Ship digital identity wallet solutions fast and with ease.

Credential Formats

SD-JWT VC, W3C Verifiable Credentials v1.1/2.0, ISO/IEC 18013-5 (mDL), ISO/IEC 23220.

Protocols

OID4VCI/VP, Pre-Auth & Auth Code flows; ISO-18013-7 for mDL / mdoc remote flows.

Status Credential Formats

Bitstring Status List v1.0, StatusList2021, RevocationList2020, TokenStatusList (incl. draft 8).

Digital Credentials API

Unified browser API for credential issuance/verification; abstracts OID4VCI/VP & ISO-18013-7 for 1-click web integrations.

Key Management (KMS-agnostic)

Use external KMS (AWS, Azure, Hashicorp, Oracle, …) or raw keys for PoCs; supports ed25519, secp256r1/k1, RSA and key rotation.

DIDs & Identifiers

Supports did:key, did:jwk, did:web (and others) plus x509 certificates;

Webhooks / Callbacks

Notify or mirror lifecycle events (e.g., re...cess/error) into external systems for orchestration and audit.

Automatic holder binding & proof-of-key

PoP and holder-binding during issuance/presentation per OID4VCI/VP so issuers/verifiers can trust key control.

One-user-one-wallet consumer model

Custodial, stateful wallet with built-in user auth; ideal for B2C pilots and demos.

One-user-multi-wallet model

Flexible user↔wallet mapping with multi-tenant support (shared or individual wallets).

Username/password auth for wallet users

Built-in email/password login and session management for wallet users.

External IdP (OIDC) for wallet users

Integrate external OIDC IdPs for wallet user login.

Web3 auth for wallet users

Use existing Web3 wallets/accounts as an authentication factor.

Local credential storage

Custodial credential storage in wallet DB with list/import/delete APIs.

Credential status validation

Check stored credentials for revocation/status (e.g., Bitstring Status List).

Host did:web Documents

Serve and auto-update did:web documents directly from the platform.

DID Document Storage

Persist DIDs and DID documents via internal / enterprise DID store.

External KMS

Integrate AWS, Azure, Hashicorp, Oracle and HSMs; supports ed25519, secp256r1/k1, RSA with rotation.

Trust Registries

Integrate with eIDAS2, EBSI and other ecosystem trust registries.

QTSPs

Qualified signature support via QTSPs.

EMEA alignment

Aligned with EU eIDAS2, EBSI and Swiss SWIYU requirements.

APAC alignment

Aligned with NZ DISTF, Australia, Thailand, Japan, etc.

Americas alignment

Aligned with US, Canada, Brazil frameworks.

Custom ecosystems

Adaptable to other/local ID ecosystems.

On-Prem / Self-Hosting

Self-hosting in your own cloud or data center — no managed SaaS

Multi-tenancy setups

Isolated wallet configurations for B2B/B2G/B2B2C use cases

Clustering / horizontal scaling

Run multiple enterprise stack instances behind a load balancer with shared state (sessions, configs, etc.)

API Data Persistence

Persisted wallet data across service restarts and deployments.

Data Encryption

Encrypt sensitive data at rest in the database.

Protected APIs (AuthN/Z)

Fine-grained protection of APIs with scoped tokens per tenant/service.

Roles & permissions (RBAC)

Granular roles for orgs/tenants/services following least-privilege principle.

API keys (server-to-server)

Scoped M2M API keys for backend/service integrations.

Audit logging

Recorded logs and events for auditing and compliance.

Analytics & metrics

Track operations, success/error rates across tenants/services for ops and reporting.

User accounts (operators/admins)

Admin GUI logins with role-based permissions.

Admin GUI

Configure services, monitor sessions, and manage credential lifecycle operations (e.g. revocation) or verification states.