Verifier API Features
Core
| Feature | Highlights | Details |
|---|---|---|
| Stateless API | • Stateless REST API • In-memory session cache (OID4VP) | Stateless by design with only OID4VP session state cached, so you can run a single container for quick PoCs and focused workloads, keeping ops minimal. |
| Webhooks/callbacks for an event driven architecture | • Optional per-session callbacks • Notifies on verification results | Configure callbacks to keep external systems in sync with verification progress and outcomes. |
| Key Management (KMS-agnostic) | • Supports various algorithms (e.g. ed25519, secp256r1/k1, RSA) • Use external KMS for key storage options (AWS, Azure, …) | Use external KMS for signing so private keys never leave your boundary; multiple algorithms supported. Raw keys are possible for dev/PoCs, but KMS is recommended in production. |
| DIDs & Identifiers | • DIDs based on various methods (e.g did:key, did:jwk, did:web, …) • x509 certificates | Use DIDs/x509 certificates; You need to store/host DID:web docs externally (Enterprise Stack offers DID hosting solution). |
| Request Delivery (QR codes & links) | • QR code / deep link • Digital Credentials API (coming soon) | The Verifier generates OID4VP authorization requests which can either be rendered as QR codes for the wallet to scan or be provided as embedded links. |
| Query | • Simple type/format request • Presentation Definition filters/constraints • DCQL queries (coming soon) | Define required credentials using simple params or Presentation Definition; the API generates an OID4VP authorization URL. |
| Bundles/Batch | • Request multiple credentials • Mixed standards/types (e.g., SD-JWT VC, W3C VC, mDL) • Single session, unified validation | Request several credentials in a single flow; the Verifier can validate heterogeneous sets within one VP/session. |
| Verification & Policies Policy engine: static & parameterized | • Pre-build: signatures, validity, schema, Presentation Definition match • Parameterized: allow-issuer, webhook, VICAL • Webhook delegates checks externally • Custom OPA/Rego policies | Apply predefined and parameterized policies—and optionally custom OPA/Rego rules—to enforce business logic. Webhooks can offload any check to external systems. |
| Lifecycle & Trust Lifecycle: expiration & revocation | • Not-before/expiry checks • Revocation/status checks | Enforce validity windows (e.g. valid until) and revocation/status based on various standards (e.g. Bitstring Status List v1.0) on presented credentials. |
| Trust chain validation | • DID/key trust evaluation • For mDL/SD-JWT VC IETF: validate x.509 chain (IACA→DSC) using VICAL/DTS • External trust sources supported (e.g. eIDAS2, EBSI) | Validate Issuer trust via DIDs/keys or, for mDL, via relevant PKI chains; keys/certs can be resolved dynamically or be based on trusted sources (e.g. eIDAS2 trusted lists). |
Standards
| Feature | Highlights | Details |
|---|---|---|
| Credentials: Support for all major credential standards | • ISO 18013-5 mDL • ISO/IEC 23220 • SD-JWT VC IETF • W3C VC v1.1+ • W3C VC v2.0 (coming soon) | Verify standard compliant credentials based on popular formats (incl. custom attribute structures, types and schemas). |
| Protocols: OID4VP flows and ISO-18013-7 | • OID4VP drafts 14/20 • OID4VP v1 (coming soon - available in the Enterprise Stack today) | Interoperable OID4VP exchange across supported drafts using Presentation Definition. DCQL request syntax is coming soon with OID4VP v1 support. |
| Digital Credentials API (coming soon) | • Standard browser/agent API for verification • Wraps OID4VP/ISO-18013-7 flows under the hood • Enables 1-click web integrations, native UX prompts | Provide a standardized browser interface for wallets/agents so web apps can request credentials from users with minimal glue code. Improves DX/UX while relying on existing protocols behind the scenes. |
Integrations
| Feature | Highlights | Details |
|---|---|---|
| Trust Registries | • eIDAS2 • EBSI | Integrates with various trust registries of different ID ecosystems (e.g eIDAS2). |
Deployment
| Feature | Highlights | Details |
|---|---|---|
| Single-image, single-instance deployment | • One Docker image • In-memory session handling | Deploy a single stateless Verifier container for quick starts; great for pilots and narrow workloads. Scale out or adopt the walt.id Enterprise Stack when you need multi-tenant/stateful ops. |
ID Ecosystems
| Feature | Highlights | Details |
|---|---|---|
| EMEA | • EU (eIDAS2, EBSI), Switzerland (SWIYU) | Issuance aligned with (emerging) regional trust frameworks. |
| APAC | • New Zealand (DISTF), Australia, Thailand, Japan, … | Issuance aligned with (emerging) regional trust frameworks. |
| Americas | • US, Canada, Brazil, … | Issuance aligned with (emerging) regional trust frameworks. |
| Custom | • Bring your own ID ecosystem | The verifier can be modified to comply with other ID ecosystems. |
Last updated on November 3, 2025