Skip to main content
API docs by Redocly

Identus Cloud Agent API Reference (1.40.0)

Download OpenAPI specification:Download

License: Apache 2.0

The Identus Cloud Agent API facilitates the integration and management of self-sovereign identity capabilities within applications. It supports DID (Decentralized Identifiers) management, verifiable credential exchange, and secure messaging based on DIDComm standards. The API is designed to be interoperable with various blockchain and DLT (Distributed Ledger Technology) platforms, ensuring wide compatibility and flexibility. Key features include connection management, credential issuance and verification, and secure, privacy-preserving communication between entities. Additional information and the full list of capabilities can be found in the Open Enterprise Agent documentation

Connections Management

The Connections Management endpoints facilitate the initiation of connection flows between the current Agent and peer Agents, regardless of whether they reside in Cloud Agent or edge environments. This implementation adheres to the DIDComm Messaging v2.0 - Out of Band Messages specification section 9.5.4 - to generate invitations. The from field of the out-of-band invitation message contains a freshly generated Peer DID that complies with the did:peer:2 specification. This Peer DID includes the 'uri' location of the DIDComm messaging service, essential for the invitee's subsequent execution of the connection flow. Upon accepting an invitation, the invitee sends a connection request to the inviter's DIDComm messaging service endpoint. The connection request's 'type' attribute must be specified as "https://atalaprism.io/mercury/connections/1.0/request". The inviter agent responds with a connection response message, indicated by a 'type' attribute of "https://atalaprism.io/mercury/connections/1.0/response". Both request and response types are proprietary to the Open Enterprise Agent ecosystem.

Retrieves the list of connection flow records available from the Agent's database.

Retrieve of a list containing connections available from the Agent's database. The API returns a comprehensive collection of connection flow records within the system, regardless of their state. Each connection item includes essential metadata such as connection ID, thread ID, state, role, participant information, and other relevant details. Pagination support is available, allowing for efficient handling of large datasets.

Authorizations:
apiKeyAuthjwtAuth
query Parameters
offset
integer <int32>

The number of items to skip before returning results. Default is 0 if not specified.

limit
integer <int32>

The maximum number of items to return. Defaults to 100 if not specified.

thid
string

The thid, shared between the inviter and the invitee, that uniquely identifies a connection flow.

Responses

Response samples

Content type
application/json
{
  • "contents": [ ],
  • "kind": "ConnectionsPage",
  • "self": "/cloud-agent/connections?offset=10&limit=10",
  • "pageOf": "",
  • "next": "/cloud-agent/connections?offset=20&limit=10",
  • "previous": "/cloud-agent/connections?offset=0&limit=10"
}

Create a new connection invitation that can be delivered out-of-band to a peer Agent.

Create a new connection invitation that can be delivered out-of-band to a peer Agent, regardless of whether it resides in Cloud Agent or edge environment. The generated invitation adheres to the DIDComm Messaging v2.0 - Out of Band Messages specification section 9.5.4. The from field of the out-of-band invitation message contains a freshly generated Peer DID that complies with the did:peer:2 specification. This Peer DID includes the 'uri' location of the DIDComm messaging service, essential for the invitee's subsequent execution of the connection flow. In the Agent database, the created connection record has an initial state set to InvitationGenerated. The request body may contain a label that can be used as a human readable alias for the connection, for example {'label': "Connection with Bob"}

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required

JSON object required for the connection creation.

label
string

A human readable alias for the connection.

goalCode
string

A self-attested code the receiver may want to display to the user or use in automatically deciding what to do with the out-of-band message.

goal
string

A self-attested string that the receiver may want to display to the user about the context-specific goal of the out-of-band message.

Responses

Request samples

Content type
application/json
{
  • "label": "Peter",
  • "goalCode": "issue-vc",
  • "goal": "To issue a Faber College Graduate credential"
}

Response samples

Content type
application/json
{}

Retrieves a specific connection flow record from the Agent's database based on its unique `connectionId`.

Retrieve a specific connection flow record from the Agent's database based in its unique connectionId. The returned item includes essential metadata such as connection ID, thread ID, state, role, participant information, and other relevant details.

Authorizations:
apiKeyAuthjwtAuth
path Parameters
connectionId
required
string <uuid>

The connectionId uniquely identifying the connection flow record.

Responses

Response samples

Content type
application/json
{}

Accept a new connection invitation received out-of-band from another peer Agent.

Accept an new connection invitation received out-of-band from another peer Agent. The invitation must be compliant with the DIDComm Messaging v2.0 - Out of Band Messages specification section 9.5.4. A new connection record with state ConnectionRequestPending will be created in the agent database and later processed by a background job to send a connection request to the peer Agent. The created record will contain a newly generated pairwise Peer DID used for that connection. A connection request will then be sent to the peer Agent to actually establish the connection, moving the record state to ConnectionRequestSent, and waiting the connection response from the peer Agent.

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required

The request used by an invitee to accept a connection invitation received from an inviter, using out-of-band mechanism.

invitation
required
string

The base64-encoded raw out-of-band invitation.

Responses

Request samples

Content type
application/json
{
  • "invitation": "eyJAaWQiOiIzZmE4NWY2NC01NzE3LTQ1NjItYjNmYy0yYzk2M2Y2NmFmYTYiLCJAdHlwZSI6Imh0dHBzOi8vZGlkY29tbS5vcmcvbXktZmFtaWx5LzEuMC9teS1tZXNzYWdlLXR5cGUiLCJkaWQiOiJXZ1d4cXp0ck5vb0c5MlJYdnhTVFd2IiwiaW1hZ2VVcmwiOiJodHRwOi8vMTkyLjE2OC41Ni4xMDEvaW1nL2xvZ28uanBnIiwibGFiZWwiOiJCb2IiLCJyZWNpcGllbnRLZXlzIjpbIkgzQzJBVnZMTXY2Z21NTmFtM3VWQWpacGZrY0pDd0R3blpuNnozd1htcVBWIl0sInJvdXRpbmdLZXlzIjpbIkgzQzJBVnZMTXY2Z21NTmFtM3VWQWpacGZrY0pDd0R3blpuNnozd1htcVBWIl0sInNlcnZpY2VFbmRwb2ludCI6Imh0dHA6Ly8xOTIuMTY4LjU2LjEwMTo4MDIwIn0="
}

Response samples

Content type
application/json
{}

Issue Credentials Protocol

The Issue Credentials Protocol endpoints facilitate the initiation of credential issuance flows between the current Agent and peer Agents, regardless of whether they reside in Cloud Agent or edge environments. This implementation adheres to the Issue Credential Protocol 3.0 specification to execute credential issuance flows. The flow is initiated by the issuer who creates a credential offer and sends it to the holder's DIDComm messaging service endpoint. Upon accepting the received offer, the holder sends a credential request to the issuer. The issuer agent will then issue the credential (JWT or AnonCreds) and send an issue credential message containing the verifiable credential to the holder. The current implementation only supports one of the three alternative beginnings proposed in the spec, which is "the Issuer begin with an offer".

As a credential issuer, create a new credential offer that will be sent to a holder Agent.

Creates a new credential offer that will be delivered, through a previously established DIDComm connection, to a holder Agent. The subsequent credential offer message adheres to the Issue Credential Protocol 3.0 - Offer Credential specification. The created offer can be of two types: 'JWT' or 'AnonCreds'.

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required

The credential offer object.

validityPeriod
number <double>

The validity period in seconds of the verifiable credential that will be issued.

Array of strings or string

The URL pointing to the JSON schema that will be used for this offer (should be 'http' or 'https'). When dereferenced, the returned content should be a JSON schema compliant with the 'Draft 2020-12' version of the specification. Note that this parameter only applies when the offer is of type 'JWT'.

credentialDefinitionId
string <uuid>

The unique identifier (UUID) of the credential definition that will be used for this offer. It should be the identifier of a credential definition that exists in the issuer agent's database. Note that this parameter only applies when the offer is of type 'AnonCreds'.

credentialFormat
string

The credential format for this offer (defaults to 'JWT')

claims
required
any

The set of claims that will be included in the issued credential. The JSON object should comply with the schema applicable for this offer (i.e. 'schemaId' or 'credentialDefinitionId').

automaticIssuance
boolean

Specifies whether or not the credential should be automatically generated and issued when receiving the CredentialRequest from the holder. If set to false, a manual approval by the issuer via another API call will be required for the VC to be issued.

issuingDID
required
string

The issuer Prism DID by which the verifiable credential will be issued. DID can be short for or long form.

issuingKid
string

Specified the key ID (kid) of the DID, it will be used to sign credential. User should specify just the partial identifier of the key. The full id of the kid MUST be "#" Note the cryto algorithm used with depend type of the key.

connectionId
string <uuid>

The unique identifier of a DIDComm connection that already exists between the this issuer agent and the holder cloud or edeg agent. It should be the identifier of a connection that exists in the issuer agent's database. This connection will be used to execute the issue credential protocol. Note: connectionId is only required when the offer is from existing connection. connectionId is not required when the offer is from invitation for connectionless issuance.

goalCode
string

A self-attested code the receiver may want to display to the user or use in automatically deciding what to do with the out-of-band message. goalcode is optional and can be provided when the offer is from invitation for connectionless issuance.

goal
string

A self-attested string that the receiver may want to display to the user about the context-specific goal of the out-of-band message. goal is optional and can be provided when the offer is from invitation for connectionless issuance.

Responses

Request samples

Content type
application/json
{
  • "validityPeriod": 3600,
  • "schemaId": "https://agent-host.com/cloud-agent/schema-registry/schemas/d9569cec-c81e-4779-aa86-0d5994d82676/schema",
  • "credentialDefinitionId": "d9569cec-c81e-4779-aa86-0d5994d82676",
  • "credentialFormat": "JWT",
  • "claims": {
    },
  • "automaticIssuance": true,
  • "issuingDID": "did:prism:3bb0505d13fcb04d28a48234edb27b0d4e6d7e18a81e2c1abab58f3bbc21ce6f",
  • "issuingKid": "kid1",
  • "connectionId": "d9569cec-c81e-4779-aa86-0d5994d82676",
  • "goalCode": "issue-vc",
  • "goal": "To issue a Faber College Graduate credential"
}

Response samples

Content type
application/json
{}

As a credential issuer, create a new credential offer Invitation that will be delivered as out-of-band to a peer Agent.

Creates a new credential offer invitation to be delivered as an out-of-band message. The invitation message adheres to the OOB specification as outlined here, with the credential offer message attached according to the Issue Credential Protocol 3.0 - Offer Credential specification. The created offer attachment can be of three types: 'JWT', 'AnonCreds', or 'SDJWT'.

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required

The credential offer object.

validityPeriod
number <double>

The validity period in seconds of the verifiable credential that will be issued.

Array of strings or string

The URL pointing to the JSON schema that will be used for this offer (should be 'http' or 'https'). When dereferenced, the returned content should be a JSON schema compliant with the 'Draft 2020-12' version of the specification. Note that this parameter only applies when the offer is of type 'JWT'.

credentialDefinitionId
string <uuid>

The unique identifier (UUID) of the credential definition that will be used for this offer. It should be the identifier of a credential definition that exists in the issuer agent's database. Note that this parameter only applies when the offer is of type 'AnonCreds'.

credentialFormat
string

The credential format for this offer (defaults to 'JWT')

claims
required
any

The set of claims that will be included in the issued credential. The JSON object should comply with the schema applicable for this offer (i.e. 'schemaId' or 'credentialDefinitionId').

automaticIssuance
boolean

Specifies whether or not the credential should be automatically generated and issued when receiving the CredentialRequest from the holder. If set to false, a manual approval by the issuer via another API call will be required for the VC to be issued.

issuingDID
required
string

The issuer Prism DID by which the verifiable credential will be issued. DID can be short for or long form.

issuingKid
string

Specified the key ID (kid) of the DID, it will be used to sign credential. User should specify just the partial identifier of the key. The full id of the kid MUST be "#" Note the cryto algorithm used with depend type of the key.

connectionId
string <uuid>

The unique identifier of a DIDComm connection that already exists between the this issuer agent and the holder cloud or edeg agent. It should be the identifier of a connection that exists in the issuer agent's database. This connection will be used to execute the issue credential protocol. Note: connectionId is only required when the offer is from existing connection. connectionId is not required when the offer is from invitation for connectionless issuance.

goalCode
string

A self-attested code the receiver may want to display to the user or use in automatically deciding what to do with the out-of-band message. goalcode is optional and can be provided when the offer is from invitation for connectionless issuance.

goal
string

A self-attested string that the receiver may want to display to the user about the context-specific goal of the out-of-band message. goal is optional and can be provided when the offer is from invitation for connectionless issuance.

Responses

Request samples

Content type
application/json
{
  • "validityPeriod": 3600,
  • "schemaId": "https://agent-host.com/cloud-agent/schema-registry/schemas/d9569cec-c81e-4779-aa86-0d5994d82676/schema",
  • "credentialDefinitionId": "d9569cec-c81e-4779-aa86-0d5994d82676",
  • "credentialFormat": "JWT",
  • "claims": {
    },
  • "automaticIssuance": true,
  • "issuingDID": "did:prism:3bb0505d13fcb04d28a48234edb27b0d4e6d7e18a81e2c1abab58f3bbc21ce6f",
  • "issuingKid": "kid1",
  • "connectionId": "d9569cec-c81e-4779-aa86-0d5994d82676",
  • "goalCode": "issue-vc",
  • "goal": "To issue a Faber College Graduate credential"
}

Response samples

Content type
application/json
{}

As a holder, accept a new credential offer invitation received from another issuer Agent.

As a holder, accept a new credential offer invitation received from an issuer Agent. The credential offer request message from issuer is decoded and processed. New record with RequestReceived state is created.

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required

The accept credential offer Invitation OOB message.

invitation
required
string

The base64-encoded raw invitation.

Responses

Request samples

Content type
application/json
{
  • "invitation": "eyJAaWQiOiIzZmE4NWY2NC01NzE3LTQ1NjItYjNmYy0yYzk2M2Y2NmFmYTYiLCJAdHlwZSI6Imh0dHBzOi8vZGlkY29tbS5vcmcvbXktZmFtaWx5LzEuMC9teS1tZXNzYWdlLXR5cGUiLCJkaWQiOiJXZ1d4cXp0ck5vb0c5MlJYdnhTVFd2IiwiaW1hZ2VVcmwiOiJodHRwOi8vMTkyLjE2OC41Ni4xMDEvaW1nL2xvZ28uanBnIiwibGFiZWwiOiJCb2IiLCJyZWNpcGllbnRLZXlzIjpbIkgzQzJBVnZMTXY2Z21NTmFtM3VWQWpacGZrY0pDd0R3blpuNnozd1htcVBWIl0sInJvdXRpbmdLZXlzIjpbIkgzQzJBVnZMTXY2Z21NTmFtM3VWQWpacGZrY0pDd0R3blpuNnozd1htcVBWIl0sInNlcnZpY2VFbmRwb2ludCI6Imh0dHA6Ly8xOTIuMTY4LjU2LjEwMTo4MDIwIn0="
}

Response samples

Content type
application/json
{}

Retrieves the list of issue credential records from the Agent's database.

Retrieves the list of issue credential records from the Agent's database. The API returns a comprehensive collection of issue credential flow records within the system, regardless of their state. The returned items include essential metadata such as record ID, thread ID, state, role, issued credential, and other relevant details.

Authorizations:
apiKeyAuthjwtAuth
query Parameters
offset
integer <int32>

The number of items to skip before returning results. Default is 0 if not specified.

limit
integer <int32>

The maximum number of items to return. Defaults to 100 if not specified.

thid
string

The thread ID associated with a specific credential issue flow execution.

Responses

Response samples

Content type
application/json
{
  • "contents": [ ],
  • "kind": "Collection",
  • "self": "/cloud-agent/issue-credentials/records?offset=10&limit=10",
  • "pageOf": "/cloud-agent/issue-credentials/records",
  • "next": "/cloud-agent/issue-credentials/records?offset=20&limit=10",
  • "previous": "/cloud-agent/issue-credentials/records?offset=0&limit=10"
}

Retrieves a specific issue credential flow record from the Agent's database based on its unique `recordId`.

Retrieves a specific issue credential flow record from the Agent's database based on its unique recordId. The API returns a comprehensive collection of issue credential flow records within the system, regardless of their state. The returned items include essential metadata such as record ID, thread ID, state, role, issued credential, and other relevant details.

Authorizations:
apiKeyAuthjwtAuth
path Parameters
recordId
required
string

The recordId uniquely identifying the issue credential flow record.

Responses

Response samples

Content type
application/json
{}

As a holder, accept a new credential offer received from another issuer Agent.

As a holder, accept a new credential offer received from an issuer Agent. The subsequent credential request message sent to the issuer adheres to the Issue Credential Protocol 3.0 - Request Credential specification.

Authorizations:
apiKeyAuthjwtAuth
path Parameters
recordId
required
string

The recordId uniquely identifying the issue credential flow record.

Request Body schema: application/json
required

The accept credential offer request object.

subjectId
string

The short-form subject Prism DID to which the JWT verifiable credential will be issued. This parameter only applies if the offer is of type 'JWT'.

keyId
string

The short-form subject Prism DID to which the JWT verifiable credential will be issued. This parameter only applies if the offer is of type 'JWT'.

Responses

Request samples

Content type
application/json
{
  • "subjectId": "did:prism:3bb0505d13fcb04d28a48234edb27b0d4e6d7e18a81e2c1abab58f3bbc21ce6f",
  • "keyId": "did:prism:3bb0505d13fcb04d28a48234edb27b0d4e6d7e18a81e2c1abab58f3bbc21ce6f"
}

Response samples

Content type
application/json
{}

As an issuer, issues the verifiable credential related the identified issuance flow record.

As an issuer, issues the verifiable credential related the identified issuance flow record. The JWT or AnonCreds credential will be generated and sent to the holder Agent asynchronously and through DIDComm. Note that this endpoint should only be called when automatic issuance is disabled for this record (i.e. automaticIssuance attribute set to false at offer creation time).

Authorizations:
apiKeyAuthjwtAuth
path Parameters
recordId
required
string

The recordId uniquely identifying the issue credential flow record.

Responses

Response samples

Content type
application/json
{}

Verification

The Verification endpoints enable the management and lookup of verification policies,which are applied to W3C Verifiable Credentials in JWT format.

Users can retrieve and paginate existing policies or create new ones. These policies determine the verification criteria, allowing users to specify constraints such as schemaId and trustedIssuers in the current implementation.

The constraints are defined using the schemaId and a sequence of trustedIssuers. This functionality ensures the system's integrity and adherence to specific verification requirements.

Endpoints are secured by apiKeyAuth or jwtAuth authentication.

Lookup verification policies by query

Lookup verification policies by name, and control the pagination by offset and limit parameters

Authorizations:
apiKeyAuthjwtAuth
query Parameters
name
string

A human-readable name for the verification policy. The name cannot be empty.

offset
integer <int32>
limit
integer <int32>
order
string

Responses

Response samples

Content type
application/json
{
  • "self": "/cloud-agent/verification/policies?name=Trusted&offset=0&limit=10",
  • "kind": "VerificationPolicyPage",
  • "pageOf": "/cloud-agent/verification/policies",
  • "next": "/cloud-agent/verification/policies?skip=20&limit=10",
  • "previous": "/cloud-agent/verification/policies?skip=0&limit=10",
  • "contents": [
    ]
}

Create the new verification policy

Create the new verification policy

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required

Create verification policy object

id
string <uuid>

A unique identifier to address the verification policy instance. UUID is generated by the backend.

name
required
string non-empty

A human-readable name for the verification policy. The name cannot be empty.

description
required
string

A human-readable description of the verification policy.

Array of objects (VerificationPolicyConstraint)

The object that describes the constraints of the verification policy. Each constraint is a tuple of the schemaId and a set of DIDs of the trusted issuers.

Responses

Request samples

Content type
application/json
{
  • "id": "0527aea1-d131-3948-a34d-03af39aba8b5",
  • "name": "Trusted Issuers Verification Policy",
  • "description": "Verification policy that checks if the credential was issued by a trusted issuer.",
  • "constraints": []
}

Response samples

Content type
application/json
{
  • "self": "/cloud-agent/verification/policies/0527aea1-d131-3948-a34d-03af39aba8b4",
  • "kind": "VerificationPolicy",
  • "id": "0527aea1-d131-3948-a34d-03af39aba8b5",
  • "nonce": 1234,
  • "name": "Trusted Issuers Verification Policy",
  • "description": "Verification policy that checks if the credential was issued by a trusted issuer.",
  • "createdAt": "2022-03-10T12:00Z",
  • "updatedAt": "2022-03-10T12:00Z",
  • "constraints": []
}

Fetch the verification policy by id

Get the verification policy by id

Authorizations:
apiKeyAuthjwtAuth
path Parameters
id
required
string <uuid>

Get the verification policy by id

Responses

Response samples

Content type
application/json
{
  • "self": "/cloud-agent/verification/policies/0527aea1-d131-3948-a34d-03af39aba8b4",
  • "kind": "VerificationPolicy",
  • "id": "0527aea1-d131-3948-a34d-03af39aba8b5",
  • "nonce": 1234,
  • "name": "Trusted Issuers Verification Policy",
  • "description": "Verification policy that checks if the credential was issued by a trusted issuer.",
  • "createdAt": "2022-03-10T12:00Z",
  • "updatedAt": "2022-03-10T12:00Z",
  • "constraints": []
}

Update the verification policy object by id

Update the verification policy entry

Authorizations:
apiKeyAuthjwtAuth
path Parameters
id
required
string <uuid>
query Parameters
nonce
required
integer <int32>

Nonce of the previous VerificationPolicy

Request Body schema: application/json
required

Update verification policy object

id
string <uuid>

A unique identifier to address the verification policy instance. UUID is generated by the backend.

name
required
string non-empty

A human-readable name for the verification policy. The name cannot be empty.

description
required
string

A human-readable description of the verification policy.

Array of objects (VerificationPolicyConstraint)

The object that describes the constraints of the verification policy. Each constraint is a tuple of the schemaId and a set of DIDs of the trusted issuers.

Responses

Request samples

Content type
application/json
{
  • "id": "0527aea1-d131-3948-a34d-03af39aba8b5",
  • "name": "Trusted Issuers Verification Policy",
  • "description": "Verification policy that checks if the credential was issued by a trusted issuer.",
  • "constraints": []
}

Response samples

Content type
application/json
{
  • "self": "/cloud-agent/verification/policies/0527aea1-d131-3948-a34d-03af39aba8b4",
  • "kind": "VerificationPolicy",
  • "id": "0527aea1-d131-3948-a34d-03af39aba8b5",
  • "nonce": 1234,
  • "name": "Trusted Issuers Verification Policy",
  • "description": "Verification policy that checks if the credential was issued by a trusted issuer.",
  • "createdAt": "2022-03-10T12:00Z",
  • "updatedAt": "2022-03-10T12:00Z",
  • "constraints": []
}

Deleted the verification policy by id

Delete the verification policy by id

Authorizations:
apiKeyAuthjwtAuth
path Parameters
id
required
string <uuid>

Delete the verification policy by id

Responses

Response samples

Content type
application/json
{
  • "status": 200,
  • "type": "https://example.org/doc/#model-MalformedEmail/",
  • "title": "Malformed email",
  • "detail": "The received '{}à!è@!.b}' email does not conform to the email format",
  • "instance": "The received '{}à!è@!.b}' email does not conform to the email format"
}

Schema Registry

The Schema Registry is a REST API that allows to publish and lookup credential schemas in W3C and AnonCreds formats.

The Credential Schema is a JSON document that describes the structure of the credential and consists of the following parts: metadata, schema and signature. The metadata contains the following fields:

  • id - locally unique identifier of the schema
  • version - version of the schema
  • author - the DID of the issuer of the schema
  • guid - globally unique identifier of the schema (generated by the Schema Registry based on author, id and version)
  • name - name of the schema
  • tags - list of tags that describe the schema
  • createdAt - timestamp of the schema creation
  • description - description of the schema

The schema contains the JSON Schema that describes the structure of the credential in the schema field The signature contains the signature of the schema by the issuer in the proof field. The signature is generated by the issuer's DID key using Ed25519Signature2020 method.

The Credential Schema object is immutable, so update operation creates a new version of the schema. The Credential Schema is referenced via schemaId field in the issuance and verification flows.

Endpoints are secured by apiKeyAuth or jwtAuth authentication.

Credential Schema documentation

Lookup schemas by indexed fields

Lookup schemas by author, name, tags parameters and control the pagination by offset and limit parameters

Authorizations:
apiKeyAuthjwtAuth
query Parameters
author
string
Example: author=did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff
name
string
Example: name=DrivingLicense
version
string
Example: version=1.0.0
tags
string
Example: tags=driving
offset
integer <int32>

The number of items to skip before returning results. Default is 0 if not specified.

limit
integer <int32>

The maximum number of items to return. Defaults to 100 if not specified.

order
string

Responses

Response samples

Content type
application/json
{
  • "contents": [ ],
  • "kind": "CredentialSchemaPage",
  • "self": "/cloud-agent/schema-registry/schemas?skip=10&limit=10",
  • "pageOf": "/cloud-agent/schema-registry/schemas",
  • "next": "/cloud-agent/schema-registry/schemas?skip=20&limit=10",
  • "previous": "/cloud-agent/schema-registry/schemas?skip=0&limit=10"
}

Publish new schema to the schema registry, http url resolvable

Create the new credential schema record with metadata and internal JSON Schema on behalf of Cloud Agent. The credential schema will be signed by the keys of Cloud Agent and issued by the DID that corresponds to it.

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required

JSON object required for the credential schema creation

name
required
string non-empty

A human-readable name for the credential schema. A piece of Metadata.

version
required
string^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-...

Denotes the revision of a given Credential Schema. It should follow semantic version convention to describe the impact of the schema evolution.

description
string non-empty

A human-readable description of the credential schema

type
required
string

This field resolves to a JSON schema with details about the schema metadata that applies to the schema. A piece of Metadata.

schema
required
any

Valid JSON Schema where the Credential Schema data fields are defined. A piece of Metadata

tags
Array of strings

Tokens that allow to lookup and filter the credential schema records.

author
required
string^did:(?<method>[a-z0-9]+(:[a-z0-9]+)*)\:(?<id...

DID of the identity which authored the credential schema. A piece of Metadata.

Responses

Request samples

Content type
application/json
{
  • "name": "DrivingLicense",
  • "version": "1.0.0",
  • "description": "Simple credential schema for the driving licence verifiable credential.",
  • "type": "https://w3c-ccg.github.io/vc-json-schemas/schema/2.0/schema.json",
  • "schema": {
    },
  • "tags": [
    ],
  • "author": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff"
}

Response samples

Content type
application/json
{
  • "guid": "0527aea1-d131-3948-a34d-03af39aba8b4",
  • "id": "0527aea1-d131-3948-a34d-03af39aba8b5",
  • "longId": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff/0527aea1-d131-3948-a34d-03af39aba8b4?version=1.0.0",
  • "name": "DrivingLicense",
  • "version": "1.0.0",
  • "tags": [
    ],
  • "description": "Simple credential schema for the driving licence verifiable credential.",
  • "type": "https://w3c-ccg.github.io/vc-json-schemas/schema/2.0/schema.json",
  • "schema": {
    },
  • "author": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff",
  • "authored": "2022-03-10T12:00Z",
  • "proof": {
    },
  • "resolutionMethod": "http",
  • "kind": "CredentialSchema",
  • "self": "/cloud-agent/schema-registry/schemas/0527aea1-d131-3948-a34d-03af39aba8b4"
}

Lookup schemas by indexed fields

Lookup schemas by author, name, tags parameters and control the pagination by offset and limit parameters

Authorizations:
apiKeyAuthjwtAuth
query Parameters
author
string
Example: author=did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff
name
string
Example: name=DrivingLicense
version
string
Example: version=1.0.0
tags
string
Example: tags=driving
offset
integer <int32>

The number of items to skip before returning results. Default is 0 if not specified.

limit
integer <int32>

The maximum number of items to return. Defaults to 100 if not specified.

order
string

Responses

Response samples

Content type
application/json
{
  • "contents": [ ],
  • "kind": "CredentialSchemaPage",
  • "self": "/cloud-agent/schema-registry/schemas/did-url?skip=10&limit=10",
  • "pageOf": "/cloud-agent/schema-registry/schemas/did-url",
  • "next": "/cloud-agent/schema-registry/schemas/did-url?skip=20&limit=10",
  • "previous": "/cloud-agent/schema-registry/schemas/did-url?skip=0&limit=10"
}

Publish new schema to the schema registry, did url resolvable

Create the new credential schema record with metadata and internal JSON Schema on behalf of Cloud Agent. The credential schema will be signed by the keys of Cloud Agent and issued by the DID that corresponds to it.

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required

JSON object required for the credential schema creation

name
required
string non-empty

A human-readable name for the credential schema. A piece of Metadata.

version
required
string^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-...

Denotes the revision of a given Credential Schema. It should follow semantic version convention to describe the impact of the schema evolution.

description
string non-empty

A human-readable description of the credential schema

type
required
string

This field resolves to a JSON schema with details about the schema metadata that applies to the schema. A piece of Metadata.

schema
required
any

Valid JSON Schema where the Credential Schema data fields are defined. A piece of Metadata

tags
Array of strings

Tokens that allow to lookup and filter the credential schema records.

author
required
string^did:(?<method>[a-z0-9]+(:[a-z0-9]+)*)\:(?<id...

DID of the identity which authored the credential schema. A piece of Metadata.

Responses

Request samples

Content type
application/json
{
  • "name": "DrivingLicense",
  • "version": "1.0.0",
  • "description": "Simple credential schema for the driving licence verifiable credential.",
  • "type": "https://w3c-ccg.github.io/vc-json-schemas/schema/2.0/schema.json",
  • "schema": {
    },
  • "tags": [
    ],
  • "author": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff"
}

Response samples

Content type
application/json
{
  • "resource": "",
  • "url": "did:prism:462c4811bf61d7de25b3baf86c5d2f0609b4debe53792d297bf612269bf8593a?resourceService=agent-base-url&resourcePath=credential-definition-registry/definitions/did-url/ef3e4135-8fcf-3ce7-b5bb-df37defc13f6?resourceHash=4074bb1a8e0ea45437ad86763cd7e12de3fe8349ef19113df773b0d65c8a9c46"
}

Publish the new version of the credential schema to the schema registry

Publish the new version of the credential schema record with metadata and internal JSON Schema on behalf of Cloud Agent. The credential schema will be signed by the keys of Cloud Agent and issued by the DID that corresponds to it.

Authorizations:
apiKeyAuthjwtAuth
path Parameters
id
required
string <uuid>

A locally unique identifier to address the schema. UUID is generated by the backend.

Request Body schema: application/json
required

JSON object required for the credential schema update

name
required
string non-empty

A human-readable name for the credential schema. A piece of Metadata.

version
required
string^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-...

Denotes the revision of a given Credential Schema. It should follow semantic version convention to describe the impact of the schema evolution.

description
string non-empty

A human-readable description of the credential schema

type
required
string

This field resolves to a JSON schema with details about the schema metadata that applies to the schema. A piece of Metadata.

schema
required
any

Valid JSON Schema where the Credential Schema data fields are defined. A piece of Metadata

tags
Array of strings

Tokens that allow to lookup and filter the credential schema records.

author
required
string^did:(?<method>[a-z0-9]+(:[a-z0-9]+)*)\:(?<id...

DID of the identity which authored the credential schema. A piece of Metadata.

Responses

Request samples

Content type
application/json
{
  • "name": "DrivingLicense",
  • "version": "1.0.0",
  • "description": "Simple credential schema for the driving licence verifiable credential.",
  • "type": "https://w3c-ccg.github.io/vc-json-schemas/schema/2.0/schema.json",
  • "schema": {
    },
  • "tags": [
    ],
  • "author": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff"
}

Response samples

Content type
application/json
{
  • "guid": "0527aea1-d131-3948-a34d-03af39aba8b4",
  • "id": "0527aea1-d131-3948-a34d-03af39aba8b5",
  • "longId": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff/0527aea1-d131-3948-a34d-03af39aba8b4?version=1.0.0",
  • "name": "DrivingLicense",
  • "version": "1.0.0",
  • "tags": [
    ],
  • "description": "Simple credential schema for the driving licence verifiable credential.",
  • "type": "https://w3c-ccg.github.io/vc-json-schemas/schema/2.0/schema.json",
  • "schema": {
    },
  • "author": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff",
  • "authored": "2022-03-10T12:00Z",
  • "proof": {
    },
  • "resolutionMethod": "http",
  • "kind": "CredentialSchema",
  • "self": "/cloud-agent/schema-registry/schemas/0527aea1-d131-3948-a34d-03af39aba8b4"
}

Publish the new version of the credential schema to the schema registry

Publish the new version of the credential schema record with metadata and internal JSON Schema on behalf of Cloud Agent. The credential schema will be signed by the keys of Cloud Agent and issued by the DID that corresponds to it.

Authorizations:
apiKeyAuthjwtAuth
path Parameters
id
required
string <uuid>

A locally unique identifier to address the schema. UUID is generated by the backend.

Request Body schema: application/json
required

JSON object required for the credential schema update

name
required
string non-empty

A human-readable name for the credential schema. A piece of Metadata.

version
required
string^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-...

Denotes the revision of a given Credential Schema. It should follow semantic version convention to describe the impact of the schema evolution.

description
string non-empty

A human-readable description of the credential schema

type
required
string

This field resolves to a JSON schema with details about the schema metadata that applies to the schema. A piece of Metadata.

schema
required
any

Valid JSON Schema where the Credential Schema data fields are defined. A piece of Metadata

tags
Array of strings

Tokens that allow to lookup and filter the credential schema records.

author
required
string^did:(?<method>[a-z0-9]+(:[a-z0-9]+)*)\:(?<id...

DID of the identity which authored the credential schema. A piece of Metadata.

Responses

Request samples

Content type
application/json
{
  • "name": "DrivingLicense",
  • "version": "1.0.0",
  • "description": "Simple credential schema for the driving licence verifiable credential.",
  • "type": "https://w3c-ccg.github.io/vc-json-schemas/schema/2.0/schema.json",
  • "schema": {
    },
  • "tags": [
    ],
  • "author": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff"
}

Response samples

Content type
application/json
{
  • "resource": "",
  • "url": "did:prism:462c4811bf61d7de25b3baf86c5d2f0609b4debe53792d297bf612269bf8593a?resourceService=agent-base-url&resourcePath=credential-definition-registry/definitions/did-url/ef3e4135-8fcf-3ce7-b5bb-df37defc13f6?resourceHash=4074bb1a8e0ea45437ad86763cd7e12de3fe8349ef19113df773b0d65c8a9c46"
}

Fetch the schema from the registry by `guid`

Fetch the credential schema by the unique identifier

Authorizations:
(apiKeyAuthadminApiKeyAuthjwtAuth)
path Parameters
guid
required
string <uuid>

Responses

Response samples

Content type
application/json
null

Fetch the schema from the registry by `guid`

Fetch the credential schema by the unique identifier

Authorizations:
(apiKeyAuthadminApiKeyAuthjwtAuth)
path Parameters
guid
required
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "resource": "",
  • "url": "did:prism:462c4811bf61d7de25b3baf86c5d2f0609b4debe53792d297bf612269bf8593a?resourceService=agent-base-url&resourcePath=credential-definition-registry/definitions/did-url/ef3e4135-8fcf-3ce7-b5bb-df37defc13f6?resourceHash=4074bb1a8e0ea45437ad86763cd7e12de3fe8349ef19113df773b0d65c8a9c46"
}

Fetch the schema from the registry by `guid`

Fetch the credential schema by the unique identifier

Authorizations:
(apiKeyAuthadminApiKeyAuthjwtAuth)
path Parameters
guid
required
string <uuid>

Globally unique identifier of the credential schema record

Responses

Response samples

Content type
application/json
{
  • "guid": "0527aea1-d131-3948-a34d-03af39aba8b4",
  • "id": "0527aea1-d131-3948-a34d-03af39aba8b5",
  • "longId": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff/0527aea1-d131-3948-a34d-03af39aba8b4?version=1.0.0",
  • "name": "DrivingLicense",
  • "version": "1.0.0",
  • "tags": [
    ],
  • "description": "Simple credential schema for the driving licence verifiable credential.",
  • "type": "https://w3c-ccg.github.io/vc-json-schemas/schema/2.0/schema.json",
  • "schema": {
    },
  • "author": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff",
  • "authored": "2022-03-10T12:00Z",
  • "proof": {
    },
  • "resolutionMethod": "http",
  • "kind": "CredentialSchema",
  • "self": "/cloud-agent/schema-registry/schemas/0527aea1-d131-3948-a34d-03af39aba8b4"
}

Fetch the schema from the registry by `guid`

Fetch the credential schema by the unique identifier

Authorizations:
(apiKeyAuthadminApiKeyAuthjwtAuth)
path Parameters
guid
required
string <uuid>

Globally unique identifier of the credential schema record

Responses

Response samples

Content type
application/json
{
  • "resource": "",
  • "url": "did:prism:462c4811bf61d7de25b3baf86c5d2f0609b4debe53792d297bf612269bf8593a?resourceService=agent-base-url&resourcePath=credential-definition-registry/definitions/did-url/ef3e4135-8fcf-3ce7-b5bb-df37defc13f6?resourceHash=4074bb1a8e0ea45437ad86763cd7e12de3fe8349ef19113df773b0d65c8a9c46"
}

Credential Definition Registry

The Credential Definition Registry is a REST API that allows to publish and lookup Anoncreds Credential Definition entities.

A credential definition is generated by the issuer before credential any issuances and published for anyone (primarily holders and verifiers) to use. In generating the published credential definition, related private data is also generated and held as a secret by the issuer. The secret data includes the private keys necessary to generate signed verifiable credentials that can be presented and verified using the published credential definition.

Endpoints are secured by apiKeyAuth or jwtAuth authentication.

Credential Definition documentation

Lookup credential definitions by indexed fields

Lookup credential definitions by author, name, tag parameters and control the pagination by offset and limit parameters

Authorizations:
apiKeyAuthjwtAuth
query Parameters
author
string
Example: author=did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff
name
string
Example: name=DrivingLicense
version
string
Example: version=1.0.0
tag
string
Example: tag=licence
offset
integer <int32>

The number of items to skip before returning results. Default is 0 if not specified.

limit
integer <int32>

The maximum number of items to return. Defaults to 100 if not specified.

order
string

Responses

Response samples

Content type
application/json
{
  • "contents": [ ],
  • "kind": "CredentialSchemaPage",
  • "self": "/cloud-agent/schema-registry/schemas?skip=10&limit=10",
  • "pageOf": "/cloud-agent/schema-registry/schemas",
  • "next": "/cloud-agent/schema-registry/schemas?skip=20&limit=10",
  • "previous": "/cloud-agent/schema-registry/schemas?skip=0&limit=10"
}

Publish new definition to the definition registry, resolvable by HTTP url

Create the new credential definition record with metadata and internal JSON Schema on behalf of Cloud Agent. The credential definition will be signed by the keys of Cloud Agent and issued by the DID that corresponds to it.

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required

JSON object required for the credential definition creation

name
required
string non-empty

A human-readable name for the credential definition. A piece of Metadata.

description
string non-empty

A human-readable description of the credential definition

version
required
string^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-...

Denotes the revision of a given Credential Definition. It should follow semantic version convention to describe the impact of the credential definition evolution.

tag
required
string

Token that allow to lookup and filter the credential definition records.

author
required
string^did:(?<method>[a-z0-9]+(:[a-z0-9]+)*)\:(?<id...

DID of the identity which authored the credential definition. A piece of Metadata.

schemaId
required
string

The unique identifier of the schema used for this credential definition.

signatureType
required
string

Signature type used in the CredentialDefinition.

supportRevocation
required
boolean

Boolean flag indicating whether revocation is supported for this CredentialDefinition.

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{
  • "guid": "0527aea1-d131-3948-a34d-03af39aba8b4",
  • "id": "0527aea1-d131-3948-a34d-03af39aba8b5",
  • "longId": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff/0527aea1-d131-3948-a34d-03af39aba8b4?version=1.0.0",
  • "name": "DrivingLicense",
  • "version": "1.0.0",
  • "tag": "licence",
  • "description": "Simple credential definition for the driving licence verifiable credential.",
  • "author": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff",
  • "authored": "2022-03-10T12:00Z",
  • "schemaId": "https://agent-host.com/cloud-agent/schema-registry/schemas/d9569cec-c81e-4779-aa86-0d5994d82676",
  • "definition": {
    },
  • "keyCorrectnessProof": null,
  • "signatureType": "CL",
  • "supportRevocation": false,
  • "proof": {
    },
  • "kind": "CredentialDefinition",
  • "self": "/cloud-agent/credential-definition-registry/schemas/0527aea1-d131-3948-a34d-03af39aba8b4"
}

Lookup credential definitions by indexed fields

Lookup DID url resolvable credential definitions by author, name, tag parameters and control the pagination by offset and limit parameters

Authorizations:
apiKeyAuthjwtAuth
query Parameters
author
string
Example: author=did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff
name
string
Example: name=DrivingLicense
version
string
Example: version=1.0.0
tag
string
Example: tag=licence
offset
integer <int32>

The number of items to skip before returning results. Default is 0 if not specified.

limit
integer <int32>

The maximum number of items to return. Defaults to 100 if not specified.

order
string

Responses

Response samples

Content type
application/json
{
  • "contents": [ ],
  • "kind": "CredentialDefinitionPage",
  • "self": "/cloud-agent/credential-definition-registry/definitions?skip=10&limit=10",
  • "pageOf": "/cloud-agent/credential-definition-registry/definitions",
  • "next": "/cloud-agent/credential-definition-registry/definitions?skip=20&limit=10",
  • "previous": "/cloud-agent/credential-definition-registry/definitions?skip=0&limit=10"
}

Publish new definition to the definition registry, resolvable by DID url

Create the new credential definition record with metadata and internal JSON Schema on behalf of the Cloud Agent. The credential definition will be signed by the keys of Cloud Agent and issued by the DID that corresponds to it.

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required

JSON object required for the credential definition creation

name
required
string non-empty

A human-readable name for the credential definition. A piece of Metadata.

description
string non-empty

A human-readable description of the credential definition

version
required
string^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-...

Denotes the revision of a given Credential Definition. It should follow semantic version convention to describe the impact of the credential definition evolution.

tag
required
string

Token that allow to lookup and filter the credential definition records.

author
required
string^did:(?<method>[a-z0-9]+(:[a-z0-9]+)*)\:(?<id...

DID of the identity which authored the credential definition. A piece of Metadata.

schemaId
required
string

The unique identifier of the schema used for this credential definition.

signatureType
required
string

Signature type used in the CredentialDefinition.

supportRevocation
required
boolean

Boolean flag indicating whether revocation is supported for this CredentialDefinition.

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{
  • "guid": "0527aea1-d131-3948-a34d-03af39aba8b4",
  • "id": "0527aea1-d131-3948-a34d-03af39aba8b5",
  • "longId": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff/0527aea1-d131-3948-a34d-03af39aba8b4?version=1.0.0",
  • "name": "DrivingLicense",
  • "version": "1.0.0",
  • "tag": "licence",
  • "description": "Simple credential definition for the driving licence verifiable credential.",
  • "author": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff",
  • "authored": "2022-03-10T12:00Z",
  • "schemaId": "https://agent-host.com/cloud-agent/schema-registry/schemas/d9569cec-c81e-4779-aa86-0d5994d82676",
  • "definition": {
    },
  • "keyCorrectnessProof": null,
  • "signatureType": "CL",
  • "supportRevocation": false,
  • "proof": {
    },
  • "kind": "CredentialDefinition",
  • "self": "/cloud-agent/credential-definition-registry/schemas/0527aea1-d131-3948-a34d-03af39aba8b4"
}

Fetch the inner definition field of the credential definition from the registry by `guid`

Fetch the inner definition fields of the credential definition by the unique identifier

Authorizations:
(apiKeyAuthadminApiKeyAuthjwtAuth)
path Parameters
guid
required
string <uuid>

Responses

Response samples

Content type
application/json
null

Fetch the inner definition field of the credential definition from the registry by `guid`, wrapped in an envelope

Fetch the inner definition fields of the credential definition by the unique identifier, it should have been crated via DID url, otherwise not found error is returned.

Authorizations:
(apiKeyAuthadminApiKeyAuthjwtAuth)
path Parameters
guid
required
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "resource": "",
  • "url": "did:prism:462c4811bf61d7de25b3baf86c5d2f0609b4debe53792d297bf612269bf8593a?resourceService=agent-base-url&resourcePath=credential-definition-registry/definitions/did-url/ef3e4135-8fcf-3ce7-b5bb-df37defc13f6?resourceHash=4074bb1a8e0ea45437ad86763cd7e12de3fe8349ef19113df773b0d65c8a9c46"
}

Fetch the credential definition from the registry by `guid`

Fetch the credential definition by the unique identifier

Authorizations:
(apiKeyAuthadminApiKeyAuthjwtAuth)
path Parameters
guid
required
string <uuid>

Globally unique identifier of the credential definition record

Responses

Response samples

Content type
application/json
{
  • "guid": "0527aea1-d131-3948-a34d-03af39aba8b4",
  • "id": "0527aea1-d131-3948-a34d-03af39aba8b5",
  • "longId": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff/0527aea1-d131-3948-a34d-03af39aba8b4?version=1.0.0",
  • "name": "DrivingLicense",
  • "version": "1.0.0",
  • "tag": "licence",
  • "description": "Simple credential definition for the driving licence verifiable credential.",
  • "author": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff",
  • "authored": "2022-03-10T12:00Z",
  • "schemaId": "https://agent-host.com/cloud-agent/schema-registry/schemas/d9569cec-c81e-4779-aa86-0d5994d82676",
  • "definition": {
    },
  • "keyCorrectnessProof": null,
  • "signatureType": "CL",
  • "supportRevocation": false,
  • "proof": {
    },
  • "kind": "CredentialDefinition",
  • "self": "/cloud-agent/credential-definition-registry/schemas/0527aea1-d131-3948-a34d-03af39aba8b4"
}

Fetch the credential definition from the registry by `guid`, wrapped in an envelope

Fetch the credential definition by the unique identifier, it should have been crated via DID url, otherwise not found error is returned.

Authorizations:
(apiKeyAuthadminApiKeyAuthjwtAuth)
path Parameters
guid
required
string <uuid>

Globally unique identifier of the credential definition record

Responses

Response samples

Content type
application/json
{
  • "resource": "",
  • "url": "did:prism:462c4811bf61d7de25b3baf86c5d2f0609b4debe53792d297bf612269bf8593a?resourceService=agent-base-url&resourcePath=credential-definition-registry/definitions/did-url/ef3e4135-8fcf-3ce7-b5bb-df37defc13f6?resourceHash=4074bb1a8e0ea45437ad86763cd7e12de3fe8349ef19113df773b0d65c8a9c46"
}

DID

The DID endpoints expose publicly available DID operations.

The key distinction from the DID Registrar endpoints is that it directly exposes the DID resources interfacing with the VDR. It is independent of the key management and the exposed operations are not part of the tenancy within the Agent. It serves as a proxy for interacting with the VDR, facilitating actions like resolving DIDs.

Resolve Prism DID to a W3C representation

Resolve Prism DID to a W3C DID document representation. The response can be the DID resolution result or DID document representation depending on the Accept request header. The response is implemented according to resolver HTTP binding in the DID resolution spec.

Authorizations:
(apiKeyAuthadminApiKeyAuthjwtAuth)
path Parameters
didRef
required
string
Example: did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff

Prism DID according to the Prism DID method syntax

Responses

Response samples

Content type
{
  • "@context": "https://didcomm.org/messaging/contexts/v2",
  • "didDocument": {
    },
  • "didDocumentMetadata": {
    },
  • "didResolutionMetadata": {
    }
}

DID Registrar

The DID Registrar endpoints facilitate the management of PRISM DIDs hosted in the cloud agent.

Implentation of DID management in the cloud agent. The agent securely manages and stores DIDs along with their keys in its secret storage. These endpoints allow users to create, read, update, deactivate, and publish without direct exposure to the key material. These DIDs can be utilized for various operations during issuance and verification processes.

More examples and tutorials can be found in this documentation.

List all DIDs stored in the agent's wallet

List all DIDs stored in the agent's wallet. Return a paginated items ordered by created timestamp.

Authorizations:
apiKeyAuthjwtAuth
query Parameters
offset
integer <int32>

The number of items to skip before returning results. Default is 0 if not specified.

limit
integer <int32>

The maximum number of items to return. Defaults to 100 if not specified.

Responses

Response samples

Content type
application/json
{
  • "self": "string",
  • "kind": "string",
  • "pageOf": "string",
  • "next": "string",
  • "previous": "string",
  • "contents": [
    ]
}

Create an unpublished PRISM DID and store it in the agent's wallet

Create an unpublished PRISM DID and store it in the agent's wallet. The public/private keys of the DID will be derived according to the didDocumentTemplate and managed by the agent. The DID can later be published to the VDR using the publications endpoint. After the DID is created, it has the CREATED status.

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required
required
object (CreateManagedDidRequestDocumentTemplate)
Array of objects (ManagedDIDKeyTemplate)
Array of objects (Service)
contexts
Array of strings

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{
  • "longFormDid": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff:Cr4BCrsBElsKBmF1dGgtMRAEQk8KCXNlY3AyNTZrMRIg0opTuxu-zt6aRbT1tPniG4eu4CYsQPM3rrLzvzNiNgwaIIFTnyT2N4U7qCQ78qtWC3-p0el6Hvv8qxG5uuEw-WgMElwKB21hc3RlcjAQAUJPCglzZWNwMjU2azESIKhBU0eCOO6Vinz_8vhtFSAhYYqrkEXC8PHGxkuIUev8GiAydFHLXb7c22A1Uj_PR21NZp6BCDQqNq2xd244txRgsQ"
}

Get a specific DID stored in the agent's wallet

Get a specific DID stored in the agent's wallet

Authorizations:
apiKeyAuthjwtAuth
path Parameters
didRef
required
string
Example: did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff

Prism DID according to the Prism DID method syntax

Responses

Response samples

Content type
application/json
{
  • "did": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff",
  • "longFormDid": "did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff:Cr4BCrsBElsKBmF1dGgtMRAEQk8KCXNlY3AyNTZrMRIg0opTuxu-zt6aRbT1tPniG4eu4CYsQPM3rrLzvzNiNgwaIIFTnyT2N4U7qCQ78qtWC3-p0el6Hvv8qxG5uuEw-WgMElwKB21hc3RlcjAQAUJPCglzZWNwMjU2azESIKhBU0eCOO6Vinz_8vhtFSAhYYqrkEXC8PHGxkuIUev8GiAydFHLXb7c22A1Uj_PR21NZp6BCDQqNq2xd244txRgsQ",
  • "status": "CREATED"
}

Publish the DID stored in the agent's wallet to the VDR

Initiate the publication of the DID stored in the agent's wallet to the VDR. The publishing process is asynchronous. Attempting to publish the same DID while the previous publication is ongoing will not initiate another publication. After the submission of the DID publication, its status is changed to PUBLICATION_PENDING. Upon confirmation after a predefined number of blocks, the status is changed to PUBLISHED. In case of a failed DID publication, the status is reverted to CREATED.

Authorizations:
apiKeyAuthjwtAuth
path Parameters
didRef
required
string
Example: did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff

Prism DID according to the Prism DID method syntax

Responses

Response samples

Content type
application/json
{
  • "scheduledOperation": {
    }
}

Update DID in the agent's wallet and post update operation to the VDR

Update DID in the agent's wallet and post the update operation to the VDR. Only the DID with status PUBLISHED can be updated. This endpoint updates the DID document from the last confirmed operation. The update operation is asynchornous operation and the agent will reject a new update request if the previous operation is not yet comfirmed.

Authorizations:
apiKeyAuthjwtAuth
path Parameters
didRef
required
string
Example: did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff

Prism DID according to the Prism DID method syntax

Request Body schema: application/json
required
Array of objects (UpdateManagedDIDRequestAction)
Array
actionType
required
string (ActionType)
Enum: "ADD_KEY" "ADD_SERVICE" "PATCH_CONTEXT" "REMOVE_KEY" "REMOVE_SERVICE" "UPDATE_SERVICE"
object (ManagedDIDKeyTemplate)

A key-pair template to add to DID document.

object (RemoveEntryById)
object (Service)

A service that should appear in the DID document. https://www.w3.org/TR/did-core/#services

object (RemoveEntryById)
object (UpdateManagedDIDServiceAction)

A patch to existing Service. 'type' and 'serviceEndpoint' cannot both be empty.

object (PatchContextAction)

Responses

Request samples

Content type
application/json
{
  • "actions": [
    ]
}

Response samples

Content type
application/json
{
  • "scheduledOperation": {
    }
}

Deactivate DID in the agent's wallet and post deactivate operation to the VDR

Deactivate DID in the agent's wallet and post deactivate operation to the VDR. Only the DID with status PUBLISHED can be deactivated. The deactivate operation is asynchornous operation and the agent will reject a new deactivate request if the previous operation is not yet comfirmed.

Authorizations:
apiKeyAuthjwtAuth
path Parameters
didRef
required
string
Example: did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff

Prism DID according to the Prism DID method syntax

Responses

Response samples

Content type
application/json
{
  • "scheduledOperation": {
    }
}

Wallet Management

The Wallet Management endpoints enable both users and administrators to manage wallets.

In a multitenant agent, wallet is a container for various resources (e.g. Connections, DIDs) and it isolates the access based on the authorization settings. Admnistrator can utilize the endpoints to manage and onboard tenants. See this example for instructions how to utilize the endpoints for administrator. Tenants can also manage and onboard their own wallets using these endpoints depending on the configuration. See this document for a detailed example for self-service tenants onboarding.

Wallet permissions are controlled by UMA configuration which the agent exposes endpoints to easily configure wallet access using uma-permissions resource. The permissions can also be configured out-of-band directly on the external IAM provider that supports the UMA standard.

List all permitted wallets

List all permitted wallets. If the role is admin, returns all the wallets. If the role is tenant, only return permitted wallets.

Authorizations:
adminApiKeyAuthapiKeyAuthjwtAuth
query Parameters
offset
integer <int32>

The number of items to skip before returning results. Default is 0 if not specified.

limit
integer <int32>

The maximum number of items to return. Defaults to 100 if not specified.

Responses

Response samples

Content type
application/json
{
  • "self": "string",
  • "kind": "string",
  • "pageOf": "string",
  • "next": "string",
  • "previous": "string",
  • "contents": [
    ]
}

Create a new wallet

Create a new wallet with the option to provide the seed. The seed will be used for all PRISM DID keypair derivation within the wallet.

If the role is admin, a wallet can be created at any time. If the role is tenant, a wallet can only be created if there is no existing wallet permission for that tenant. The permission for the tenant will be automatically granted after the wallet is created with tenant role.

Authorizations:
adminApiKeyAuthapiKeyAuthjwtAuth
Request Body schema: application/json
required
seed
string

A BIP32 seed encoded in hexadecimal string. It is expected to represent 64-bytes binary seed (128 hex characters).

name
required
string [ 1 .. 128 ] characters

A name of the wallet

id
string <uuid>

The unique id of the wallet. Randomly generated if not specified.

Responses

Request samples

Content type
application/json
{
  • "seed": "c9994785ce6d548134020f610b76102ca1075d3bb672a75ec8c9a27a7b8607e3b9b384e43b77bb08f8d5159651ae38b98573f7ecc79f2d7e1f1cc371ce60cf8a",
  • "name": "my-wallet-1",
  • "id": "00000000-0000-0000-0000-000000000000"
}

Response samples

Content type
application/json
{
  • "id": "00000000-0000-0000-0000-000000000000",
  • "name": "my-wallet-1",
  • "createdAt": "2023-01-01T00:00:00Z",
  • "updatedAt": "2023-01-01T00:00:00Z"
}

Get the wallet by ID

Get the wallet by ID. If the role is tenant, only search the ID of permitted wallets.

Authorizations:
adminApiKeyAuthapiKeyAuthjwtAuth
path Parameters
walletId
required
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "id": "00000000-0000-0000-0000-000000000000",
  • "name": "my-wallet-1",
  • "createdAt": "2023-01-01T00:00:00Z",
  • "updatedAt": "2023-01-01T00:00:00Z"
}

Create a UMA resource permission on an authorization server for the wallet.

Create a UMA resource permission on an authorization server for the wallet. This grants the wallet permission to the specified subject, where the subject denotes the identity of the tenant on an authorization server.

Authorizations:
adminApiKeyAuthapiKeyAuthjwtAuth
path Parameters
walletId
required
string <uuid>
Request Body schema: application/json
required
subject
required
string <uuid>

The subject ID that should be granted the permission to the wallet. This can be found in the sub claim of a JWT token.

Responses

Request samples

Content type
application/json
{
  • "subject": "00000000-0000-0000-0000-000000000000"
}

Response samples

Content type
application/json
{
  • "status": 200,
  • "type": "https://example.org/doc/#model-MalformedEmail/",
  • "title": "Malformed email",
  • "detail": "The received '{}à!è@!.b}' email does not conform to the email format",
  • "instance": "The received '{}à!è@!.b}' email does not conform to the email format"
}

Delete a UMA resource permission on an authorization server for the wallet.

Remove a UMA resource permission on an authorization server for the wallet. This remove the wallet permission to the specified subject, where the subject denotes the identity of the tenant on an authorization server.

Authorizations:
adminApiKeyAuthapiKeyAuthjwtAuth
path Parameters
walletId
required
string <uuid>
query Parameters
subject
required
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "status": 200,
  • "type": "https://example.org/doc/#model-MalformedEmail/",
  • "title": "Malformed email",
  • "detail": "The received '{}à!è@!.b}' email does not conform to the email format",
  • "instance": "The received '{}à!è@!.b}' email does not conform to the email format"
}

System

The System is a REST API that allows to check the system health and scrap the runtime metrics.

The health endpoint returns the current version of the running service. This information can be used to check the health status of the running service in the docker or kubernetes environment.

The metrics endpoint returns the runtime metrics of the running service scraped from the internal prometheus registry. This information is collected by the prometheus server and can be used to monitor the running service.

Check the health status of the running service

Returns the health info object of the running service

Authorizations:
(apiKeyAuthadminApiKeyAuthjwtAuth)

Responses

Response samples

Content type
application/json
{
  • "version": "1.1.0"
}

Collect the runtime metrics of the running service

Returns the metrics of the running service from the internal Prometheus registry

Authorizations:
(apiKeyAuthadminApiKeyAuthjwtAuth)

Responses

Response samples

Content type
application/json
{
  • "status": 200,
  • "type": "https://example.org/doc/#model-MalformedEmail/",
  • "title": "Malformed email",
  • "detail": "The received '{}à!è@!.b}' email does not conform to the email format",
  • "instance": "The received '{}à!è@!.b}' email does not conform to the email format"
}

Events

The Events endpoints enable users to manage event-related resources, such as webhook notifications. These notifications are specifically designed to inform about events occurring within the wallet, including but not limited to:

  • DID publication notifications
  • DIDComm connection notifications
  • Issuance protocol notifications
  • Presentation protocol notifications

For more detailed information regarding event notifications, please refer to this documentation.

List wallet webhook notifications

List all registered webhook notifications. Each webhook notification contains a unique identifier, the URL to which the events are sent, and the custom headers to be included in the dispatched webhook request.

Authorizations:
apiKeyAuthjwtAuth

Responses

Response samples

Content type
application/json
{
  • "self": "string",
  • "kind": "string",
  • "pageOf": "string",
  • "next": "string",
  • "previous": "string",
  • "contents": [
    ]
}

Create wallet webhook notifications

Create a new wallet webhook notification and subscribe to events. A dispatched webhook request may contain static custom headers for authentication or custom metadata.

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required
url
required
string

A URL of webhook for event notification

object (Map_String)

Responses

Request samples

Content type
application/json
{
  • "url": "http://example.com",
  • "customHeaders": {
    }
}

Response samples

Content type
application/json
{
  • "id": "00000000-0000-0000-0000-000000000000",
  • "url": "http://example.com",
  • "customHeaders": {
    },
  • "createdAt": "1970-01-01T00:00:00Z"
}

Delete the wallet webhook notification by `id`

Authorizations:
apiKeyAuthjwtAuth
path Parameters
id
required
string <uuid>

ID of the webhook notification to delete.

Responses

Response samples

Content type
application/json
{
  • "status": 200,
  • "type": "https://example.org/doc/#model-MalformedEmail/",
  • "title": "Malformed email",
  • "detail": "The received '{}à!è@!.b}' email does not conform to the email format",
  • "instance": "The received '{}à!è@!.b}' email does not conform to the email format"
}

Identity and Access Management

The Identity and Access Management endpoints allow agent administrators to manage identity and access management for the agent's tenants. It provides basic built-in IAM capabilities as an alternative to more feature rich external IAM solutions.

Entities are resources that represent individual tenants and wallets act as containers for Self-Sovereign Identity (SSI) resources within the agent. The administrator can grant tenant access to specific wallets by associating the wallet ID with the Entity. Additionally, the administrator can create API keys for entities and provide them to the tenants out-of-band. These API keys can then be used for authorization to access specific wallets.

For more detailed information related to the agent IAM and its usage, please refer to this documentation.

Get all entities

Get all entities with the pagination by offset and limit parameters

Authorizations:
adminApiKeyAuthjwtAuth
query Parameters
offset
integer <int32>

The number of items to skip before returning results. Default is 0 if not specified.

limit
integer <int32>

The maximum number of items to return. Defaults to 100 if not specified.

Responses

Response samples

Content type
application/json
{
  • "contents": [
    ],
  • "kind": "CredentialSchemaPage",
  • "self": "/cloud-agent/schema-registry/schemas?skip=10&limit=10",
  • "pageOf": "/cloud-agent/schema-registry/schemas",
  • "next": "/cloud-agent/schema-registry/schemas?skip=20&limit=10",
  • "previous": "/cloud-agent/schema-registry/schemas?skip=0&limit=10"
}

Create a new entity record

Create the new entity record. The entity record is a representation of the account in the system.

Authorizations:
adminApiKeyAuthjwtAuth
Request Body schema: application/json
required

JSON object required for the entity creation

id
string <uuid>

The new id of the entity to be created. If this field is not provided, the server will generate a new UUID for the entity

name
required
string [ 1 .. 128 ] characters

The new name of the entity to be created. If this field is not provided, the server will generate a random name for the entity

walletId
string <uuid>

The new walletId of the entity to be created. If this field is not provided, the server will set the default walletId

Responses

Request samples

Content type
application/json
{
  • "id": "00000000-0000-0000-0000-000000000000",
  • "name": "John Doe",
  • "walletId": "00000000-0000-0000-0000-000000000000"
}

Response samples

Content type
application/json
{}

Update the entity record name by `id`

Update the entity record name by id

Authorizations:
adminApiKeyAuthjwtAuth
path Parameters
id
required
string <uuid>
Request Body schema: application/json
required

JSON object required for the entity name update

name
required
string [ 1 .. 128 ] characters

New name of the entity

Responses

Request samples

Content type
application/json
{
  • "name": "John Doe"
}

Response samples

Content type
application/json
{}

Update the entity record `walletId` by `id`

Update the entity record walletId field by id

Authorizations:
adminApiKeyAuthjwtAuth
path Parameters
id
required
string <uuid>
Request Body schema: application/json
required

JSON object required for the entity walletId update

walletId
required
string <uuid>

The walletId owned by the entity

Responses

Request samples

Content type
application/json
{
  • "walletId": "00000000-0000-0000-0000-000000000000"
}

Response samples

Content type
application/json
{}

Get the entity by the `id`

Get the entity by the unique identifier

Authorizations:
adminApiKeyAuthjwtAuth
path Parameters
id
required
string <uuid>

Identifier of the entity

Responses

Response samples

Content type
application/json
{}

Delete the entity by `id`

Delete the entity by the unique identifier

Authorizations:
adminApiKeyAuthjwtAuth
path Parameters
id
required
string <uuid>

Identifier of the entity

Responses

Response samples

Content type
application/json
{
  • "status": 200,
  • "type": "https://example.org/doc/#model-MalformedEmail/",
  • "title": "Malformed email",
  • "detail": "The received '{}à!è@!.b}' email does not conform to the email format",
  • "instance": "The received '{}à!è@!.b}' email does not conform to the email format"
}

Register the `apikey` for the entity

Register the apikey for the entity.

Authorizations:
adminApiKeyAuthjwtAuth
Request Body schema: application/json
required

JSON object required for the registering the entity and apikey

entityId
required
string <uuid>

The entityId of the entity to be updated

apiKey
required
string [ 16 .. 128 ] characters

The apikey of the entity to be updated

Responses

Request samples

Content type
application/json
{
  • "entityId": "01234567-0000-0000-0000-000000000000",
  • "apiKey": "dkflks3DflkFmkllnDfde"
}

Response samples

Content type
application/json
{
  • "status": 200,
  • "type": "https://example.org/doc/#model-MalformedEmail/",
  • "title": "Malformed email",
  • "detail": "The received '{}à!è@!.b}' email does not conform to the email format",
  • "instance": "The received '{}à!è@!.b}' email does not conform to the email format"
}

Unregister the `apikey` for the entity

Unregister the apikey for the entity.

Authorizations:
adminApiKeyAuthjwtAuth
Request Body schema: application/json
required

JSON object required for the unregistering the entity and apikey

entityId
required
string <uuid>

The entityId of the entity to be updated

apiKey
required
string [ 16 .. 128 ] characters

The apikey of the entity to be updated

Responses

Request samples

Content type
application/json
{
  • "entityId": "01234567-0000-0000-0000-000000000000",
  • "apiKey": "dkflks3DflkFmkllnDfde"
}

Response samples

Content type
application/json
{
  • "status": 200,
  • "type": "https://example.org/doc/#model-MalformedEmail/",
  • "title": "Malformed email",
  • "detail": "The received '{}à!è@!.b}' email does not conform to the email format",
  • "instance": "The received '{}à!è@!.b}' email does not conform to the email format"
}

Presentation Exchange

The Presentation Exchange endpoints offers a way to manage resources related to presentation exchange protocol.

The verifier can create the resources such as presentation-definition that can be publicly referenced in various protocols such as OpenID for Verificable Presentation.

Get a presentation-definition

Authorizations:
(apiKeyAuthadminApiKeyAuthjwtAuth)
path Parameters
id
required
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "input_descriptors": [
    ],
  • "name": "string",
  • "purpose": "string",
  • "format": {
    }
}

List all presentation-definitions

List all presentation-definitions in the wallet. Return a paginated items ordered by created timestamp.

Authorizations:
apiKeyAuthjwtAuth
query Parameters
offset
integer <int32>

The number of items to skip before returning results. Default is 0 if not specified.

limit
integer <int32>

The maximum number of items to return. Defaults to 100 if not specified.

Responses

Response samples

Content type
application/json
{
  • "self": "string",
  • "kind": "string",
  • "pageOf": "string",
  • "next": "string",
  • "previous": "string",
  • "contents": [
    ]
}

Create a new presentation-definition

Create a presentation-definition object according to the presentation exchange protocol. The POST endpoint is restricted to the owner of the wallet. The presentation-definition object, however can be referenced by publicly by id returned in the response.

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required
Array of objects (InputDescriptor)
name
string
purpose
string
object (ClaimFormat)

Responses

Request samples

Content type
application/json
{
  • "input_descriptors": [
    ],
  • "name": "string",
  • "purpose": "string",
  • "format": {
    }
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "input_descriptors": [
    ],
  • "name": "string",
  • "purpose": "string",
  • "format": {
    }
}

Credential status list

Fetch credential status list by its ID

Fetch credential status list by its ID

Authorizations:
(apiKeyAuthadminApiKeyAuthjwtAuth)
path Parameters
id
required
string <uuid>

Globally unique identifier of the credential status list

Responses

Response samples

Content type
application/json
{
  • "@context": [],
  • "type": [
    ],
  • "issuer": "did:prism:462c4811bf61d7de25b3baf86c5d2f0609b4debe53792d297bf612269bf8593a",
  • "id": "http://issuer-agent.com/credential-status/060a2bec-6d6f-4c1f-9414-d3c9dbd3ccc9",
  • "issuanceDate": "2024-11-05T11:32:21.556400758Z",
  • "credentialSubject": {
    },
  • "proof": {
    }
}

Revoke a credential by its ID

Marks credential to be ready for revocation, it will be revoked automatically

Authorizations:
apiKeyAuthjwtAuth
path Parameters
id
required
string

Revoke a credential by its ID

Responses

Response samples

Content type
application/json
{
  • "status": 200,
  • "type": "https://example.org/doc/#model-MalformedEmail/",
  • "title": "Malformed email",
  • "detail": "The received '{}à!è@!.b}' email does not conform to the email format",
  • "instance": "The received '{}à!è@!.b}' email does not conform to the email format"
}

Present Proof

Gets the list of proof presentation records.

Get the list of proof presentation records and its status that the Agent have at moment

Authorizations:
apiKeyAuthjwtAuth
query Parameters
offset
integer <int32>

The number of items to skip before returning results. Default is 0 if not specified.

limit
integer <int32>

The maximum number of items to return. Defaults to 100 if not specified.

thid
string

Filter by the DID Comm message's 'thid' of presentProof

Responses

Response samples

Content type
application/json
{}

As a Verifier, create a new proof presentation request and send it to the Prover.

Holder presents proof derived from the verifiable credential to verifier.

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required

The present proof creation request.

goalCode
string

A self-attested code the receiver may want to display to the user or use in automatically deciding what to do with the out-of-band message. goalcode is optional and can be provided when the presentation request is from invitation for connectionless verification.

goal
string

A self-attested string that the receiver may want to display to the user about the context-specific goal of the out-of-band message. goal is optional and can be provided when the presentation request is from invitation for connectionless verification.

connectionId
string <uuid>

The unique identifier of a DIDComm connection that already exists between the this verifier agent and the prover cloud or edeg agent. It should be the identifier of a connection that exists in the verifier agent's database. This connection will be used to execute the present proof protocol. Note: connectionId is only required when the presentation request is from existing connection. connectionId is not required when the presentation request is from invitation for connectionless issuance.

object (Options)

The options to use when creating the proof presentation request (e.g., domain, challenge).

Array of objects (ProofRequestAux)

The type of proofs requested in the context of this proof presentation request (e.g., VC schema, trusted issuers, etc.)

object (AnoncredPresentationRequestV1)

Anoncred Presentation Request

presentationFormat
string (PresentCredentialRequestFormat)
Enum: "Anoncred" "JWT" "SDJWT"

The presentation format to display in Didcomm messages (default to 'prism/jwt', vc+sd-jwt or anoncreds/proof-request@v1.0)

claims
object (Obj)

The set of claims to be disclosed from the issued credential. The JSON object should comply with the schema applicable for this offer (i.e. 'schemaId' or 'credentialDefinitionId').

credentialFormat
string

The credential format (default to 'JWT')

Responses

Request samples

Content type
application/json
{
  • "goalCode": "present-vp",
  • "goal": "Request proof of vaccine",
  • "connectionId": "d9569cec-c81e-4779-aa86-0d5994d82676",
  • "options": {},
  • "proofs": [ ],
  • "anoncredPresentationRequest": "AnoncredPresentationRequestV1(Map(attribute1 -> AnoncredRequestedAttributeV1(Attribute 1,List(Map(cred_def_id -> credential_definition_id_of_attribute1)),Some(AnoncredNonRevokedIntervalV1(Some(1635734400),Some(1735734400))))),Map(predicate1 -> AnoncredRequestedPredicateV1(Predicate 1,>=,18,List(Map(schema_id -> schema_id_of_predicate1)),Some(AnoncredNonRevokedIntervalV1(Some(1635734400),None)))),Example Presentation Request,1234567890,1.0,None)",
  • "presentationFormat": "prism/jwt",
  • "claims": {
    },
  • "credentialFormat": "JWT"
}

Response samples

Content type
application/json
{}

Gets an existing proof presentation record by its unique identifier. More information on the error can be found in the response body.

Returns an existing presentation record by id.

Authorizations:
apiKeyAuthjwtAuth
path Parameters
presentationId
required
string <uuid>

The unique identifier of the presentation record.

Responses

Response samples

Content type
application/json
{}

Updates the proof presentation record matching the unique identifier, with the specific action to perform.

Accept or reject presentation of proof request.

Authorizations:
apiKeyAuthjwtAuth
path Parameters
presentationId
required
string <uuid>

The unique identifier of the presentation record.

Request Body schema: application/json
required

The action to perform on the proof presentation record.

action
required
string
Enum: "request-accept" "request-reject" "presentation-accept" "presentation-reject"

The action to perform on the proof presentation record.

proofId
Array of strings

The unique identifier of the issue credential record - and hence VC - to use as the prover accepts the presentation request. Only applicable on the prover side when the action is request-accept.

object (AnoncredCredentialProofsV1)

A list of proofs from the Anoncred library, each corresponding to a credential.

claims
object (Obj)

The set of claims to be disclosed from the issued credential. The JSON object should comply with the schema applicable for this offer (i.e. 'schemaId' or 'credentialDefinitionId').

credentialFormat
string

The credential format (default to 'JWT')

Responses

Request samples

Content type
application/json
{
  • "action": "request-accept",
  • "proofId": [
    ],
  • "anoncredPresentationRequest": {
    },
  • "claims": {
    },
  • "credentialFormat": "JWT"
}

Response samples

Content type
application/json
{}

As a Verifier, create a new OOB Invitation as proof presentation request that can be delivered out-of-band to a invitee/prover.

Create a new presentation request invitation that can be delivered out-of-band to a peer Agent, regardless of whether it resides in Cloud Agent or edge environment. The generated invitation adheres to the DIDComm Messaging v2.0 - Out of Band Messages specification section 9.5.4. The from field of the out-of-band invitation message contains a freshly generated Peer DID that complies with the did:peer:2 specification. This Peer DID includes the 'uri' location of the DIDComm messaging service, essential for the prover's subsequent execution of the connection flow. In the Agent database, the created presentation record has an initial state set to InvitationGenerated. The invitation is in the form of a presentation request (as described https://github.com/decentralized-identity/waci-didcomm/blob/main/present_proof/present-proof-v3.md), which is included as an attachment in the OOB DIDComm message sent to the invitee/prover.

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required

The present proof creation request.

goalCode
string

A self-attested code the receiver may want to display to the user or use in automatically deciding what to do with the out-of-band message. goalcode is optional and can be provided when the presentation request is from invitation for connectionless verification.

goal
string

A self-attested string that the receiver may want to display to the user about the context-specific goal of the out-of-band message. goal is optional and can be provided when the presentation request is from invitation for connectionless verification.

connectionId
string <uuid>

The unique identifier of a DIDComm connection that already exists between the this verifier agent and the prover cloud or edeg agent. It should be the identifier of a connection that exists in the verifier agent's database. This connection will be used to execute the present proof protocol. Note: connectionId is only required when the presentation request is from existing connection. connectionId is not required when the presentation request is from invitation for connectionless issuance.

object (Options)

The options to use when creating the proof presentation request (e.g., domain, challenge).

Array of objects (ProofRequestAux)

The type of proofs requested in the context of this proof presentation request (e.g., VC schema, trusted issuers, etc.)

object (AnoncredPresentationRequestV1)

Anoncred Presentation Request

presentationFormat
string (PresentCredentialRequestFormat)
Enum: "Anoncred" "JWT" "SDJWT"

The presentation format to display in Didcomm messages (default to 'prism/jwt', vc+sd-jwt or anoncreds/proof-request@v1.0)

claims
object (Obj)

The set of claims to be disclosed from the issued credential. The JSON object should comply with the schema applicable for this offer (i.e. 'schemaId' or 'credentialDefinitionId').

credentialFormat
string

The credential format (default to 'JWT')

Responses

Request samples

Content type
application/json
{
  • "goalCode": "present-vp",
  • "goal": "Request proof of vaccine",
  • "connectionId": "d9569cec-c81e-4779-aa86-0d5994d82676",
  • "options": {},
  • "proofs": [ ],
  • "anoncredPresentationRequest": "AnoncredPresentationRequestV1(Map(attribute1 -> AnoncredRequestedAttributeV1(Attribute 1,List(Map(cred_def_id -> credential_definition_id_of_attribute1)),Some(AnoncredNonRevokedIntervalV1(Some(1635734400),Some(1735734400))))),Map(predicate1 -> AnoncredRequestedPredicateV1(Predicate 1,>=,18,List(Map(schema_id -> schema_id_of_predicate1)),Some(AnoncredNonRevokedIntervalV1(Some(1635734400),None)))),Example Presentation Request,1234567890,1.0,None)",
  • "presentationFormat": "prism/jwt",
  • "claims": {
    },
  • "credentialFormat": "JWT"
}

Response samples

Content type
application/json
{}

Decode the invitation extract Request Presentation and Create the proof presentation record with RequestReceived state.

Accept Invitation for request presentation

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required

The action to perform on the proof presentation request invitation.

invitation
required
string

The base64-encoded raw invitation.

Responses

Request samples

Content type
application/json
{
  • "invitation": "eyJAaWQiOiIzZmE4NWY2NC01NzE3LTQ1NjItYjNmYy0yYzk2M2Y2NmFmYTYiLCJAdHlwZSI6Imh0dHBzOi8vZGlkY29tbS5vcmcvbXktZmFtaWx5LzEuMC9teS1tZXNzYWdlLXR5cGUiLCJkaWQiOiJXZ1d4cXp0ck5vb0c5MlJYdnhTVFd2IiwiaW1hZ2VVcmwiOiJodHRwOi8vMTkyLjE2OC41Ni4xMDEvaW1nL2xvZ28uanBnIiwibGFiZWwiOiJCb2IiLCJyZWNpcGllbnRLZXlzIjpbIkgzQzJBVnZMTXY2Z21NTmFtM3VWQWpacGZrY0pDd0R3blpuNnozd1htcVBWIl0sInJvdXRpbmdLZXlzIjpbIkgzQzJBVnZMTXY2Z21NTmFtM3VWQWpacGZrY0pDd0R3blpuNnozd1htcVBWIl0sInNlcnZpY2VFbmRwb2ludCI6Imh0dHA6Ly8xOTIuMTY4LjU2LjEwMTo4MDIwIn0="
}

Response samples

Content type
application/json
{}

Verifiable Credentials Verification

Verify a set of credentials as a Verifier

Endpoint to verify a set of verifiable credentials as a Verifier.

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
optional

List of verifiable credentials to verify

Array
credential
required
string

Encoded Verifiable Credential to verify

Array of objects (ParameterizableVcVerification)

The list of verifications to perform on the credential. If the list is empty, all available verifications will be performed.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
[
  • {
    }
]

OpenID for Verifiable Credential Issuance

Credential Endpoint

OID for VCI Credential Endpoint

Authorizations:
NonejwtAuth
path Parameters
issuerId
required
string <uuid>
Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

An issuer identifier in the oid4vci protocol

Request Body schema: application/json
required
format
required
string (CredentialFormat)
Value: "jwt_vc_json"
CwtProof (object) or JwtProof (object) or LdpProof (object) (Proof2)
credential_identifier
string
object (CredentialResponseEncryption)
object (CredentialDefinition)
anoncreds
required
string

Responses

Request samples

Content type
application/json
Example
{
  • "format": "anoncreds",
  • "proof": {
    },
  • "credential_identifier": "string",
  • "credential_response_encryption": {
    },
  • "credential_definition": {
    },
  • "anoncreds": "string"
}

Response samples

Content type
application/json
Example
{
  • "transaction_id": "string",
  • "c_nonce": "string",
  • "c_nonce_expires_in": 0
}

Create a new credential offer

Create a new credential offer and return a compliant CredentialOffer for the holder's Credential Offer Endpoint.

Authorizations:
apiKeyAuthjwtAuth
path Parameters
issuerId
required
string <uuid>
Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

An issuer identifier in the oid4vci protocol

Request Body schema: application/json
required
credentialConfigurationId
required
string
issuingDID
required
string
claims
required
any

Responses

Request samples

Content type
application/json
{
  • "credentialConfigurationId": "string",
  • "issuingDID": "string",
  • "claims": null
}

Response samples

Content type
application/json
{
  • "credentialOffer": "string"
}

Nonce Endpoint

The endpoint that returns a nonce value for the Token Endpoint

Authorizations:
NonejwtAuth
Request Body schema: application/json
required
issuerState
required
string

Responses

Request samples

Content type
application/json
{
  • "issuerState": "string"
}

Response samples

Content type
application/json
{
  • "nonce": "string",
  • "nonceExpiresIn": 0
}

List all credential issuers

Authorizations:
apiKeyAuthjwtAuth

Responses

Response samples

Content type
application/json
{
  • "self": "string",
  • "kind": "string",
  • "pageOf": "string",
  • "next": "string",
  • "previous": "string",
  • "contents": [
    ]
}

Create a new credential issuer

Authorizations:
apiKeyAuthjwtAuth
Request Body schema: application/json
required
id
string <uuid>
required
object (AuthorizationServer)

Responses

Request samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "authorizationServer": {
    }
}

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "authorizationServerUrl": "string"
}

Delete the credential issuer

Authorizations:
apiKeyAuthjwtAuth
path Parameters
issuerId
required
string <uuid>
Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

An issuer identifier in the oid4vci protocol

Responses

Response samples

Content type
application/json
{
  • "status": 200,
  • "type": "https://example.org/doc/#model-MalformedEmail/",
  • "title": "Malformed email",
  • "detail": "The received '{}à!è@!.b}' email does not conform to the email format",
  • "instance": "The received '{}à!è@!.b}' email does not conform to the email format"
}

Update the credential issuer

Authorizations:
apiKeyAuthjwtAuth
path Parameters
issuerId
required
string <uuid>
Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

An issuer identifier in the oid4vci protocol

Request Body schema: application/json
required
object (PatchAuthorizationServer)
url
string
clientId
string
clientSecret
string

Responses

Request samples

Content type
application/json
{
  • "authorizationServer": {
    }
}

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "authorizationServerUrl": "string"
}

Create a new credential configuration

Create a new credential configuration for the issuer. It represents the configuration of the credential that can be issued by the issuer. This credential configuration object will be displayed in the credential issuer metadata.

Authorizations:
apiKeyAuthjwtAuth
path Parameters
issuerId
required
string <uuid>
Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

An issuer identifier in the oid4vci protocol

Request Body schema: application/json
required
configurationId
required
string
format
required
string (CredentialFormat)
Enum: "anoncreds" "jwt_vc_json" "vc+sd-jwt"
Value: "jwt_vc_json"
schemaId
required
string

Responses

Request samples

Content type
application/json
{
  • "configurationId": "string",
  • "format": "jwt_vc_json",
  • "schemaId": "string"
}

Response samples

Content type
application/json
{
  • "configurationId": "string",
  • "format": "jwt_vc_json",
  • "scope": "string",
  • "schemaId": "string",
  • "createdAt": "2019-08-24T14:15:22Z"
}

Get the credential configuration

Authorizations:
apiKeyAuthjwtAuth
path Parameters
issuerId
required
string <uuid>
Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

An issuer identifier in the oid4vci protocol

credentialConfigId
required
string
Example: UniversityDegree

An identifier for the credential configuration

Responses

Response samples

Content type
application/json
{
  • "configurationId": "string",
  • "format": "jwt_vc_json",
  • "scope": "string",
  • "schemaId": "string",
  • "createdAt": "2019-08-24T14:15:22Z"
}

Delete the credential configuration

Authorizations:
apiKeyAuthjwtAuth
path Parameters
issuerId
required
string <uuid>
Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

An issuer identifier in the oid4vci protocol

credentialConfigId
required
string
Example: UniversityDegree

An identifier for the credential configuration

Responses

Response samples

Content type
application/json
{
  • "status": 200,
  • "type": "https://example.org/doc/#model-MalformedEmail/",
  • "title": "Malformed email",
  • "detail": "The received '{}à!è@!.b}' email does not conform to the email format",
  • "instance": "The received '{}à!è@!.b}' email does not conform to the email format"
}

Get the credential issuer metadata

Authorizations:
(apiKeyAuthadminApiKeyAuthjwtAuth)
path Parameters
issuerId
required
string <uuid>
Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

An issuer identifier in the oid4vci protocol

Responses

Response samples

Content type
application/json
{
  • "credential_issuer": "string",
  • "authorization_servers": [
    ],
  • "credential_endpoint": "string",
  • "credential_configurations_supported": {
    }
}