Publish and Resolve VICAL Versions
Use the authenticated publication routes to create new signed versions, then use the public registry routes to distribute the latest or a specific published version.
Service references:
Shared Path Parameters
orgID: When performing operations within an organization, use the organization's Base URL or another valid host alias. For example, if your organization is namedtest, your default Base URL will betest.enterprise-sandbox.waltid.devwhen using the sandbox environment.target: Forpublish,versions/ids, and thelatestregistry routes, use the VICAL service path ({organizationID}.{tenantID}.{vicalServiceID}), for exampletest.tenant1.vical-service. For the version-specificversionsregistry routes, use theversionIdPathreturned bypublishor one of the version targets returned byversions/ids, for exampletest.tenant1.vical-service.versions.production-2026-03-23.
Publish a new VICAL version
Endpoint: /v1/{target}/vical-service-api/publish | API Reference
curl -X 'POST' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/vical-service-api/publish' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {yourToken}' \
-H 'Content-Type: application/json' \
-d '{
"vicalProvider": "Example mDL Trust Provider",
"versionId": "production-2026-03-23",
"issuanceDate": "2026-03-23T10:15:30Z",
"nextUpdate": "2026-04-23T10:15:30Z"
}'
Example Response
{
"versionIdPath": "test.tenant1.vical-service.versions.production-2026-03-23",
"version": "1.0",
"entryCount": 3,
"vicalProvider": "Example mDL Trust Provider",
"date": "2026-03-23T10:15:30Z",
"vicalIssueId": 12,
"nextUpdate": "2026-04-23T10:15:30Z"
}
Body Parameters
vicalProvider: Name of the provider written into the published VICAL.versionId: Optional version identifier. If omitted, the service generates a UUID automatically.issuanceDate: Optional publication timestamp. If omitted, the current time is used.nextUpdate: Optional next planned update timestamp. When provided, it must be later thanissuanceDate.
Response Codes
201- VICAL version published successfully.
Publishing reads all attached X.509 stores and includes every stored vical-entry certificate it finds. The response includes versionIdPath, which you can reuse with the version-specific registry routes below.
List published version targets
Endpoint: /v1/{target}/vical-service-api/versions/ids | API Reference
curl -X 'GET' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/vical-service-api/versions/ids' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {yourToken}'
Example Response
[
"test.tenant1.vical-service.versions.production-2026-03-20",
"test.tenant1.vical-service.versions.production-2026-03-23"
]
Response Codes
200- Published version targets retrieved successfully.
Resolve the latest published artifact
Endpoint: /v1/{target}/vical-service-api/latest | API Reference
This route is public and does not require a bearer token.
curl -X 'GET' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/vical-service-api/latest?format=hex' \
-H 'accept: application/json'
Example Response
"d28443a10126a1045820aabbccddeeff00112233445566778899aabbccddeeff00112233445566778899"
Query Parameters
format: Optional artifact encoding. Supported values arehex(default),base64, andcbor.
Response Codes
200- Latest published artifact retrieved successfully.
When format=cbor, the endpoint returns raw application/cbor bytes. Save the response to a file if you want the binary artifact directly.
Resolve the latest manifest
Endpoint: /v1/{target}/vical-service-api/latest/manifest | API Reference
This route is public and does not require a bearer token.
curl -X 'GET' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/vical-service-api/latest/manifest' \
-H 'accept: application/json'
Example Response
{
"version": "1.0",
"entryCount": 3,
"vicalProvider": "Example mDL Trust Provider",
"date": "2026-03-23T10:15:30Z",
"vicalIssueId": 12,
"nextUpdate": "2026-04-23T10:15:30Z"
}
Response Codes
200- Latest manifest retrieved successfully.
Resolve the latest trust material
Endpoint: /v1/{target}/vical-service-api/latest/trust-material | API Reference
This route is public and does not require a bearer token.
curl -X 'GET' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/vical-service-api/latest/trust-material' \
-H 'accept: application/json'
Example Response
{
"signerCertificatePem": "-----BEGIN CERTIFICATE-----
MIIB4z...
-----END CERTIFICATE-----",
"signerCertificateChainPem": [
"-----BEGIN CERTIFICATE-----
MIIB8T...
-----END CERTIFICATE-----"
]
}
Response Codes
200- Latest trust material retrieved successfully.
Resolve a specific published version
Use the versionIdPath returned by publish or one of the published version targets returned by versions/ids, for example test.tenant1.vical-service.versions.production-2026-03-23.
Resolve a specific artifact
Endpoint: /v1/{target}/vical-service-api/versions | API Reference
This route is public and does not require a bearer token.
curl -X 'GET' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/vical-service-api/versions?format=base64' \
-H 'accept: application/json'
Example Response
"0oRDoQEmoQRYIKq7zN3u/wARIjNEVWZ3iJmqu8zd7v8AESIzRFVmd4iZ"
Response Codes
200- Version-specific artifact retrieved successfully.
Resolve a specific manifest
Endpoint: /v1/{target}/vical-service-api/versions/manifest | API Reference
This route is public and does not require a bearer token. The response body matches the latest manifest shape shown above.
curl -X 'GET' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/vical-service-api/versions/manifest' \
-H 'accept: application/json'
Response Codes
200- Version-specific manifest retrieved successfully.
Resolve a specific trust material snapshot
Endpoint: /v1/{target}/vical-service-api/versions/trust-material | API Reference
This route is public and does not require a bearer token. The response body matches the latest trust material shape shown above.
curl -X 'GET' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/vical-service-api/versions/trust-material' \
-H 'accept: application/json'
Response Codes
200- Version-specific trust material retrieved successfully.
Publish at least one version before calling the latest registry routes. The version-specific versions routes become usable as soon as you have a published version target.