Usage with Wallet Service
Once the Policy Store is set up and attached to a wallet service, it can be used during the verification flow and or the issuance flow. When a wallet attempts to present or receive a credentials, the policies defined in the Policy Store will be evaluated based on their priority.
If a policy's check condition is met, the action specified in the policy will be executed (either ALLOW or BLOCK). This allows for dynamic control over which credentials can be presented based on the defined policies.
Example of a Verification Flow with Policies
CURL
Endpoint:
/v1/{target}/wallet-service-api/credentials/present | API Reference
Example Request
curl -X 'POST' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/wallet-service-api/credentials/present' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-d '{
"requestUrl": "openid4vp://...",
"keyReference": "org1.tenant.kms.key1",
"didReference": "org1.tenant.didstore.did1",
"runPolicies": true
}'
Path Parameters
orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is namedtest, your default Base URL will betest.enterprise-sandbox.walt.devwhen using the sandbox environment.target: resourceIdentifier - The target indicates the organization + tenant + wallet which should be used to present the credential ({organizationID}.{tenantID}.[walletID]), e.g.waltid.tenant1.wallet1- Body Parameters
requestUrlString - An OID4VCP Authorization URL.keyReference(optional) String - The resource ID (target) of the key which owns the credential. Key can be stored in a linked KMS store or provided as a static key as described in the setup section.didReference(optional) String - The DID reference of a DID stored in a linked DID Store.runPolicies(optional) Boolean - If set to true, the wallet will run the policies defined in the attached Policy Store during the presentation flow.
Response Codes
200- Presentation received and is being processed.400- Presentation execution was blocked by Holder Policy.
Response Example
{
"transmission_success" : true,
"verifier_response": {
"status": "received",
"message": "Presentation received and is being processed."
}
}
Example of a claiming Flow with Policies
CURL
Endpoint:
/v1/{target}/wallet-service-api/credentials/receive | API Reference
Example Request
curl -X 'POST' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/wallet-service-api/credentials/receive' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-d '{
"offerUrl": "openid-credential-offer://issuer.example.org/issue/?credential_offer_uri=https%3A%2F%2Fissuer.example.org%2FcredentialOffer%3Fabc123xyz789",
"keyReference": "example.kms.wallet_key",
"didReference": "example.didstore.wallet_did",
"runPolicies": true
}'
Path Parameters
orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is namedtest, your default Base URL will betest.enterprise-sandbox.walt.devwhen using the sandbox environment.target: resourceIdentifier - The target indicates the organization + tenant + wallet which should be used to present the credential ({organizationID}.{tenantID}.[walletID]), e.g.waltid.tenant1.wallet1
Body Parameters
offerUrlString - An OID4VCI offer URL.keyReference(optional) String - The resource ID (target) of the key to which the received credential should be bound.didReference(optional) String - The DID reference of a DID stored in a linked DID Store.key(optional) Object - A key object or reference key object, when using an external KMS, to which the credential should be bound to.runPolicies(optional) Boolean - If set to true, the wallet will run the policies defined in the attached Policy Store during the claiming flow.
Response Codes
200- The issued credentials.400- Issuance execution was not allowed by any Holder Policy.
Response Example
{
"issuanceResult": {
"offeredCredential": {
"format": "jwt_vc_json",
"credential_definition": {
"type": [
"VerifiableCredential",
"OpenBadgeCredential"
]
},
"cryptographic_binding_methods_supported": [
"did"
]
},
"credentialResponse": {
"format": "jwt_vc_json",
"credential": "eyJraWQiOiJkaWQ6andrOmV5SnJkSGtpT2lKUFMxQWlMQ0pqY25ZaU9pSkZaREkxTlRFNUlpd2lhMmxrSWpvaVNuRnlaWE5LUzE5WWIxUkhRVVYyYVhGTlUxRnlaWFpNTFRKSmFEZzBRMnBoY0U1UFdtVlVSaTFNTkNJc0luZ2lPaUpoYVVaRmVYaHFRMVIxWHpaV01UbE9TRmhYUVZSTk4wUmFOelkyVGxGVWIydG1NRkl6UjJKalZIQXdJbjAjSnFyZXNKS19Yb1RHQUV2aXFNU1FyZXZMLTJJaDg0Q2phcE5PWmVURi1MNCIsInR5cCI6IkpXVCIsImFsZyI6IkVkRFNBIn0.eyJpc3MiOiJkaWQ6andrOmV5SnJkSGtpT2lKUFMxQWlMQ0pqY25ZaU9pSkZaREkxTlRFNUlpd2lhMmxrSWpvaVNuRnlaWE5LUzE5WWIxUkhRVVYyYVhGTlUxRnlaWFpNTFRKSmFEZzBRMnBoY0U1UFdtVlVSaTFNTkNJc0luZ2lPaUpoYVVaRmVYaHFRMVIxWHpaV01UbE9TRmhYUVZSTk4wUmFOelkyVGxGVWIydG1NRkl6UjJKalZIQXdJbjAiLCJzdWIiOiJkaWQ6a2V5OnpEbmFlbmk0SEh2NDY3MUJLZlk4TmJFeUVzelhOVWViU2NFbTlUaHI0YkY5ZnQ4cXMiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vcHVybC5pbXNnbG9iYWwub3JnL3NwZWMvb2IvdjNwMC9jb250ZXh0Lmpzb24iXSwiaWQiOiJ1cm46dXVpZDpkNTVlZmVlNS1kNDY4LTQ3OTUtYTg1MS0wMjZmMGFjNzMxZWIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiT3BlbkJhZGdlQ3JlZGVudGlhbCJdLCJuYW1lIjoiSkZGIHggdmMtZWR1IFBsdWdGZXN0IDMgSW50ZXJvcGVyYWJpbGl0eSIsImlzc3VlciI6eyJ0eXBlIjpbIlByb2ZpbGUiXSwibmFtZSI6IkpvYnMgZm9yIHRoZSBGdXR1cmUgKEpGRikiLCJ1cmwiOiJodHRwczovL3d3dy5qZmYub3JnLyIsImltYWdlIjoiaHR0cHM6Ly93M2MtY2NnLmdpdGh1Yi5pby92Yy1lZC9wbHVnZmVzdC0xLTIwMjIvaW1hZ2VzL0pGRl9Mb2dvTG9ja3VwLnBuZyIsImlkIjoiZGlkOmp3azpleUpyZEhraU9pSlBTMUFpTENKamNuWWlPaUpGWkRJMU5URTVJaXdpYTJsa0lqb2lTbkZ5WlhOS1MxOVliMVJIUVVWMmFYRk5VMUZ5WlhaTUxUSkphRGcwUTJwaGNFNVBXbVZVUmkxTU5DSXNJbmdpT2lKaGFVWkZlWGhxUTFSMVh6WldNVGxPU0ZoWFFWUk5OMFJhTnpZMlRsRlViMnRtTUZJelIySmpWSEF3SW4wIn0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7InR5cGUiOlsiQWNoaWV2ZW1lbnRTdWJqZWN0Il0sImFjaGlldmVtZW50Ijp7ImlkIjoidXJuOnV1aWQ6YWMyNTRiZDUtOGZhZC00YmIxLTlkMjktZWZkOTM4NTM2OTI2IiwidHlwZSI6WyJBY2hpZXZlbWVudCJdLCJuYW1lIjoiSkZGIHggdmMtZWR1IFBsdWdGZXN0IDMgSW50ZXJvcGVyYWJpbGl0eSIsImRlc2NyaXB0aW9uIjoiVGhpcyB3YWxsZXQgc3VwcG9ydHMgdGhlIHVzZSBvZiBXM0MgVmVyaWZpYWJsZSBDcmVkZW50aWFscyBhbmQgaGFzIGRlbW9uc3RyYXRlZCBpbnRlcm9wZXJhYmlsaXR5IGR1cmluZyB0aGUgcHJlc2VudGF0aW9uIHJlcXVlc3Qgd29ya2Zsb3cgZHVyaW5nIEpGRiB4IFZDLUVEVSBQbHVnRmVzdCAzLiIsImNyaXRlcmlhIjp7InR5cGUiOiJDcml0ZXJpYSIsIm5hcnJhdGl2ZSI6IldhbGxldCBzb2x1dGlvbnMgcHJvdmlkZXJzIGVhcm5lZCB0aGlzIGJhZGdlIGJ5IGRlbW9uc3RyYXRpbmcgaW50ZXJvcGVyYWJpbGl0eSBkdXJpbmcgdGhlIHByZXNlbnRhdGlvbiByZXF1ZXN0IHdvcmtmbG93LiBUaGlzIGluY2x1ZGVzIHN1Y2Nlc3NmdWxseSByZWNlaXZpbmcgYSBwcmVzZW50YXRpb24gcmVxdWVzdCwgYWxsb3dpbmcgdGhlIGhvbGRlciB0byBzZWxlY3QgYXQgbGVhc3QgdHdvIHR5cGVzIG9mIHZlcmlmaWFibGUgY3JlZGVudGlhbHMgdG8gY3JlYXRlIGEgdmVyaWZpYWJsZSBwcmVzZW50YXRpb24sIHJldHVybmluZyB0aGUgcHJlc2VudGF0aW9uIHRvIHRoZSByZXF1ZXN0b3IsIGFuZCBwYXNzaW5nIHZlcmlmaWNhdGlvbiBvZiB0aGUgcHJlc2VudGF0aW9uIGFuZCB0aGUgaW5jbHVkZWQgY3JlZGVudGlhbHMuIn0sImltYWdlIjp7ImlkIjoiaHR0cHM6Ly93M2MtY2NnLmdpdGh1Yi5pby92Yy1lZC9wbHVnZmVzdC0zLTIwMjMvaW1hZ2VzL0pGRi1WQy1FRFUtUExVR0ZFU1QzLWJhZGdlLWltYWdlLnBuZyIsInR5cGUiOiJJbWFnZSJ9fSwiaWQiOiJkaWQ6a2V5OnpEbmFlbmk0SEh2NDY3MUJLZlk4TmJFeUVzelhOVWViU2NFbTlUaHI0YkY5ZnQ4cXMifSwiaXNzdWFuY2VEYXRlIjoiMjAyNS0wOC0yN1QyMzo0NjowMi43NzQ5NTY2MDBaIiwiZXhwaXJhdGlvbkRhdGUiOiIyMDI2LTA4LTI3VDIzOjQ2OjAyLjc3NDk1NjYwMFoifSwianRpIjoidXJuOnV1aWQ6ZDU1ZWZlZTUtZDQ2OC00Nzk1LWE4NTEtMDI2ZjBhYzczMWViIiwiZXhwIjoxNzg3ODc0MzYyLCJpYXQiOjE3NTYzMzgzNjIsIm5iZiI6MTc1NjMzODM2Mn0.MqUTJA4e_LTHruv7giRBx9Tj9LTmUnnjqnnSsY4-azg02VPjW1QWeanRgU-r5qns_myQuMt3d82nlEUZFixcCg"
}
},
"stored": [
{
"_id": "waltid.tenant1.credentialstore.61e152d2-9c37-4424-9fe8-5484ae286074",
"credential": {
"type": "vc-w3c_1_1",
"disclosables": {},
"credentialData": {
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://purl.imsglobal.org/spec/ob/v3p0/context.json"
],
"id": "urn:uuid:d55efee5-d468-4795-a851-026f0ac731eb",
"type": [
"VerifiableCredential",
"OpenBadgeCredential"
],
"name": "JFF x vc-edu PlugFest 3 Interoperability",
"issuer": {
"type": [
"Profile"
],
"name": "Jobs for the Future (JFF)",
"url": "https://www.jff.org/",
"image": "https://w3c-ccg.github.io/vc-ed/plugfest-1-2022/images/JFF_LogoLockup.png",
"id": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5Iiwia2lkIjoiSnFyZXNKS19Yb1RHQUV2aXFNU1FyZXZMLTJJaDg0Q2phcE5PWmVURi1MNCIsIngiOiJhaUZFeXhqQ1R1XzZWMTlOSFhXQVRNN0RaNzY2TlFUb2tmMFIzR2JjVHAwIn0"
},
"credentialSubject": {
"type": [
"AchievementSubject"
],
"achievement": {
"id": "urn:uuid:ac254bd5-8fad-4bb1-9d29-efd938536926",
"type": [
"Achievement"
],
"name": "JFF x vc-edu PlugFest 3 Interoperability",
"description": "This wallet supports the use of W3C Verifiable Credentials and has demonstrated interoperability during the presentation request workflow during JFF x VC-EDU PlugFest 3.",
"criteria": {
"type": "Criteria",
"narrative": "Wallet solutions providers earned this badge by demonstrating interoperability during the presentation request workflow. This includes successfully receiving a presentation request, allowing the holder to select at least two types of verifiable credentials to create a verifiable presentation, returning the presentation to the requestor, and passing verification of the presentation and the included credentials."
},
"image": {
"id": "https://w3c-ccg.github.io/vc-ed/plugfest-3-2023/images/JFF-VC-EDU-PLUGFEST3-badge-image.png",
"type": "Image"
}
},
"id": "did:key:zDnaeni4HHv4671BKfY8NbEyEszXNUebScEm9Thr4bF9ft8qs"
},
"issuanceDate": "2025-08-27T23:46:02.774956600Z",
"expirationDate": "2026-08-27T23:46:02.774956600Z"
},
"issuer": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5Iiwia2lkIjoiSnFyZXNKS19Yb1RHQUV2aXFNU1FyZXZMLTJJaDg0Q2phcE5PWmVURi1MNCIsIngiOiJhaUZFeXhqQ1R1XzZWMTlOSFhXQVRNN0RaNzY2TlFUb2tmMFIzR2JjVHAwIn0",
"subject": "did:key:zDnaeni4HHv4671BKfY8NbEyEszXNUebScEm9Thr4bF9ft8qs",
"signature": {
"type": "signature-jwt",
"signature": "MqUTJA4e_LTHruv7giRBx9Tj9LTmUnnjqnnSsY4-azg02VPjW1QWeanRgU-r5qns_myQuMt3d82nlEUZFixcCg",
"jwtHeader": {
"kid": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5Iiwia2lkIjoiSnFyZXNKS19Yb1RHQUV2aXFNU1FyZXZMLTJJaDg0Q2phcE5PWmVURi1MNCIsIngiOiJhaUZFeXhqQ1R1XzZWMTlOSFhXQVRNN0RaNzY2TlFUb2tmMFIzR2JjVHAwIn0#JqresJK_XoTGAEviqMSQrevL-2Ih84CjapNOZeTF-L4",
"typ": "JWT",
"alg": "EdDSA"
}
},
"signed": "eyJraWQiOiJkaWQ6andrOmV5SnJkSGtpT2lKUFMxQWlMQ0pqY25ZaU9pSkZaREkxTlRFNUlpd2lhMmxrSWpvaVNuRnlaWE5LUzE5WWIxUkhRVVYyYVhGTlUxRnlaWFpNTFRKSmFEZzBRMnBoY0U1UFdtVlVSaTFNTkNJc0luZ2lPaUpoYVVaRmVYaHFRMVIxWHpaV01UbE9TRmhYUVZSTk4wUmFOelkyVGxGVWIydG1NRkl6UjJKalZIQXdJbjAjSnFyZXNKS19Yb1RHQUV2aXFNU1FyZXZMLTJJaDg0Q2phcE5PWmVURi1MNCIsInR5cCI6IkpXVCIsImFsZyI6IkVkRFNBIn0.eyJpc3MiOiJkaWQ6andrOmV5SnJkSGtpT2lKUFMxQWlMQ0pqY25ZaU9pSkZaREkxTlRFNUlpd2lhMmxrSWpvaVNuRnlaWE5LUzE5WWIxUkhRVVYyYVhGTlUxRnlaWFpNTFRKSmFEZzBRMnBoY0U1UFdtVlVSaTFNTkNJc0luZ2lPaUpoYVVaRmVYaHFRMVIxWHpaV01UbE9TRmhYUVZSTk4wUmFOelkyVGxGVWIydG1NRkl6UjJKalZIQXdJbjAiLCJzdWIiOiJkaWQ6a2V5OnpEbmFlbmk0SEh2NDY3MUJLZlk4TmJFeUVzelhOVWViU2NFbTlUaHI0YkY5ZnQ4cXMiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vcHVybC5pbXNnbG9iYWwub3JnL3NwZWMvb2IvdjNwMC9jb250ZXh0Lmpzb24iXSwiaWQiOiJ1cm46dXVpZDpkNTVlZmVlNS1kNDY4LTQ3OTUtYTg1MS0wMjZmMGFjNzMxZWIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiT3BlbkJhZGdlQ3JlZGVudGlhbCJdLCJuYW1lIjoiSkZGIHggdmMtZWR1IFBsdWdGZXN0IDMgSW50ZXJvcGVyYWJpbGl0eSIsImlzc3VlciI6eyJ0eXBlIjpbIlByb2ZpbGUiXSwibmFtZSI6IkpvYnMgZm9yIHRoZSBGdXR1cmUgKEpGRikiLCJ1cmwiOiJodHRwczovL3d3dy5qZmYub3JnLyIsImltYWdlIjoiaHR0cHM6Ly93M2MtY2NnLmdpdGh1Yi5pby92Yy1lZC9wbHVnZmVzdC0xLTIwMjIvaW1hZ2VzL0pGRl9Mb2dvTG9ja3VwLnBuZyIsImlkIjoiZGlkOmp3azpleUpyZEhraU9pSlBTMUFpTENKamNuWWlPaUpGWkRJMU5URTVJaXdpYTJsa0lqb2lTbkZ5WlhOS1MxOVliMVJIUVVWMmFYRk5VMUZ5WlhaTUxUSkphRGcwUTJwaGNFNVBXbVZVUmkxTU5DSXNJbmdpT2lKaGFVWkZlWGhxUTFSMVh6WldNVGxPU0ZoWFFWUk5OMFJhTnpZMlRsRlViMnRtTUZJelIySmpWSEF3SW4wIn0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7InR5cGUiOlsiQWNoaWV2ZW1lbnRTdWJqZWN0Il0sImFjaGlldmVtZW50Ijp7ImlkIjoidXJuOnV1aWQ6YWMyNTRiZDUtOGZhZC00YmIxLTlkMjktZWZkOTM4NTM2OTI2IiwidHlwZSI6WyJBY2hpZXZlbWVudCJdLCJuYW1lIjoiSkZGIHggdmMtZWR1IFBsdWdGZXN0IDMgSW50ZXJvcGVyYWJpbGl0eSIsImRlc2NyaXB0aW9uIjoiVGhpcyB3YWxsZXQgc3VwcG9ydHMgdGhlIHVzZSBvZiBXM0MgVmVyaWZpYWJsZSBDcmVkZW50aWFscyBhbmQgaGFzIGRlbW9uc3RyYXRlZCBpbnRlcm9wZXJhYmlsaXR5IGR1cmluZyB0aGUgcHJlc2VudGF0aW9uIHJlcXVlc3Qgd29ya2Zsb3cgZHVyaW5nIEpGRiB4IFZDLUVEVSBQbHVnRmVzdCAzLiIsImNyaXRlcmlhIjp7InR5cGUiOiJDcml0ZXJpYSIsIm5hcnJhdGl2ZSI6IldhbGxldCBzb2x1dGlvbnMgcHJvdmlkZXJzIGVhcm5lZCB0aGlzIGJhZGdlIGJ5IGRlbW9uc3RyYXRpbmcgaW50ZXJvcGVyYWJpbGl0eSBkdXJpbmcgdGhlIHByZXNlbnRhdGlvbiByZXF1ZXN0IHdvcmtmbG93LiBUaGlzIGluY2x1ZGVzIHN1Y2Nlc3NmdWxseSByZWNlaXZpbmcgYSBwcmVzZW50YXRpb24gcmVxdWVzdCwgYWxsb3dpbmcgdGhlIGhvbGRlciB0byBzZWxlY3QgYXQgbGVhc3QgdHdvIHR5cGVzIG9mIHZlcmlmaWFibGUgY3JlZGVudGlhbHMgdG8gY3JlYXRlIGEgdmVyaWZpYWJsZSBwcmVzZW50YXRpb24sIHJldHVybmluZyB0aGUgcHJlc2VudGF0aW9uIHRvIHRoZSByZXF1ZXN0b3IsIGFuZCBwYXNzaW5nIHZlcmlmaWNhdGlvbiBvZiB0aGUgcHJlc2VudGF0aW9uIGFuZCB0aGUgaW5jbHVkZWQgY3JlZGVudGlhbHMuIn0sImltYWdlIjp7ImlkIjoiaHR0cHM6Ly93M2MtY2NnLmdpdGh1Yi5pby92Yy1lZC9wbHVnZmVzdC0zLTIwMjMvaW1hZ2VzL0pGRi1WQy1FRFUtUExVR0ZFU1QzLWJhZGdlLWltYWdlLnBuZyIsInR5cGUiOiJJbWFnZSJ9fSwiaWQiOiJkaWQ6a2V5OnpEbmFlbmk0SEh2NDY3MUJLZlk4TmJFeUVzelhOVWViU2NFbTlUaHI0YkY5ZnQ4cXMifSwiaXNzdWFuY2VEYXRlIjoiMjAyNS0wOC0yN1QyMzo0NjowMi43NzQ5NTY2MDBaIiwiZXhwaXJhdGlvbkRhdGUiOiIyMDI2LTA4LTI3VDIzOjQ2OjAyLjc3NDk1NjYwMFoifSwianRpIjoidXJuOnV1aWQ6ZDU1ZWZlZTUtZDQ2OC00Nzk1LWE4NTEtMDI2ZjBhYzczMWViIiwiZXhwIjoxNzg3ODc0MzYyLCJpYXQiOjE3NTYzMzgzNjIsIm5iZiI6MTc1NjMzODM2Mn0.MqUTJA4e_LTHruv7giRBx9Tj9LTmUnnjqnnSsY4-azg02VPjW1QWeanRgU-r5qns_myQuMt3d82nlEUZFixcCg",
"format": "jwt_vc_json"
},
"parent": "waltid.tenant1.credentialstore"
}
]
}
Last updated on August 27, 2025