# Offer Credentials

## Introduction

If an organisation wants to provide credentials to users, e.g. as a login credential, the organisation can use the sideos API to create Verifiable Credentials and offer these Verifiable Credentials to their users to be stored in their SSI Wallet.&#x20;

There are 3 parties:&#x20;

1. **SSI wallet**. Interacts, stores, and manages verifiable credentials.
2. **Web Service**. Role of the Issuer creates verifiable credentials and provides them to the SSI wallet.
3. **sideos API**. Converts claims into verifiable credentials on behalf of the issuer.

sideos provides an **SSI wallet** available as <mark style="color:purple;">**sideos**</mark> <mark style="color:purple;">**Transponder App**</mark> for Android in Google Play Store, for iOS in Apple's App Store, and as <mark style="color:green;">**sideos Desktop Wallet**</mark> for Chrome, Firefox, and Safari.&#x20;

The **Web Service** is your server you will integrate with the sideos API. The **Web Server** will interact with the **SSI wallet** and control the flow depending on the business requirements. To issue a credential the **Web Service** provides the data which will be sent as claim records to the **sideos API**, and in return receives the verifiable credential that will be provided to the **SSI wallet**. &#x20;

### Offer Flow

See the diagram below for the flow chart for a credential offer.&#x20;

<figure><img src="/files/GgB1aMHEj0CkgXeiBLZU" alt=""><figcaption><p>Verifiable Credential offer flow</p></figcaption></figure>

{% openapi src="/files/PUQdh6zVZzEFlaJk9w3j" path="/createoffervc" method="post" %}
[sideosAPIv3.yaml](https://1845885721-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbCooZXcPwZpoBiEXpWdN%2Fuploads%2FgEGQaoQ9vKnAGWJCnjPb%2FsideosAPIv3.yaml?alt=media\&token=28f82f17-3f45-443b-bbaf-93be32adaa82)
{% endopenapi %}

{% openapi src="/files/PUQdh6zVZzEFlaJk9w3j" path="/consumeoffer" method="post" %}
[sideosAPIv3.yaml](https://1845885721-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbCooZXcPwZpoBiEXpWdN%2Fuploads%2FgEGQaoQ9vKnAGWJCnjPb%2FsideosAPIv3.yaml?alt=media\&token=28f82f17-3f45-443b-bbaf-93be32adaa82)
{% endopenapi %}

## Signed Credentials

The basic credential issue flow creates a credential offer and presents the Verifiable Credential to the wallet e.g., via QR Code  to pick it up. Because the SSI audience (DID of the SSI wallet) is not known in the moment of the credential creation, the provision channel needs to be trustworthy.&#x20;

There are several protocols available, some more and others less complex. In many cases in the enterprise environment you already have a secure environment, e.g. via intranet pages or email. Here you can strip down the protocol to a simple credential provision without an embedded channel authentication and rely on the secure environment.&#x20;

There is an endpoint to create a Verifiable Credential that includes the audience (DID) as an id in the credential subject. That way, the DID of the wallet can be included in the credential subject and thus, being ensured to be stored and used only on the respective SSI Wallet.&#x20;

{% openapi src="/files/PUQdh6zVZzEFlaJk9w3j" path="/createsignedvc" method="post" %}
[sideosAPIv3.yaml](https://1845885721-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbCooZXcPwZpoBiEXpWdN%2Fuploads%2FgEGQaoQ9vKnAGWJCnjPb%2FsideosAPIv3.yaml?alt=media\&token=28f82f17-3f45-443b-bbaf-93be32adaa82)
{% endopenapi %}

## Offer and Request Credentials in 1 step

Imagine a flow, where the user doesn't have a credential yet and is in an onboarding flow. You could issue a credential and immediately request it for migrating the user into the new SSI flow. In that case you could use the offer\&request endpoint

{% openapi src="/files/CATrpER1N6ZNjwZFcAHg" path="/createofferrequestvc" method="post" %}
[sideosAPIv3.yaml](https://1845885721-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbCooZXcPwZpoBiEXpWdN%2Fuploads%2FADxR5Bb0zg8qhPriVh4d%2FsideosAPIv3.yaml?alt=media\&token=9c9fae8a-57c1-410b-8e0b-df35ff5e90a1)
{% endopenapi %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://doc.sideos.io/sideos-api-documentation/reference/api-reference/offer-credentials.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.