Setup
We will setup an Issuer service inside of a tenant. If you don't have a tenant yet, you can learn how to create one here.
CURL
Endpoint: /v1/{target}/resource-api/services/create | API Reference
Example Request
curl -X 'POST' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/resource-api/services/create' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourToken}' \
-H 'Content-Type: application/json' \
-d '{
"type": "issuer",
"baseUrl": "http://waltid.enterprise.localhost:3000",
"kms": "waltid.tenant1.kms1",
"tokenKeyId": "waltid.tenant1.kms1.key1",
"supportedCredentialTypes": {
"identity_credential_vc+sd-jwt": {
"format": "vc+sd-jwt",
"vct": "{vctBaseURL}/identity_credential",
"cryptographic_binding_methods_supported": [
"jwk"
],
"credential_signing_alg_values_supported": [
"ES256"
],
"sdJwtVcTypeMetadata": {
"name": "Identity Credential",
"description": "The Identity Verifiable Credential",
"vct": "{vctBaseURL}/identity_credential"
}
},
"OpenBadgeCredential_jwt_vc_json": {
"format": "jwt_vc_json",
"cryptographic_binding_methods_supported": [
"did"
],
"credential_signing_alg_values_supported": [
"ES256"
],
"credential_definition": {
"type": [
"VerifiableCredential",
"OpenBadgeCredential"
]
}
}
}
}'
Body
{
"type": "issuer",
"baseUrl": "http://waltid.enterprise.localhost:3000",
"kms": "waltid.tenant1.kms1",
"tokenKeyId": "waltid.tenant1.kms1.key1",
"supportedCredentialTypes": {
"identity_credential_vc+sd-jwt": {
"format": "vc+sd-jwt",
"vct": "{vctBaseURL}/identity_credential",
"cryptographic_binding_methods_supported": [
"jwk"
],
"credential_signing_alg_values_supported": [
"ES256"
],
"sdJwtVcTypeMetadata": {
"name": "Identity Credential",
"description": "The Identity Verifiable Credential",
"vct": "{vctBaseURL}/identity_credential"
}
},
"OpenBadgeCredential_jwt_vc_json": {
"format": "jwt_vc_json",
"cryptographic_binding_methods_supported": [
"did"
],
"credential_signing_alg_values_supported": [
"ES256"
],
"credential_definition": {
"type": [
"VerifiableCredential",
"OpenBadgeCredential"
]
}
}
}
}
Path Parameters
orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is namedtest, your default Base URL will betest.enterprise-sandbox.walt.devwhen using the sandbox environment.target: resourceIdentifier - The target indicates the organization + tenant in which to create the new Issuer service and the service's ID ({organizationID}.{tenantID}.[NewIssuerServiceID]), e.g.waltid.tenant1.issuer1
Body Parameters
type: serviceType - Specifies the type of service to create. In our caseissuerbaseUrl: String - This URL will be included in the generated OIDC4VC offer, allowing the wallet to know how to reach the issuer. It should reflect your organization's base URL. The general format for this URL ishttps://{orgID}.yourEnterpriseStackUrl.com. For example, if your organization is named myorg and the Enterprise Stack is hosted at the domain enterprise-stack.com, your base URL would be: https://myorg.enterprise-stack.com.kms: - resourceIdentifier - A KMS service you want to connect with the to be created Issuer service. It should be setup under the same tenant.tokenKeyId: - resourceIdentifier - A key in the connected KMS service used to sign the access token, which is used to get the credential from the credential endpointsupportedCredentialTypes: Object - A map of credentials the issuer supports. This list will be used to generate the issuer metadata. This list of supported credentials can be updated also after the initial setup.Expand For W3C JWT & SD-JWT Credentials
To specify the support of a W3C credential the object will look as follows:"OpenBadgeCredential_jwt_vc_json": { "format": "jwt_vc_json", "cryptographic_binding_methods_supported": [ "did" ], "credential_signing_alg_values_supported": [ "ES256" ], "credential_definition": { "type": [ "VerifiableCredential", "OpenBadgeCredential" ] } }The key will have the following structure:
[CustomCredentialType]_jwt_vc_json, e.g.OpenBadgeCredential_jwt_vc_jsonInside the object:
format- will bejwt_vc_jsonfor W3C JWT & SD-JWT credentialscryptographic_binding_methods_supported- will bedidcredential_signing_alg_values_supported- will beES256credential_definitiontype- specifies a list of credential types. E.g.[VerifiableCredential, MyCustomCredential]- First Entry: Your list must always start with
VerifiableCredential. - Subsequent Entries: After
VerifiableCredential, you have two options:
- You can add your custom type, such as
CustomCredential. - If your credential is based on another credential (for example,
VerifiableAttestation), first list all the credentials it builds upon, and then add your custom type at the end.
- First Entry: Your list must always start with
Expand For SD-JWT VC Credentials
To specify the support of a SD-JWT VC credential the object will look as follows:"identity_credential_vc+sd-jwt": { "format": "vc+sd-jwt", "vct": "{vctBaseURL}/identity_credential", "cryptographic_binding_methods_supported": [ "jwk" ], "credential_signing_alg_values_supported": [ "ES256" ], "sdJwtVcTypeMetadata": { "name": "Identity Credential", "description": "The Identity Verifiable Credential", "vct": "{vctBaseURL}/identity_credential" } }The key will have the following structure:
[custom_credential_type]_vc+sd-jwt, e.g.identity_credential_vc+sd-jwtInside the object:
format- will bevc+sd-jwtfor SD-JWT VC credentials.vct- will follow the structure{vctBaseURL}/[custom_credential_type], e.g.{vctBaseURL}/custom_credential_type. The vctBaseURL will be replaced during issuance by the issuer API.cryptographic_binding_methods_supported- will bejwkcredential_signing_alg_values_supported- will beES256sdJwtVcTypeMetadataname- Name of the credentialdescription- Description of the credentialvct- Holding the same value as thevctabove.
Response Codes
201- Service created successfully.