search

Offer Credentials

Issue credentials to an SSI wallet

hashtag
Introduction

If an organisation wants to provide credentials to users, e.g. as a login credential, the organisation can use the sideos API to create Verifiable Credentials and offer these Verifiable Credentials to their users to be stored in their SSI Wallet.

There are 3 parties:

  1. SSI wallet. Interacts, stores, and manages verifiable credentials.

  2. Web Service. Role of the Issuer creates verifiable credentials and provides them to the SSI wallet.

  3. sideos API. Converts claims into verifiable credentials on behalf of the issuer.

sideos provides an SSI wallet available as sideos Transponder App for Android in Google Play Store, for iOS in Apple's App Store, and as sideos Desktop Wallet for Chrome, Firefox, and Safari.

The Web Service is your server you will integrate with the sideos API. The Web Server will interact with the SSI wallet and control the flow depending on the business requirements. To issue a credential the Web Service provides the data which will be sent as claim records to the sideos API, and in return receives the verifiable credential that will be provided to the SSI wallet.

hashtag
Offer Flow

See the diagram below for the flow chart for a credential offer.

Verifiable Credential offer flow

hashtag
Create a verifiable credential.

post
/createoffervc

Request to create a verifiable credential based on the claim data records provided.

Authorizations
X-TOKENstringRequired
Body
templateidnumber · integerOptional

the template id refers to the credential type created in the administration console.

Example: 57
challengestring · stringOptional

unique id for the server to identify the session/request.

Example: 634F5950-DA17-4441-ABEC-9765FF1D55C0
domainstring · urlOptional

the callback url where the wallet sends the accepted credential to. Needs to respond with 200 to make the wallet storing the credential.

Example: https://issuer.example.com/consumeoffer
datasetobjectOptional

object contains the claims that should be put in the credential. Need to match the template referred to with the 'templateid' field.

Example: { "name": "Will Smith", "email": "[email protected]" }
Responses
chevron-right
200

Response is a Verifiable Credential provded as a base64-encoded JWT.

application/json
post
/createoffervc

hashtag
validates verifiable credential offer.

post
/consumeoffer

Request to validate a verifiable credential offer based on the respective credential type.

Authorizations
X-TOKENstringRequired
Body
templateidnumber · integerOptional

the template id refers to the credential type created in the administration console.

Example: 57
tokenstring · base64Optional

base64-encoded JWT

Example: eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vanVuby5zaWRlb3MuaW8vY29udGV4dC9wcm9vZnN0eXBlcyJdLCJpYXQiOjE3MDg3MTc3NzUzOTEsImlzcyI6ImRpZDprZXk6djAwMTp6Nk1rbVFTWHZhOXZEbzNBU3JQRWtpa1AzSzF5eWlDVnZkNUttOHhqYkZqR2ROdzQiLCJhdWQiOiJkaWQ6dW5rbm93biIsInN1YiI6ImRpZDp1bmtub3duIiwiZXhwIjoxNzA4NzE3Nzc4OTkxLCJqdGkiOiJiMDMyZThlMy1iY2Q2LTQ0NWItYTQ5OS02ZWZjYzMwMTcyZjAiLCJ2ZXJpZmlhYmxlQ3JlZGVudGlhbCI6W3siQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy9leGFtcGxlcy92MSJdLCJpZCI6Ijg3N2JiYmVlLTJjYzUtNGJlZC04NzFmLWQ5ZGIwNjkzNjY1YiIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJVc2VyIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7Im5hbWUiOiJXaWxzb24gU21pdGgiLCJFbWFpbCI6IndzQGV4YW1wbGUuY29tIiwiaWQiOiJkaWQ6dW5rbm93biJ9LCJpc3N1ZXIiOnsiaWQiOiJkaWQ6a2V5OnYwMDE6ejZNa21RU1h2YTl2RG8zQVNyUEVraWtQM0sxeXlpQ1Z2ZDVLbTh4amJGakdkTnc0IiwibmFtZSI6Ik1OIHNpZGVvcyBUcnVzdCBTZXJ2aWNlcyJ9LCJpc3N1YW5jZURhdGUiOiIyMDI0LTAyLTIzVDE5OjQ5OjM1KzAwOjAwIiwiZXhwaXJhdGlvbkRhdGUiOiIyMDI1LTAyLTIyVDE5OjQ5OjM1KzAwOjAwIiwiZXhwIjoxNzQwMjUzNzc1MjI2LCJwcm9vZiI6eyJ0eXBlIjoiRWQyNTUxOVNpZ25hdHVyZTIwMjAiLCJjcmVhdGVkIjoiMjAyNC0wMi0yM1QxOTo0OTozNS4zMDlaIiwiandzIjoiZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKRlpFUlRRU0o5Li43VUtkYXlaUmlhNlNFOW5BVXFQLTFtNER1OWtsUDY0Y2RYUnFWclRBYXlRcE5DUElqdDRGakxDTU5DUlRMOUNlU2V0UFI3VWtLSmJyeHl3UDF6SGZBdyIsInByb29mUHVycG9zZSI6ImFzc2VydGlvbk1ldGhvZCIsInZlcmlmaWNhdGlvbk1ldGhvZCI6ImRpZDprZXk6djAwMTp6Nk1rbVFTWHZhOXZEbzNBU3JQRWtpa1AzSzF5eWlDVnZkNUttOHhqYkZqR2ROdzQifX1dLCJwcm9vZiI6eyJjaGFsbGVuZ2UiOiIxMjM0NTY3ODkwIiwidmVyaWZpY2F0aW9uTWV0aG9kIjoiZGlkOmtleTp2MDAxOno2TWttUVNYdmE5dkRvM0FTclBFa2lrUDNLMXl5aUNWdmQ1S204eGpiRmpHZE53NCIsImNyZWF0ZWQiOiIyMDI0LTAyLTIzVDE5OjQ5OjM1KzAwOjAwIiwiZG9tYWluIjoiaHR0cHM6Ly9jYWxsYmFjay5leGFtcGxlLmNvbSIsImp3cyI6IjI5a2J5T3pTcDRreEU2MnRWQ2pzVWZ4NEFIM0RaLUw1Ql9RVEJyc1BsdFViOE5QZXRteU5GWUlhWEVFdGdma3UwVXgweWFLU3VObDVBQUl1TW5fY0JBIiwicHJvb2ZQdXJwb3NlIjoiYXV0aGVudGljYXRpb24iLCJ0eXBlIjoiRVMyNTYifSwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIiwiQ3JlZGVudGlhbE9mZmVyIl19.2mxmsQ10dGKHbqTrJEQci5MDiTOPFGZHrHKCtS2R5qruNBEGtdxaGVSVy4iJmXlTf3JS7L7AzE2aTA5laAFLCA634F5950-DA17-4441-ABEC-9765FF1D55C0
Responses
chevron-right
200

Response is a Verifiable Credential provded as a base64-encoded JWT. No error implies sucessful validation

application/json
post
/consumeoffer

hashtag
Signed Credentials

The basic credential issue flow creates a credential offer and presents the Verifiable Credential to the wallet e.g., via QR Code to pick it up. Because the SSI audience (DID of the SSI wallet) is not known in the moment of the credential creation, the provision channel needs to be trustworthy.

There are several protocols available, some more and others less complex. In many cases in the enterprise environment you already have a secure environment, e.g. via intranet pages or email. Here you can strip down the protocol to a simple credential provision without an embedded channel authentication and rely on the secure environment.

There is an endpoint to create a Verifiable Credential that includes the audience (DID) as an id in the credential subject. That way, the DID of the wallet can be included in the credential subject and thus, being ensured to be stored and used only on the respective SSI Wallet.

hashtag
Create a signed VC Offer

post
/createsignedvc

Based on the dataset provided and the audience identifier a Veriable Credential is created.

Authorizations
X-TOKENstringRequired
Body
audstring · didOptional

The identifier if the receiving audience or subject of the Verifiable Credential

Example: did:key:v004:z6MkrL41Eo41aHPhrdEAatCqYc7TiU3PHso5fLyNE7sfbkfQ
templateidnumber · integerOptional

the template id refers to the credential type created in the administration console.

Example: 18
datasetobjectOptional

object contains the claims that should be put in the credential. Need to match the template referred to with the 'templateid' field.

Example: {"email":"[email protected]","name":"Rheik van Eyck"}
Responses
chevron-right
200

The signed Veriable Credential including the audience identifier.

application/json
post
/createsignedvc

hashtag
Offer and Request Credentials in 1 step

Imagine a flow, where the user doesn't have a credential yet and is in an onboarding flow. You could issue a credential and immediately request it for migrating the user into the new SSI flow. In that case you could use the offer&request endpoint

hashtag
Create an Offer and a Request for a Veriable Credential

post
/createofferrequestvc

Based on the data set provided a Veriable Credential is created and requested in a single step.

Authorizations
X-TOKENstringRequired
Body

The data set to be send to the API to request an Offer creation.

templateidnumber · integerOptional

the template id refers to the credential type created in the administration console.

Example: 57
challengestring · stringOptional

unique id for the server to identify the session/request.

Example: 634F5950-DA17-4441-ABEC-9765FF1D55C0
domainstring · urlOptional

the callback url where the wallet sends the accepted credential to. Needs to respond with 200 to make the wallet storing the credential.

Example: https://issuer.example.com/consumeoffer
datasetobjectOptional

object contains the claims that should be put in the credential. Need to match the template referred to with the 'templateid' field.

Example: { "name": "Will Smith", "email": "[email protected]" }
Responses
chevron-right
200

Response is a Verifiable Credential provded as a base64-encoded JWT.

application/json
post
/createofferrequestvc
PreviousAPI ReferenceNextRequest Credentials

Last updated