Issuer API Features
Core
| Feature | Highlights | Details |
|---|---|---|
| Stateless API | • Stateless REST API • In-memory session cache (OID4VCI) | Stateless with only OID4VCI session state cached. Run a single container for quick PoCs and focused workloads, keeping ops minimal. |
| Webhooks / Callbacks | • Optional callbacks per issuance • Notifies on offer/claim/error | Supply a callback URL per issuance to mirror progress and outcomes into your systems (logging, analytics, workflows, UI feedback). |
| Key Management (KMS-agnostic) | • ed25519, secp256r1/k1, RSA • External KMS (AWS, Azure, …) | Use external KMS for signing so private keys never leave your boundary. Raw keys possible for PoCs, but KMS is recommended in production. |
| DIDs & Identifiers | • DID:key, DID:jwk, DID:web, … • x509 certificates | Create DIDs/x509 certificates via Issuer API. DID:web docs must be hosted externally (Enterprise Stack offers hosting). |
| Credential Templates / Types | • Flexible data models • No rigid “template” required | Sign arbitrary JSON structures. Register credential type (name + optional display props) in metadata; no rigid DSL required. |
| Issuance Trigger | • Issuer- or Wallet-initiated | Start issuance from backend (Issuer-initiated) or let users start from wallet. |
| Credential Delivery | • QR code / deep link • Digital Credentials API (soon) | Issuer generates OID4VCI offers as QR codes or embedded links. |
| User Authentication | • Pre-Auth (PIN optional) • Auth Code via IdP | Choose pre-auth (PIN optional) or Auth Code with external IdP. Map verified claims to credential fields. |
| Issuance Modes | • Single, batch, deferred | Issue one or many credentials in a single session, immediately or deferred, e.g., bundle ID + entitlements. |
Standards
| Feature | Highlights | Details |
|---|---|---|
| Credentials: Standards | • ISO 18013-5 mDL • ISO/IEC 23220 • SD-JWT VC • W3C VC v1.1+ | Issue standard compliant credentials with popular formats, custom attributes, and schemas. |
| Protocols: OID4VCI & ISO-18013-7 | • OID4VCI Draft 11/13 • OID4VCI v1 (Q4 25) • Pre-Auth & Auth Code | OID4VCI flows supported for SD-JWT VC/W3C VC. ISO-18013-7 for mDL/mdoc issuance. Auth Code flow with OIDC IdPs. |
| Status Management | • Bitstring List v1.0 • StatusList2021 • RevocationList2020 • TokenStatusList | Issue compliant status credentials for revocation, suspension, or custom states. |
| Digital Credentials API (2026) | • Browser/agent API • Wraps OID4VCI & ISO-18013-7 • 1-click UX | Standard browser API so wallets/agents integrate issuance with minimal glue code. Improves DX/UX while reusing protocols. |
Data & Identity
| Feature | Highlights | Details |
|---|---|---|
| Pre-offer Data | • Gather attributes upfront • Fewer user steps • Combine post-offer | Provide credential/subject data upfront to minimize lookups and user steps. Still possible to enrich later with post-offer data functions. |
| Dynamic Data Functions | • Run post-offer, pre-signing • Timestamps, UUIDs, DIDs • Webhooks | Inject time-sensitive or external values (timestamps, subject DID, booking numbers) using built-in functions and webhooks. |
| External IdP | • Map IdP claims via Auth Code | Authenticate at IdP and map verified claims into credential attributes in real time during issuance. |
Lifecycle
| Feature | Highlights | Details |
|---|---|---|
| Revocation & Suspension | • Status field in credentials • Host status lists • Manual updates | Community Stack issues credentials with status fields, but you manage hosting, re-signing, and publishing of status credentials. |
| Expiration & Validity | • Valid-from / expiry • Generated dynamically | Explicit or dynamic validity windows to reflect real-world lifecycles (IDs, passes, tickets). |
Integrations
| Feature | Highlights | Details |
|---|---|---|
| External KMS & Key Types | • Keys in AWS, Azure, Hashicorp, Oracle • ed25519, secp256r1/k1, RSA | Delegate signing to external KMS; keys never leave HSM boundary. Supports multiple curves and RSA with rotation/monitoring. |
| Trust Registries | • eIDAS2 • EBSI | Integrates with trust registries of major ID ecosystems. |
Branding
| Feature | Highlights | Details |
|---|---|---|
| Issuer Metadata | • Per-type styling (colors, logo, description) • Wallets fetch/cache | Define reusable branding per credential type so wallets show consistent visuals without embedding styling in each credential. |
| Embedded in Credential | • Per-instance display data | Embed display attributes for variants of the same type when distinct visuals are needed (e.g., ticket tiers). |
Deployment
| Feature | Highlights | Details |
|---|---|---|
| Single-Image Deployment | • One Docker image • In-memory sessions • Redis optional | Deploy a single stateless Issuer for pilots and narrow workloads. Use Redis to share sessions across nodes. Enterprise Stack supports multi-tenant/stateful ops. |
ID Ecosystems
| Feature | Highlights | Details |
|---|---|---|
| EMEA | • EU (eIDAS2, EBSI), Switzerland (SWIYU) | Issuance aligned with emerging regional trust frameworks. |
| APAC | • New Zealand (DISTF), Australia, Thailand, Japan, … | Issuance aligned with emerging regional trust frameworks. |
| Americas | • US, Canada, Brazil, … | Issuance aligned with emerging regional trust frameworks. |
| Custom | • Bring your own ID ecosystem | Issuer can be adapted to comply with custom ecosystems. |
Last updated on November 3, 2025