Read credential definition
GET/v2/config/digital-wallet/openid/sdjwt/credential-definition/:credentialDefinitionId
Retrieves a credential definition by its ID, including the credential type, format, claims structure, and issuance settings.
Request
Path Parameters
Unique identifier of the credential definition that specifies the credential format, type, and claims structure for OID4VCI issuance.
Responses
- 200
- 401
- 500
Credential definition retrieved successfully
Response Headers
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
credentialDefinition object
Unique identifier assigned to the credential definition upon creation. Use this ID to reference the credential definition in OpenID for Verifiable Credentials Issuance (OID4VCI) operations.
Array of credential type strings as defined in the OID4VCI specification. These values appear in the type field of the issued W3C VC (JWT).
JSON object defining the credential structure and its claims for W3C VC (JWT) format (jwt_vc_json).
Unix timestamp (in seconds) indicating when this credential definition was created.
Unix timestamp (in seconds) indicating when this credential definition was last modified.
Human-readable label describing the intended use of this credential definition (e.g. 'Issue Portable Document A1').
Number of days until the issued credential expires. Defaults to 30 if not specified.
display object
Display name for the credential shown in wallet UIs, as specified in the OID4VCI Credential Issuer Metadata.
BCP47 language tag for the display properties (e.g. en-GB).
Human-readable description of the credential purpose.
Hex color code for the credential card background (e.g. #FFFFFF).
Hex color code for text on the credential card (e.g. #000000).
Possible values: [jwt_vc_json, dc+sd-jwt, mso_mdoc]
Credential format identifier as defined in OID4VCI. Supported formats: jwt_vc_json (W3C VC JWT), dc+sd-jwt (IETF SD-JWT VC), mso_mdoc (ISO 18013-5 mDoc/mDL).
Verifiable Credential Type identifier used when credentialFormat is dc+sd-jwt. Included in the vct claim of the issued IETF SD-JWT VC.
Document type identifier used when credentialFormat is mso_mdoc. Identifies the credential in the ISO 18013-5 mDoc/mDL format (e.g. org.iso.18013.5.1.lpid).
claims object
JSON object defining the credential claims structure for IETF SD-JWT VC (dc+sd-jwt) and ISO 18013-5 mDoc/mDL (mso_mdoc) formats.
JSON object defining the credential claims structure for IETF SD-JWT VC (dc+sd-jwt) and ISO 18013-5 mDoc/mDL (mso_mdoc) formats.
When true, enables credential revocation support using the IETF Token Status List specification.
When true, the issuer requires the holder to present a valid Wallet Unit Attestation (WUA) during the OID4VCI issuance flow.
Possible values: [$.vc.credentialSubject, $.vc, $]
JSONPath expression specifying which part of the credential payload to validate. Use $.vc.credentialSubject for W3C VC (JWT), $.vc for full VC validation, or $ for root-level validation.
Possible values: [draft_11, draft_13, draft_15, draft_17, version_01]
OID4VCI specification draft version to use for credential issuance protocol interactions.
Key Identifier (kid) referencing the cryptographic key used to sign issued credentials.
Possible values: [jwk, did:key, did:ebsi, did:web, did:tdw]
DID method or key type used as the trust anchor for credential issuance.
Possible values: [status_list, status_list_2021, swiss_token_status_list_v1]
Method used for credential revocation. status_list uses the IETF Token Status List, status_list_2021 uses the W3C Status List 2021, swiss_token_status_list_v1 uses the Swiss profile.
When true, ensures each credential issued under this definition is unique per holder.
When true, allows holders to request reissuance of expired or near-expiry credentials.
credentialDefinitions object[]
Human-readable label describing the intended use of this credential definition.
Number of days until the issued credential expires. Defaults to 30.
When true, enables credential revocation support.
Possible values: [status_list, status_list_2021, swiss_token_status_list_v1]
Method used for credential revocation.
When true, ensures each credential under this definition is unique per holder.
When true, allows holders to request reissuance of expired credentials.
Array of supported cryptographic key binding methods for issued credentials, as defined in OID4VCI Credential Issuer Metadata (e.g. jwk, did:key, cose_key).
Possible values: [authorization_details, scope_based]
Determines how the wallet requests authorization during the OID4VCI issuance flow. authorization_details uses RFC 9396 Rich Authorization Requests, scope_based uses OAuth 2.0 scope values.
OAuth 2.0 scope value associated with this credential definition. Used when authorizationRequestType is scope_based.
display object
Display properties for the credential card in wallet UIs.
Minimum polling interval (in seconds) for the wallet when using the OID4VCI Deferred Credential Endpoint.
Possible values: [dc+sd-jwt]
Credential format. Must be dc+sd-jwt for IETF SD-JWT VC.
Verifiable Credential Type identifier for IETF SD-JWT VC (e.g. urn:eu.europa.ec.eudi:pid:1).
claims object
JSON object defining the credential claims structure for IETF SD-JWT VC. Each claim can specify selective disclosure via limitDisclosure.
JSON object defining the credential claims structure for IETF SD-JWT VC. Each claim can specify selective disclosure via limitDisclosure.
Namespace identifier for ISO 18013-5 mDoc/mDL (mso_mdoc) format credentials (e.g. org.iso.18013.5.1).
{
"credentialDefinition": {
"credentialDefinitionId": "string",
"type": [
"string"
],
"credentialDefinition": {},
"createdAt": 0,
"updatedAt": 0,
"label": "string",
"expirationInDays": 0,
"display": {
"name": "string",
"locale": "string",
"description": "string",
"backgroundColor": "string",
"textColor": "string"
},
"credentialFormat": "jwt_vc_json",
"vct": "string",
"doctype": "string",
"claims": {},
"supportRevocation": true,
"enforceWUA": true,
"validationPath": "$.vc.credentialSubject",
"version": "draft_11",
"kid": "string",
"trustAnchor": "jwk",
"revocationMethod": "status_list",
"enforceCredentialUniqueness": true,
"supportCredentialReissuance": true,
"credentialDefinitions": [
{
"label": "string",
"expirationInDays": 0,
"supportRevocation": true,
"revocationMethod": "status_list",
"enforceCredentialUniqueness": true,
"supportCredentialReissuance": true,
"credentialBindingMethods": [
"string"
],
"authorizationRequestType": "authorization_details",
"scope": "string",
"display": {
"name": "string",
"description": "string",
"backgroundColor": "string",
"textColor": "string"
},
"credentialResponseInterval": 0,
"credentialFormat": "dc+sd-jwt",
"vct": "string",
"claims": {}
}
],
"namespace": "string"
}
}
Unauthorized
Response Headers
- application/json
- Schema
- Example (from schema)
Schema
{
"errorCode": 400,
"errorDescription": "Bad input parameter"
}
Internal server error
Response Headers
- application/json
- Schema
- Example (from schema)
Schema
{
"errorCode": 400,
"errorDescription": "Bad input parameter"
}