Transaction Data Profiles
transaction-data-profiles.conf defines the transaction data types your Enterprise Verifier2 service recognizes for
OpenID4VP transaction_data requests.
The transaction-data-profiles feature is enabled by default in the Enterprise API.
Transaction data types act as namespaces that:
- Enforce which
transaction_data.typevalues the verifier accepts - Define the fields exposed by the Verifier2 transaction-data discovery endpoint
- Drive the Enterprise Verifier2 creation UI, which renders transaction-data inputs from these profiles
- Define the DeviceSigned namespace used for
mso_mdoctransaction-data binding
File Location
The Enterprise Stack reads this configuration from:
waltid-enterprise-api/config/transaction-data-profiles.conf
Fields
transactionDataProfiles
Array of Objects — List of recognized transaction data types. Each profile defines:
| Field | Type | Description |
|---|---|---|
type | String | Required. The transaction data type identifier. Used as the type field in transaction data entries and as the namespace for mso_mdoc DeviceSigned binding. Example: "org.waltid.transaction-data.payment-authorization" |
displayName | String | Human-readable name for this type. Used in the Enterprise Verifier2 UI and discovery endpoint responses. Defaults to type if not specified. |
fields | Array | List of field names expected for this type. Used for UI generation and documentation. Example: ["amount", "currency", "payee"] |
Built-in Profiles
The default Enterprise configuration includes two profiles:
transactionDataProfiles = [
{
type = "org.waltid.transaction-data.payment-authorization"
displayName = "Payment Authorization"
fields = ["amount", "currency", "payee"]
},
{
type = "org.waltid.transaction-data.account-access"
displayName = "Account Access"
fields = ["account_identifier", "access_scope"]
}
]
Discovery Endpoint
Enterprise Verifier2 exposes the configured profiles at:
GET /v1/{target}/verifier2-service-api/transaction-data-profiles
This endpoint requires the CREATE_VERIFIER_SESSION permission on the Verifier2 service target.
Adding Custom Types
To add a custom transaction data type:
- Add a new entry to
transactionDataProfilesinwaltid-enterprise-api/config/transaction-data-profiles.conf - Restart the Enterprise API so the new configuration is loaded
- If your holders use a wallet you manage, ensure that wallet recognizes the same transaction-data type identifiers
Example: Adding a subscription authorization type:
transactionDataProfiles = [
{
type = "org.waltid.transaction-data.payment-authorization"
displayName = "Payment Authorization"
fields = ["amount", "currency", "payee"]
},
{
type = "org.waltid.transaction-data.account-access"
displayName = "Account Access"
fields = ["account_identifier", "access_scope"]
},
{
type = "org.example.subscription-authorization"
displayName = "Subscription Authorization"
fields = ["service_name", "billing_cycle", "price"]
}
]
Only wallets that recognize the same transaction-data type identifiers can successfully present these requests. Keep your verifier and wallet type registries aligned.
Usage in Verification Requests
Once configured, use the profile type in the verification session request:
{
"flow_type": "cross_device",
"core_flow": {
"dcql_query": { ... }
},
"openid": {
"transactionData": [
{
"type": "org.example.subscription-authorization",
"credential_ids": ["pid"],
"require_cryptographic_holder_binding": true,
"transaction_data_hashes_alg": ["sha-256"],
"service_name": "Premium Streaming",
"billing_cycle": "monthly",
"price": "12.99"
}
]
}
}
See Transaction Data Authorization for request constraints and end-to-end examples.