Create presentation definition
POST/v2/config/digital-wallet/openid/sdjwt/presentation-definition
Creates a new presentation definition specifying the credential types and claims required for OpenID4VP verification. Supports DIF Presentation Exchange and DCQL query formats.
Request
- application/json
Body
- Default (all fields)
- IETF SD-JWT VC
- ISO 18013-5 mDoc/mDL
- W3C VC (JWT)
Human-readable label describing the purpose of this presentation definition (e.g. 'Verify Portable Document A1'). Used to identify the presentation definition in the verifier's dashboard.
presentationDefinition object
JSON object defining the credential requirements for verification, following the DIF Presentation Exchange specification. Specifies which credential types and claims the verifier requires from the holder. Reference: https://identity.foundation/presentation-exchange/
JSON object defining the credential requirements for verification, following the DIF Presentation Exchange specification. Specifies which credential types and claims the verifier requires from the holder. Reference: https://identity.foundation/presentation-exchange/
Possible values: [payment_data]
Type of transaction data to bind to the verification request. payment_data enables payment confirmation flows where the holder must confirm transaction details before presenting credentials.
When true, the verifier requires the holder to present a valid Wallet Unit Attestation (WUA) alongside the Verifiable Presentation, as defined in the EUDI Wallet Architecture Reference Framework.
Possible values: [draft_14, draft_18, draft_23, version_01]
OpenID for Verifiable Presentation (OpenID4VP) specification draft version to use for verification protocol interactions. Determines the Authorization Request format and supported features.
Key Identifier (kid) referencing the cryptographic key used by the verifier for signing the Authorization Request or for response encryption.
Possible values: [jwk, did:key, did:ebsi, did:web, did:tdw]
DID method or key type used as the verifier's trust anchor. Determines how the verifier's identity is published and resolved by holders.
OAuth 2.0 scope value for scope-based credential presentation requests.
Possible values: [id_token, vp_token]
OAuth 2.0 response type for the OpenID4VP Authorization Request. vp_token requests a Verifiable Presentation. id_token requests an OpenID Connect ID Token.
dcqlQuery object
Digital Credentials Query Language (DCQL) query object defining the credentials and claims requested from the holder. DCQL is an alternative to DIF Presentation Exchange for specifying credential requirements in OpenID4VP.
Digital Credentials Query Language (DCQL) query object defining the credentials and claims requested from the holder. DCQL is an alternative to DIF Presentation Exchange for specifying credential requirements in OpenID4VP.
Possible values: [redirect_uri, did, verifier_attestation, x509_san_dns, x509_hash]
Client ID scheme used by the verifier in the OpenID4VP Authorization Request. Determines how the verifier identifies itself to the holder's wallet. redirect_uri uses a redirect URI, did uses a DID, verifier_attestation uses a Verifier Attestation JWT, x509_san_dns uses an X.509 certificate SAN DNS name, x509_hash uses an X.509 certificate hash.
URI that the holder's wallet redirects to after posting the Authorization Response via direct_post response mode. Used to return the user to the verifier's application.
Possible values: [direct_post, direct_post.jwt]
OpenID4VP response mode specifying how the holder's wallet delivers the Authorization Response. direct_post sends the response via HTTP POST to the verifier's endpoint. direct_post.jwt sends the response as an encrypted JWT via HTTP POST.
Possible values: [A128CBC-HS256, A128GCM, A256GCM]
Array of JWE content encryption algorithms supported by the verifier for encrypting the OpenID4VP Authorization Response.
Human-readable label describing the purpose of this presentation definition.
Possible values: [jwk, did:key, did:ebsi, did:web, did:tdw]
DID method or key type used as the verifier's trust anchor.
Possible values: [version_01]
OpenID4VP specification draft version.
Key Identifier (kid) for the verifier's cryptographic key.
Possible values: [id_token, vp_token]
OAuth 2.0 response type. Use vp_token for Verifiable Presentation.
Possible values: [redirect_uri, did, verifier_attestation, x509_san_dns, x509_hash]
Client ID scheme used by the verifier in the OpenID4VP Authorization Request.
Possible values: [direct_post, direct_post.jwt]
OpenID4VP response mode for delivering the Authorization Response.
When true, requires the holder to present a valid Wallet Unit Attestation (WUA).
dcqlQuery object
DCQL query for IETF SD-JWT VC format. Uses format: dc+sd-jwt and vct_values in metadata. Claim paths are flat (e.g. ['identifier']).
DCQL query for IETF SD-JWT VC format. Uses format: dc+sd-jwt and vct_values in metadata. Claim paths are flat (e.g. ['identifier']).
Human-readable label describing the purpose of this presentation definition.
Possible values: [jwk, did:key, did:ebsi, did:web, did:tdw]
DID method or key type used as the verifier's trust anchor.
Possible values: [version_01]
OpenID4VP specification draft version.
Key Identifier (kid) for the verifier's cryptographic key.
Possible values: [id_token, vp_token]
OAuth 2.0 response type. Use vp_token for Verifiable Presentation.
Possible values: [redirect_uri, did, verifier_attestation, x509_san_dns, x509_hash]
Client ID scheme used by the verifier in the OpenID4VP Authorization Request.
Possible values: [direct_post, direct_post.jwt]
OpenID4VP response mode for delivering the Authorization Response.
When true, requires the holder to present a valid Wallet Unit Attestation (WUA).
dcqlQuery object
DCQL query for ISO 18013-5 mDoc/mDL format. Uses format: mso_mdoc and doctype_value in metadata. Claim paths are namespaced (e.g. ['org.iso.18013.5.1', 'identifier']).
DCQL query for ISO 18013-5 mDoc/mDL format. Uses format: mso_mdoc and doctype_value in metadata. Claim paths are namespaced (e.g. ['org.iso.18013.5.1', 'identifier']).
Human-readable label describing the purpose of this presentation definition.
Possible values: [jwk, did:key, did:ebsi, did:web, did:tdw]
DID method or key type used as the verifier's trust anchor.
Possible values: [version_01]
OpenID4VP specification draft version.
Key Identifier (kid) for the verifier's cryptographic key.
Possible values: [id_token, vp_token]
OAuth 2.0 response type. Use vp_token for Verifiable Presentation.
Possible values: [redirect_uri, did, verifier_attestation, x509_san_dns, x509_hash]
Client ID scheme used by the verifier in the OpenID4VP Authorization Request.
Possible values: [direct_post, direct_post.jwt]
OpenID4VP response mode for delivering the Authorization Response.
When true, requires the holder to present a valid Wallet Unit Attestation (WUA).
dcqlQuery object
DCQL query for W3C VC (JWT) format. Uses format: jwt_vc_json and type_values in metadata. Claim paths include credentialSubject prefix (e.g. ['credentialSubject', 'identifier']).
DCQL query for W3C VC (JWT) format. Uses format: jwt_vc_json and type_values in metadata. Claim paths include credentialSubject prefix (e.g. ['credentialSubject', 'identifier']).
Responses
- 201
- 401
- 500
Response Headers
- application/json
- Schema
- Example (from schema)
Schema
presentationDefinition object
Unique identifier assigned to the presentation definition upon creation. Use this ID when sending verification requests.
Human-readable label describing the purpose of this presentation definition (e.g. 'Verify Portable Document A1'). Used to identify the presentation definition in the verifier's dashboard.
presentationDefinition objectrequired
JSON object defining the credential requirements for verification, following the DIF Presentation Exchange specification. Specifies which credential types and claims the verifier requires from the holder. Reference: https://identity.foundation/presentation-exchange/
JSON object defining the credential requirements for verification, following the DIF Presentation Exchange specification. Specifies which credential types and claims the verifier requires from the holder. Reference: https://identity.foundation/presentation-exchange/
Possible values: [payment_data]
Type of transaction data to bind to the verification request. payment_data enables payment confirmation flows where the holder must confirm transaction details before presenting credentials.
When true, the verifier requires the holder to present a valid Wallet Unit Attestation (WUA) alongside the Verifiable Presentation, as defined in the EUDI Wallet Architecture Reference Framework.
Unix timestamp (in seconds) when this presentation definition was created.
Unix timestamp (in seconds) when this presentation definition was last modified.
Possible values: [draft_14, draft_18, draft_23, version_01]
OpenID for Verifiable Presentation (OpenID4VP) specification draft version to use for verification protocol interactions. Determines the Authorization Request format and supported features.
Key Identifier (kid) referencing the cryptographic key used by the verifier for signing the Authorization Request or for response encryption.
Possible values: [jwk, did:key, did:ebsi, did:web, did:tdw]
DID method or key type used as the verifier's trust anchor. Determines how the verifier's identity is published and resolved by holders.
OAuth 2.0 scope value for scope-based credential presentation requests.
Possible values: [id_token, vp_token]
OAuth 2.0 response type for the OpenID4VP Authorization Request. vp_token requests a Verifiable Presentation. id_token requests an OpenID Connect ID Token.
dcqlQuery object
Digital Credentials Query Language (DCQL) query object defining the credentials and claims requested from the holder. DCQL is an alternative to DIF Presentation Exchange for specifying credential requirements in OpenID4VP.
Digital Credentials Query Language (DCQL) query object defining the credentials and claims requested from the holder. DCQL is an alternative to DIF Presentation Exchange for specifying credential requirements in OpenID4VP.
Possible values: [redirect_uri, did, verifier_attestation, x509_san_dns, x509_hash]
Client ID scheme used by the verifier in the OpenID4VP Authorization Request. Determines how the verifier identifies itself to the holder's wallet. redirect_uri uses a redirect URI, did uses a DID, verifier_attestation uses a Verifier Attestation JWT, x509_san_dns uses an X.509 certificate SAN DNS name, x509_hash uses an X.509 certificate hash.
URI that the holder's wallet redirects to after posting the Authorization Response via direct_post response mode. Used to return the user to the verifier's application.
Possible values: [direct_post, direct_post.jwt]
OpenID4VP response mode specifying how the holder's wallet delivers the Authorization Response. direct_post sends the response via HTTP POST to the verifier's endpoint. direct_post.jwt sends the response as an encrypted JWT via HTTP POST.
Possible values: [A128CBC-HS256, A128GCM, A256GCM]
Array of JWE content encryption algorithms supported by the verifier for encrypting the OpenID4VP Authorization Response.
{
"presentationDefinition": {
"presentationDefinitionId": "string",
"label": "string",
"presentationDefinition": {},
"transactionDataDefinitionType": "payment_data",
"enforceWUA": true,
"createdAt": 0,
"updatedAt": 0,
"version": "draft_14",
"kid": "string",
"trustAnchor": "jwk",
"scope": "string",
"responseType": "id_token",
"dcqlQuery": {},
"clientIdScheme": "redirect_uri",
"directPostRedirectUri": "string",
"responseMode": "direct_post",
"encryptedResponseEncValuesSupported": [
"A128CBC-HS256"
]
}
}
Unauthorized
Response Headers
- application/json
- Schema
- Example (from schema)
Schema
{
"errorCode": 400,
"errorDescription": "Bad input parameter"
}
Internal server error
Response Headers
- application/json
- Schema
- Example (from schema)
Schema
{
"errorCode": 400,
"errorDescription": "Bad input parameter"
}