Authorization

post

Handles the creation of an authorization request. Creates a new authorization request with the provided presentation definition.

Authorizations

x-client-secretstringRequired

Body

Request body for creating an authorization request

redirect_uristringRequired

Redirect URI to which the response will be sent

Example: http://example.com

validitynumber · doubleOptional

Validity of the authorization request in seconds

Example: 600

Responses

201

Created

application/json

400

Bad Request

application/json

post

/api/v1/verifier/authorization-requests

POST /api/v1/verifier/authorization-requests HTTP/1.1
x-client-secret: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 208

{
  "redirect_uri": "http://example.com",
  "presentation_definition": {
    "input_descriptors": [
      {
        "constraints": {
          "fields": [
            "[Circular Reference]"
          ],
          "limit_disclosure": "required"
        },
        "id": "text"
      }
    ],
    "id": "text"
  },
  "validity": 600
}

{
  "request_uri": "http://127.0.0.1:9004/api/v1/verifier/authorization-request/a0b2e682-d92f-4767-a83a-d60d196da792",
  "qr_code_url": "http://127.0.0.1:9004/api/v1/verifier/qr-code/a0b2e682-d92f-4767-a83a-d60d196da792",
  "state": "abcdef12345678901234567890abcdef",
  "nonce": "1234567890abcdef1234567890abcdef",
  "validity": 600
}

get

Retrieves an authorization request by ID. Returns the details of the specified authorization request.

Path parameters

idstringRequired

Responses

200

Found

application/json

Entity representing an authorization request in the verifier service.

An authorization request is created when a client requests verification of credentials. It contains all the necessary information to process a verifiable presentation, including the presentation definition that specifies what credentials are required, and state/nonce values for security purposes.

idstringRequired

Unique identifier for the authorization request. Automatically generated as a UUID.

statestringRequired

State parameter used for SIOP (Self-Issued OpenID Provider) flow. Helps prevent cross-site request forgery attacks by maintaining state between requests. Must be unique when combined with nonce.

noncestringRequired

Nonce (number used once) parameter for the authorization request. Provides replay protection and ensures the response is generated for this specific request. Must be unique when combined with state.

redirect_uristringRequired

URI where the client should be redirected after the verification process. The verification result will be sent to this URI.

validitynumber · doubleRequired

Timestamp (in milliseconds) until which this authorization request is valid. After this time, the request will be considered expired and cannot be used.

response_uristringRequired

URI where the wallet should submit the verifiable presentation. This is the endpoint that will receive and process the VP from the wallet.

usedbooleanOptional

Flag indicating whether this authorization request has been used. Prevents the same authorization request from being used multiple times. Set to true after a successful verification process.

Default: false

400

Bad Request

application/json

get

/api/v1/verifier/authorization-requests/{id}

GET /api/v1/verifier/authorization-requests/{id} HTTP/1.1
Accept: */*

{
  "id": "text",
  "state": "text",
  "nonce": "text",
  "redirect_uri": "text",
  "validity": 1,
  "response_uri": "text",
  "presentation_definition": {
    "input_descriptors": [
      {
        "constraints": {
          "fields": [
            "[Circular Reference]"
          ],
          "limit_disclosure": "required"
        },
        "id": "text"
      }
    ],
    "id": "text"
  },
  "used": false
}

delete

Handles the deletion of an authorization request by ID. Removes the specified authorization request from the system.

Authorizations

x-client-secretstringRequired

Path parameters

idstringRequired

Responses

204

No Content

400

Bad Request

application/json

delete

/api/v1/verifier/authorization-requests/{id}

DELETE /api/v1/verifier/authorization-requests/{id} HTTP/1.1
x-client-secret: YOUR_API_KEY
Accept: */*

No content

post

Handler for the 'submit-vp' endpoint. Processes a submitted verifiable presentation, validates it against the presentation definition, and sends the verification result to the redirect URI.

Body

Request body for submitting a verifiable presentation

statestringRequired

Random string to prevent CSRF attacks

Example: abcdef12345678901234567890abcdef

noncestringRequired

Random string to ensure request uniqueness

Example: 1234567890abcdef1234567890abcdef

Responses

200

Success

application/json

messagestringRequired

400

Bad Request

application/json

post

/api/v1/verifier/verifiable-presentations

POST /api/v1/verifier/verifiable-presentations HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 1265

{
  "vp_token": {
    "proof": {
      "challange": "text",
      "nonce": "text",
      "jws": "text",
      "proofValue": "text",
      "proofPurpose": "assertionMethod",
      "verificationMethod": "text",
      "created": "text",
      "type": "EcdsaSecp256k1Signature2019"
    },
    "holder": "text",
    "id": "text",
    "verifiableCredential": [
      {
        "evidence": {},
        "credentialStatus": [
          {
            "id": "text",
            "type": "BitstringStatusListEntry",
            "statusPurpose": "refresh",
            "statusListIndex": 1,
            "statusListCredential": "text",
            "statusSize": 1,
            "statusMessage": [
              {
                "message": "text",
                "status": "text",
                "ANY_ADDITIONAL_PROPERTY": "anything"
              }
            ]
          }
        ],
        "credentialSchema": {
          "type": "JsonSchemaValidator2018",
          "id": "text"
        },
        "expirationDate": "text",
        "proof": {
          "challange": "text",
          "nonce": "text",
          "jws": "text",
          "proofValue": "text",
          "proofPurpose": "assertionMethod",
          "verificationMethod": "text",
          "created": "text",
          "type": "EcdsaSecp256k1Signature2019"
        },
        "credentialSubject": {
          "ANY_ADDITIONAL_PROPERTY": "anything"
        },
        "issuanceDate": "text",
        "issuer": {
          "name": "text",
          "id": "text"
        },
        "id": "text",
        "type": [
          "text"
        ],
        "@context": [
          "text"
        ]
      }
    ],
    "type": "text",
    "@context": [
      "text"
    ]
  },
  "presentation_submission": {
    "descriptor_map": [
      {
        "path_nested": {
          "format": "text",
          "path": "text"
        },
        "format": "text",
        "path": "text",
        "id": "text"
      }
    ],
    "definition_id": "text",
    "id": "text"
  },
  "state": "abcdef12345678901234567890abcdef",
  "nonce": "1234567890abcdef1234567890abcdef"
}

{
  "message": "text"
}

PreviousQR Code NextWallet Server

Last updated 8 months ago