale": "en-US",
"logo": {
"uri": "http://cdn.walt.id/issuer/logo.png",
"alt_text": "Logo of walt.id Enterprise Issuer Service"
}
}
name(optional) String: String value of a display name for the Credential Issuer.locale(optional) String: String value that identifies the language of this object represented as a language tag taken from values defined in BCP47 RFC5646. There MUST be only one object for each language identifier. Example values are:en-US,de-DE, orfr-FR.logo(optional) Object: Object with information about the logo of the Credential Issuer.uriString: String value that contains a URI where the Wallet can obtain the logo of the Credential Issuer.alt_text(optional) String: String value of the alternative text for the logo image.
Response Codes
201- Service created successfully.