Issuing Credentials

Issuing credentials involves creating an offering and enabling recipients to claim them via their wallets.

High-Level Steps:

1. Create Offering:

   Copy

   POST /api/v1/offering
   x-client-secret: [Client Secret]
   Content-Type: application/json

   Specify credential type, credential_subject, and optionally a recipient DID.

   • Targeted offering: requires recipient DID.

   • Open offering: no recipient needed, accessible by any wallet scanning the QR code.

2. QR Code Generation: The response includes a qr_code_url. The client app converts this into a scannable QR code.

3. Wallet Scans and Authenticates: The wallet retrieves offering details. For targeted offerings, it proves DID ownership via:

   • Copy

     POST /api/v1/authorize
     POST /api/v1/authorize/verify

   On success, an authorization code is issued.

4. Token Exchange:

   Copy

   POST /api/v1/connect/token
   Content-Type: application/json
   {
     "authorization_code": "validAuthorizationCode"
   }

   Response:

   Copy

   {
     "access_token": "JWTAccessToken",
     "token_type": "Bearer",
     "expires_in": 3600
   }

5. Credential Retrieval:

   Copy

   POST /api/v1/issue-credential/{id}
   Authorization: Bearer JWTAccessToken

   Example Response:

   Copy

   {
     "id": "credential-id",
     "type": "ProofOfPurchase",
     "recipient": "did:empe:123456789",
     "credentialSubject": {
       "ticket": "ticket123",
       "seat": "A12",
       "description": "Concert ticket"
     },
     "vc": {...}
   }

6. Credential Storage: The wallet stores the Verifiable Credential locally.

Targeted vs. Open Offerings:

• Targeted Offering: Recipient DID specified, requires DID ownership proof.

• Open Offering: Available to anyone scanning the QR code (e.g., Proof of Attendance).

This flow ensures a secure, user-friendly credential distribution process aligned with SSI standards.