Create credential definition
POST/v2/config/digital-wallet/openid/sdjwt/credential-definition
Creates a new credential definition that specifies the credential type, format, claims structure, and issuance settings. The credential definition is published in the OID4VCI Credential Issuer Metadata and used as a template for issuing credentials.
Request
- application/json
Body
- Default (all fields)
- IETF SD-JWT VC
- ISO 18013-5 mDoc/mDL
- W3C VC (JWT)
- Array [
- ]
- Array [
- Array [
- ]
- ]
- Array [
- Array [
- ]
- ]
- Array [
- Array [
- ]
- ]
Human-readable label describing the intended use of this credential definition (e.g. 'Issue Portable Document A1'). Used to identify the credential definition in the issuer's dashboard.
Array of credential type strings as defined in the OpenID for Verifiable Credentials Issuance (OID4VCI) specification. These values appear in the type field of the issued W3C VC (JWT) (e.g. ['LegalPersonIdentificationData']).
credentialDefinition object
JSON object defining the credential structure and its claims. For W3C VC (JWT) format (jwt_vc_json), this follows the W3C Verifiable Credentials Data Model. Includes the claims hierarchy with JSON Pointer paths.
JSON object defining the credential structure and its claims. For W3C VC (JWT) format (jwt_vc_json), this follows the W3C Verifiable Credentials Data Model. Includes the claims hierarchy with JSON Pointer paths.
Number of days until the issued credential expires. Defaults to 30 if not specified. The expiration date is calculated from the issuance timestamp.
display object
Defines name for the credential
Defines the description for the credential definition.
Defines background color for the credential
Defines text color for the credential.
Possible values: [jwt_vc_json, dc+sd-jwt, mso_mdoc]
Credential format identifier as defined in the OID4VCI specification. Supported formats: jwt_vc_json (W3C VC JWT), dc+sd-jwt (IETF SD-JWT VC), mso_mdoc (ISO 18013-5 mDoc/mDL).
Verifiable Credential Type identifier used when credentialFormat is dc+sd-jwt. This value is included in the vct claim of the issued IETF SD-JWT VC.
Document type identifier used when credentialFormat is mso_mdoc. Identifies the credential type in the ISO 18013-5 mDoc/mDL format (e.g. org.iso.18013.5.1.lpid).
claims object
JSON object defining the credential claims structure for IETF SD-JWT VC (dc+sd-jwt) and ISO 18013-5 mDoc/mDL (mso_mdoc) formats. Each claim can specify selective disclosure settings via limitDisclosure.
JSON object defining the credential claims structure for IETF SD-JWT VC (dc+sd-jwt) and ISO 18013-5 mDoc/mDL (mso_mdoc) formats. Each claim can specify selective disclosure settings via limitDisclosure.
When true, enables credential revocation support. Revoked credentials can be checked using a Status List as defined in the IETF Token Status List specification.
When true, the issuer requires the holder to present a valid Wallet Unit Attestation (WUA) during the OID4VCI credential issuance flow, as defined in the EUDI Wallet Architecture Reference Framework.
Possible values: [$.vc.credentialSubject, $.vc, $]
JSONPath expression specifying which part of the credential payload to validate against the credential definition schema. Use $.vc.credentialSubject for W3C VC (JWT) format, $.vc for full VC validation, or $ for root-level validation.
Possible values: [draft_11, draft_13, draft_15, draft_17, version_01]
OID4VCI specification draft version to use for credential issuance protocol interactions. Determines the protocol messages and endpoints used during the issuance flow.
Key Identifier (kid) referencing the cryptographic key used to sign issued credentials. Must match a key configured in the Key Management section.
Possible values: [jwk, did:key, did:ebsi, did:web, did:tdw]
Decentralized Identifier (DID) method or key type used as the trust anchor for credential issuance. Determines how the issuer's public key is published and resolved by holders and verifiers.
Possible values: [status_list, status_list_2021, swiss_token_status_list_v1]
Method used for credential revocation. status_list uses the IETF Token Status List specification, status_list_2021 uses the W3C Status List 2021 specification, swiss_token_status_list_v1 uses the Swiss profile of Token Status List.
When true, ensures that each credential issued under this definition is unique per holder. Prevents duplicate issuance of the same credential type to the same holder.
When true, allows holders to request reissuance of expired or near-expiry credentials using the OID4VCI credential refresh mechanism.
credentialDefinitions object[]
Human-readable label describing the intended use of this credential definition.
Number of days until the issued credential expires. Defaults to 30.
When true, enables credential revocation support.
Possible values: [status_list, status_list_2021, swiss_token_status_list_v1]
Method used for credential revocation.
When true, ensures each credential under this definition is unique per holder.
When true, allows holders to request reissuance of expired credentials.
Array of supported cryptographic key binding methods for issued credentials, as defined in OID4VCI Credential Issuer Metadata (e.g. jwk, did:key, cose_key).
Possible values: [authorization_details, scope_based]
Determines how the wallet requests authorization during the OID4VCI issuance flow. authorization_details uses RFC 9396 Rich Authorization Requests, scope_based uses OAuth 2.0 scope values.
OAuth 2.0 scope value associated with this credential definition. Used when authorizationRequestType is scope_based.
display object
Display properties for the credential card in wallet UIs.
Minimum polling interval (in seconds) for the wallet when using the OID4VCI Deferred Credential Endpoint.
Possible values: [dc+sd-jwt]
Credential format. Must be dc+sd-jwt for IETF SD-JWT VC.
Verifiable Credential Type identifier for IETF SD-JWT VC (e.g. urn:eu.europa.ec.eudi:pid:1).
claims object
JSON object defining the credential claims structure for IETF SD-JWT VC. Each claim can specify selective disclosure via limitDisclosure.
JSON object defining the credential claims structure for IETF SD-JWT VC. Each claim can specify selective disclosure via limitDisclosure.
Namespace identifier for ISO 18013-5 mDoc/mDL (mso_mdoc) format credentials (e.g. org.iso.18013.5.1). Groups related data elements within the mDoc structure.
Human-readable label describing the intended use of this credential definition.
Possible values: [jwk, did:key, did:ebsi, did:web, did:tdw]
DID method or key type used as the trust anchor for credential issuance.
Possible values: [version_01]
OID4VCI specification draft version.
Key Identifier (kid) referencing the cryptographic key used to sign issued credentials.
When true, requires the holder to present a valid Wallet Unit Attestation (WUA).
credentialDefinitions object[]
Array of credential definition configurations for IETF SD-JWT VC format.
Human-readable label for this credential configuration.
Number of days until the issued credential expires.
When true, enables credential revocation support.
Possible values: [status_list, status_list_2021, swiss_token_status_list_v1]
Method used for credential revocation.
When true, ensures each credential is unique per holder.
When true, allows holders to request reissuance.
Supported cryptographic key binding methods (e.g. did:key, jwk, x5c, kid).
Possible values: [authorization_details, scope_based]
Authorization request type.
OAuth 2.0 scope value.
display object
Display properties for the credential card in wallet UIs.
Minimum polling interval (in seconds) for the Deferred Credential Endpoint.
Possible values: [dc+sd-jwt]
Must be dc+sd-jwt for IETF SD-JWT VC.
Verifiable Credential Type identifier (e.g. urn:eu.europa.ec.eudi:pid:1).
claims object
Claims structure with selective disclosure. Contains a claims array where each entry has limitDisclosure, mandatory, and path (flat paths without credentialSubject prefix).
claims object[]
When true, this claim is selectively disclosable by the holder.
When true, this claim is required in the credential.
JSON Pointer path to the claim (e.g. ['given_name'] or ['address', 'country']).
Human-readable label describing the intended use of this credential definition.
Possible values: [jwk, did:key, did:ebsi, did:web, did:tdw]
DID method or key type used as the trust anchor for credential issuance.
Possible values: [version_01]
OID4VCI specification draft version.
Key Identifier (kid) referencing the cryptographic key used to sign issued credentials.
When true, requires the holder to present a valid Wallet Unit Attestation (WUA).
credentialDefinitions object[]
Array of credential definition configurations for ISO 18013-5 mDoc/mDL format.
Human-readable label for this credential configuration.
Number of days until the issued credential expires.
When true, enables credential revocation support.
Possible values: [status_list, status_list_2021, swiss_token_status_list_v1]
Method used for credential revocation.
When true, ensures each credential is unique per holder.
When true, allows holders to request reissuance.
Supported cryptographic key binding methods (e.g. did:key, jwk, x5c, kid).
Possible values: [authorization_details, scope_based]
Authorization request type.
OAuth 2.0 scope value.
display object
Display properties for the credential card in wallet UIs.
Minimum polling interval (in seconds) for the Deferred Credential Endpoint.
Possible values: [mso_mdoc]
Must be mso_mdoc for ISO 18013-5 mDoc/mDL.
Document type identifier (e.g. eu.europa.ec.eudi.pid.1).
claims object
Claims structure with selective disclosure. Contains a claims array where each entry has limitDisclosure, mandatory, and path (namespaced paths prefixed with the doctype, e.g. ['eu.europa.ec.eudi.pid.1', 'given_name']).
claims object[]
When true, this data element is selectively disclosable by the holder.
When true, this data element is required in the credential.
Namespaced path to the data element (e.g. ['eu.europa.ec.eudi.pid.1', 'given_name']).
Human-readable label describing the intended use of this credential definition.
Possible values: [jwk, did:key, did:ebsi, did:web, did:tdw]
DID method or key type used as the trust anchor for credential issuance.
Possible values: [version_01]
OID4VCI specification draft version.
Key Identifier (kid) referencing the cryptographic key used to sign issued credentials.
When true, requires the holder to present a valid Wallet Unit Attestation (WUA).
credentialDefinitions object[]
Array of credential definition configurations for W3C VC (JWT) format.
Human-readable label for this credential configuration.
Number of days until the issued credential expires.
When true, enables credential revocation support.
Possible values: [$.vc.credentialSubject, $.vc, $]
JSONPath expression specifying which part of the credential payload to validate.
Possible values: [status_list, status_list_2021, swiss_token_status_list_v1]
Method used for credential revocation.
When true, ensures each credential is unique per holder.
When true, allows holders to request reissuance.
Supported cryptographic key binding methods (e.g. did:key, jwk, x5c, kid).
Possible values: [authorization_details, scope_based]
Authorization request type.
OAuth 2.0 scope value.
display object
Display properties for the credential card in wallet UIs.
Minimum polling interval (in seconds) for the Deferred Credential Endpoint.
Possible values: [jwt_vc_json]
Must be jwt_vc_json for W3C VC (JWT).
Array of credential type strings (e.g. ['urn:eu.europa.ec.eudi:pid:1']).
credentialDefinition object
Credential claims structure following the W3C Verifiable Credentials Data Model. Contains a claims array where each entry has mandatory and path (paths prefixed with credentialSubject, e.g. ['credentialSubject', 'given_name']).
claims object[]
When true, this claim is required in the credential.
JSON Pointer path to the claim (e.g. ['credentialSubject', 'given_name']).
Responses
- 200
- 401
- 500
Response Headers
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
credentialDefinition object
Unique identifier assigned to the credential definition upon creation. Use this ID to reference the credential definition in OpenID for Verifiable Credentials Issuance (OID4VCI) operations.
Array of credential type strings as defined in the OID4VCI specification. These values appear in the type field of the issued W3C VC (JWT).
JSON object defining the credential structure and its claims for W3C VC (JWT) format (jwt_vc_json).
Unix timestamp (in seconds) indicating when this credential definition was created.
Unix timestamp (in seconds) indicating when this credential definition was last modified.
Human-readable label describing the intended use of this credential definition (e.g. 'Issue Portable Document A1').
Number of days until the issued credential expires. Defaults to 30 if not specified.
display object
Display name for the credential shown in wallet UIs, as specified in the OID4VCI Credential Issuer Metadata.
BCP47 language tag for the display properties (e.g. en-GB).
Human-readable description of the credential purpose.
Hex color code for the credential card background (e.g. #FFFFFF).
Hex color code for text on the credential card (e.g. #000000).
Possible values: [jwt_vc_json, dc+sd-jwt, mso_mdoc]
Credential format identifier as defined in OID4VCI. Supported formats: jwt_vc_json (W3C VC JWT), dc+sd-jwt (IETF SD-JWT VC), mso_mdoc (ISO 18013-5 mDoc/mDL).
Verifiable Credential Type identifier used when credentialFormat is dc+sd-jwt. Included in the vct claim of the issued IETF SD-JWT VC.
Document type identifier used when credentialFormat is mso_mdoc. Identifies the credential in the ISO 18013-5 mDoc/mDL format (e.g. org.iso.18013.5.1.lpid).
claims object
JSON object defining the credential claims structure for IETF SD-JWT VC (dc+sd-jwt) and ISO 18013-5 mDoc/mDL (mso_mdoc) formats.
JSON object defining the credential claims structure for IETF SD-JWT VC (dc+sd-jwt) and ISO 18013-5 mDoc/mDL (mso_mdoc) formats.
When true, enables credential revocation support using the IETF Token Status List specification.
When true, the issuer requires the holder to present a valid Wallet Unit Attestation (WUA) during the OID4VCI issuance flow.
Possible values: [$.vc.credentialSubject, $.vc, $]
JSONPath expression specifying which part of the credential payload to validate. Use $.vc.credentialSubject for W3C VC (JWT), $.vc for full VC validation, or $ for root-level validation.
Possible values: [draft_11, draft_13, draft_15, draft_17, version_01]
OID4VCI specification draft version to use for credential issuance protocol interactions.
Key Identifier (kid) referencing the cryptographic key used to sign issued credentials.
Possible values: [jwk, did:key, did:ebsi, did:web, did:tdw]
DID method or key type used as the trust anchor for credential issuance.
Possible values: [status_list, status_list_2021, swiss_token_status_list_v1]
Method used for credential revocation. status_list uses the IETF Token Status List, status_list_2021 uses the W3C Status List 2021, swiss_token_status_list_v1 uses the Swiss profile.
When true, ensures each credential issued under this definition is unique per holder.
When true, allows holders to request reissuance of expired or near-expiry credentials.
credentialDefinitions object[]
Human-readable label describing the intended use of this credential definition.
Number of days until the issued credential expires. Defaults to 30.
When true, enables credential revocation support.
Possible values: [status_list, status_list_2021, swiss_token_status_list_v1]
Method used for credential revocation.
When true, ensures each credential under this definition is unique per holder.
When true, allows holders to request reissuance of expired credentials.
Array of supported cryptographic key binding methods for issued credentials, as defined in OID4VCI Credential Issuer Metadata (e.g. jwk, did:key, cose_key).
Possible values: [authorization_details, scope_based]
Determines how the wallet requests authorization during the OID4VCI issuance flow. authorization_details uses RFC 9396 Rich Authorization Requests, scope_based uses OAuth 2.0 scope values.
OAuth 2.0 scope value associated with this credential definition. Used when authorizationRequestType is scope_based.
display object
Display properties for the credential card in wallet UIs.
Minimum polling interval (in seconds) for the wallet when using the OID4VCI Deferred Credential Endpoint.
Possible values: [dc+sd-jwt]
Credential format. Must be dc+sd-jwt for IETF SD-JWT VC.
Verifiable Credential Type identifier for IETF SD-JWT VC (e.g. urn:eu.europa.ec.eudi:pid:1).
claims object
JSON object defining the credential claims structure for IETF SD-JWT VC. Each claim can specify selective disclosure via limitDisclosure.
JSON object defining the credential claims structure for IETF SD-JWT VC. Each claim can specify selective disclosure via limitDisclosure.
Namespace identifier for ISO 18013-5 mDoc/mDL (mso_mdoc) format credentials (e.g. org.iso.18013.5.1).
{
"credentialDefinition": {
"credentialDefinitionId": "string",
"type": [
"string"
],
"credentialDefinition": {},
"createdAt": 0,
"updatedAt": 0,
"label": "string",
"expirationInDays": 0,
"display": {
"name": "string",
"locale": "string",
"description": "string",
"backgroundColor": "string",
"textColor": "string"
},
"credentialFormat": "jwt_vc_json",
"vct": "string",
"doctype": "string",
"claims": {},
"supportRevocation": true,
"enforceWUA": true,
"validationPath": "$.vc.credentialSubject",
"version": "draft_11",
"kid": "string",
"trustAnchor": "jwk",
"revocationMethod": "status_list",
"enforceCredentialUniqueness": true,
"supportCredentialReissuance": true,
"credentialDefinitions": [
{
"label": "string",
"expirationInDays": 0,
"supportRevocation": true,
"revocationMethod": "status_list",
"enforceCredentialUniqueness": true,
"supportCredentialReissuance": true,
"credentialBindingMethods": [
"string"
],
"authorizationRequestType": "authorization_details",
"scope": "string",
"display": {
"name": "string",
"description": "string",
"backgroundColor": "string",
"textColor": "string"
},
"credentialResponseInterval": 0,
"credentialFormat": "dc+sd-jwt",
"vct": "string",
"claims": {}
}
],
"namespace": "string"
}
}
Unauthorized
Response Headers
- application/json
- Schema
- Example (from schema)
Schema
{
"errorCode": 400,
"errorDescription": "Bad input parameter"
}
Internal server error
Response Headers
- application/json
- Schema
- Example (from schema)
Schema
{
"errorCode": 400,
"errorDescription": "Bad input parameter"
}