Issuing Credentials

Issuing credentials involves creating an offering and enabling recipients to claim them via their wallets.

High-Level Steps:

  1. Create Offering:

    POST /api/v1/offering
    x-client-secret: [Client Secret]
    Content-Type: application/json

    Specify credential type, credential_subject, and optionally a recipient DID.

    • Targeted offering: requires recipient DID.

    • Open offering: no recipient needed, accessible by any wallet scanning the QR code.

  2. QR Code Generation: The response includes a qr_code_url. The client app converts this into a scannable QR code.

  3. Wallet Scans and Authenticates: The wallet retrieves offering details. For targeted offerings, it proves DID ownership via:

    • POST /api/v1/authorize
      POST /api/v1/authorize/verify

    On success, an authorization code is issued.

  4. Token Exchange:

    POST /api/v1/connect/token
    Content-Type: application/json
    {
      "authorization_code": "validAuthorizationCode"
    }

    Response:

    {
      "access_token": "JWTAccessToken",
      "token_type": "Bearer",
      "expires_in": 3600
    }
  5. Credential Retrieval:

    POST /api/v1/issue-credential/{id}
    Authorization: Bearer JWTAccessToken

    Example Response:

    {
      "id": "credential-id",
      "type": "ProofOfPurchase",
      "recipient": "did:empe:123456789",
      "credentialSubject": {
        "ticket": "ticket123",
        "seat": "A12",
        "description": "Concert ticket"
      },
      "vc": {...}
    }
  6. Credential Storage: The wallet stores the Verifiable Credential locally.

Targeted vs. Open Offerings:

  • Targeted Offering: Recipient DID specified, requires DID ownership proof.

  • Open Offering: Available to anyone scanning the QR code (e.g., Proof of Attendance).

This flow ensures a secure, user-friendly credential distribution process aligned with SSI standards.

Last updated