Credential Presenting
The Wallet API v2 presents credentials to a verifier using OpenID4VP 1.0 with DCQL (Digital Credential Query Language) for credential matching. You hand the wallet a presentation request — typically an openid4vp:// URL from a verifier such as Verifier2 — and the wallet finds matching credentials, builds a presentation, and submits it.
All endpoints live under /v2/{target}/wallet-service-api/, where {target} is the wallet's resource path ({organization}.{tenant}.{wallet-id}).
How It Works
Presenting a credential runs through four steps:
- Resolve the request — parse the verifier's authorization request and read its DCQL query.
- Match credentials — find stored credentials that satisfy the query.
- Build the presentation — sign the selected credential(s) with the holder key.
- Submit — send the presentation to the verifier's response endpoint.
Two Ways to Present
- Full flow — a single call (
POST /v2/{target}/wallet-service-api/credentials/present) auto-matches credentials from the wallet's Credential Stores, signs, and submits. This is what the per-format guides below use. - Custom Flow — drive each step yourself. Use it to preview what will be shared (consent UIs), let the user choose between matches, or present credentials that aren't stored in the wallet.
Selective Disclosure
For SD-JWT VC and mDL, the wallet reveals only the claims the verifier asks for — you don't tell the wallet which claims to disclose, the verifier does, through the claims array of its DCQL query. The wallet resolves the request and discloses accordingly, automatically:
- SD-JWT VC — the verifier's requested paths select which selectively-disclosable claims are revealed. Claims the issuer marked selectively-disclosable that the verifier does not request stay hidden; a claim that isn't selectively-disclosable is always present.
- mDL (mso_mdoc) — every data element is individually disclosable, so the wallet discloses exactly the elements the verifier lists in
claims(by[namespace, element]path) and nothing else.
Supported Formats
Choose the credential type that matches your use case — the flow is identical; the verifier's DCQL query determines what is matched and disclosed:
Need fine-grained control? See Custom Flow.
Using OID4VP Draft 20 (the /v1 API with Presentation Exchange)? See the legacy presenting guides.
