API Reference¶
EUDIPLO exposes a REST API based on the OpenAPI 3.0 standard. This interface allows systems to issue credentials, verify presentations, and configure credential behavior through standard HTTP endpoints.
OpenAPI Endpoints¶
When running EUDIPLO, the following endpoints are available:
- Swagger UI: http://localhost:3000/api
- OpenAPI Spec (JSON): http://localhost:3000/api-json
You can use this OpenAPI specification to generate client libraries.
EUDIPLO Service API 0.0.1¶
This is the API documentation for the EUDIPLO Service, which provides credential issuance and verification services.
WellKnown¶
GET /.well-known/openid-credential-issuer¶
Get OpenID4VCI issuer metadata
Description
Returns the OpenID4VCI issuer metadata.
Response 200 OK
{
"credential_issuer": "string",
"authorization_servers": [
"string"
],
"credential_endpoint": "string",
"notification_endpoint": "string",
"batch_credential_issuance": {
"batch_size": 10.12
},
"display": [
{}
],
"credential_configurations_supported": {},
"authorization_server": "string"
}
Schema of the response body
{
"type": "object",
"properties": {
"credential_issuer": {
"type": "string"
},
"authorization_servers": {
"type": "array",
"items": {
"type": "string"
}
},
"credential_endpoint": {
"type": "string"
},
"notification_endpoint": {
"type": "string"
},
"batch_credential_issuance": {
"type": "object",
"properties": {
"batch_size": {
"type": "number"
}
},
"required": [
"batch_size"
]
},
"display": {
"type": "array",
"items": {
"type": "object"
}
},
"credential_configurations_supported": {
"type": "object"
},
"authorization_server": {
"type": "string"
}
},
"required": [
"credential_issuer",
"authorization_servers",
"credential_endpoint",
"notification_endpoint",
"batch_credential_issuance",
"display",
"credential_configurations_supported",
"authorization_server"
]
}
GET /.well-known/oauth-authorization-server¶
Authorization Server Metadata
Response 200 OK
{
"issuer": "string",
"token_endpoint": "string",
"authorization_endpoint": "string",
"jwks_uri": "string",
"code_challenge_methods_supported": [
"string"
],
"dpop_signing_alg_values_supported": [
"string"
],
"require_pushed_authorization_requests": true,
"pushed_authorization_request_endpoint": "string",
"authorization_challenge_endpoint": "string"
}
Schema of the response body
{
"type": "object",
"properties": {
"issuer": {
"type": "string"
},
"token_endpoint": {
"type": "string"
},
"authorization_endpoint": {
"type": "string"
},
"jwks_uri": {
"type": "string"
},
"code_challenge_methods_supported": {
"type": "array",
"items": {
"type": "string"
}
},
"dpop_signing_alg_values_supported": {
"type": "array",
"items": {
"type": "string"
}
},
"require_pushed_authorization_requests": {
"type": "boolean"
},
"pushed_authorization_request_endpoint": {
"type": "string"
},
"authorization_challenge_endpoint": {
"type": "string"
}
},
"required": [
"issuer",
"token_endpoint",
"authorization_endpoint",
"jwks_uri",
"code_challenge_methods_supported",
"dpop_signing_alg_values_supported",
"require_pushed_authorization_requests",
"pushed_authorization_request_endpoint",
"authorization_challenge_endpoint"
]
}
GET /.well-known/jwks.json¶
Returns the JSON Web Key Set (JWKS) for the authorization server.
Response 200 OK
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Oid4vci¶
POST /vci/offer¶
Create an offer for a credential. This endpoint may be protected
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
apiKey |
header | string | N/A | No | API key |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
{
"type": "object",
"properties": {
"response_type": {
"example": "qrcode",
"enum": [
"qrcode",
"uri"
],
"type": "string",
"description": "The type of response expected for the offer request."
},
"credentialConfigurationIds": {
"example": [
"pid"
],
"minItems": 1,
"type": "array",
"items": {
"type": "string"
}
}
},
"required": [
"response_type",
"credentialConfigurationIds"
]
}
Response 201 Created
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
POST /vci/credential¶
Endpoint to issue credentials
Response 201 Created
POST /vci/notification¶
Response 201 Created
Authorize¶
GET /authorize¶
Endpoint to handle the Authorization Request.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
auth_session |
query | string | No | ||
client_id |
query | string | No | ||
code_challenge |
query | string | No | ||
code_challenge_method |
query | string | No | ||
dpop_jkt |
query | string | No | ||
issuer_state |
query | string | No | ||
redirect_uri |
query | string | No | ||
request_uri |
query | string | No | ||
resource |
query | string | No | ||
response_type |
query | string | No | ||
scope |
query | string | No |
Response 200 OK
POST /authorize/par¶
Endpoint to handle the Pushed Authorization Request (PAR).
Request body
{
"issuer_state": "string",
"response_type": "string",
"client_id": "string",
"redirect_uri": "string",
"resource": "string",
"scope": "string",
"code_challenge": "string",
"code_challenge_method": "string",
"dpop_jkt": "string",
"request_uri": "string",
"auth_session": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"issuer_state": {
"type": "string"
},
"response_type": {
"type": "string"
},
"client_id": {
"type": "string"
},
"redirect_uri": {
"type": "string"
},
"resource": {
"type": "string"
},
"scope": {
"type": "string"
},
"code_challenge": {
"type": "string"
},
"code_challenge_method": {
"type": "string"
},
"dpop_jkt": {
"type": "string"
},
"request_uri": {
"type": "string"
},
"auth_session": {
"type": "string"
}
}
}
Response 201 Created
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the response body
POST /authorize/token¶
Endpoint to validate the token request. This endpoint is used to exchange the authorization code for an access token.
Response 201 Created
POST /authorize/challenge¶
Endpoint for the authorization challenge.
Request body
{
"issuer_state": "string",
"response_type": "string",
"client_id": "string",
"redirect_uri": "string",
"resource": "string",
"scope": "string",
"code_challenge": "string",
"code_challenge_method": "string",
"dpop_jkt": "string",
"request_uri": "string",
"auth_session": "string"
}
Schema of the request body
{
"type": "object",
"properties": {
"issuer_state": {
"type": "string"
},
"response_type": {
"type": "string"
},
"client_id": {
"type": "string"
},
"redirect_uri": {
"type": "string"
},
"resource": {
"type": "string"
},
"scope": {
"type": "string"
},
"code_challenge": {
"type": "string"
},
"code_challenge_method": {
"type": "string"
},
"dpop_jkt": {
"type": "string"
},
"request_uri": {
"type": "string"
},
"auth_session": {
"type": "string"
}
}
}
Response 201 Created
credentials¶
GET /credentials/vct/{id}¶
Retrieves the VCT (Verifiable Credential Type) from the credentials service.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
id |
path | string | No |
Response 200 OK
{
"vct": "string",
"name": "string",
"description": "string",
"extends": "string",
"extends#integrity": "string",
"schema_uri": "string",
"schema_uri#integrity": "string"
}
Schema of the response body
{
"type": "object",
"properties": {
"vct": {
"type": "string"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"extends": {
"type": "string"
},
"extends#integrity": {
"type": "string"
},
"schema_uri": {
"type": "string"
},
"schema_uri#integrity": {
"type": "string"
}
},
"required": [
"vct"
]
}
GET /credentials/schema/{id}¶
Retrieves the schema for a specific credential
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
id |
path | string | No |
Response 200 OK
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the response body
{
"type": "object",
"properties": {
"$schema": {
"type": "object",
"default": "https://json-schema.org/draft/2020-12/schema"
},
"type": {
"type": "object",
"default": "object"
},
"properties": {
"type": "object"
},
"required": {
"type": "array",
"items": {
"type": "string"
}
}
},
"required": [
"$schema",
"type",
"properties",
"required"
]
}
IssuerManagment¶
GET /issuer-managment¶
Returns the credential configuration for all supported credentials.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
apiKey |
header | string | N/A | No | API key |
Response 200 OK
[
{
"id": "string",
"config": {},
"claims": {},
"disclosureFrame": {},
"vct": {
"vct": "string",
"name": "string",
"description": "string",
"extends": "string",
"extends#integrity": "string",
"schema_uri": "string",
"schema_uri#integrity": "string"
},
"presentation_during_issuance": {
"type": "string",
"webhook": {
"url": "string",
"auhth": {
"type": "apiKey",
"config": {
"headerName": "string",
"value": "string"
}
}
}
},
"schema": {
"$schema": {},
"type": {},
"properties": {},
"required": [
"string"
]
}
}
]
POST /issuer-managment¶
Stores a credential configuration. If it already exists, it will be updated.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
apiKey |
header | string | N/A | No | API key |
Request body
{
"id": "string",
"config": {},
"claims": {},
"disclosureFrame": {},
"vct": {
"vct": "string",
"name": "string",
"description": "string",
"extends": "string",
"extends#integrity": "string",
"schema_uri": "string",
"schema_uri#integrity": "string"
},
"presentation_during_issuance": {
"type": "string",
"webhook": {
"url": "string",
"auhth": {
"type": "apiKey",
"config": {
"headerName": "string",
"value": "string"
}
}
}
},
"schema": {
"$schema": {},
"type": {},
"properties": {},
"required": [
"string"
]
}
}
Schema of the request body
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"config": {
"type": "object"
},
"claims": {
"type": "object"
},
"disclosureFrame": {
"type": "object"
},
"vct": {
"$ref": "#/components/schemas/VCT"
},
"presentation_during_issuance": {
"$ref": "#/components/schemas/PresentationDuringIssuance"
},
"schema": {
"$ref": "#/components/schemas/SchemaResponse"
}
},
"required": [
"id",
"config",
"claims",
"disclosureFrame",
"schema"
]
}
Response 201 Created
DELETE /issuer-managment/{id}¶
Deletes a credential configuration by its ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
apiKey |
header | string | N/A | No | API key |
id |
path | string | No |
Response 200 OK
status-management¶
GET /status-management/status-list¶
Get the status list
Response 200 OK
POST /status-management¶
Update the status of the credentials of a specific session.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
apiKey |
header | string | N/A | No | API key |
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Schema of the request body
{
"type": "object",
"properties": {
"sessionId": {
"type": "string",
"description": "The session ID of the user"
},
"credentialConfigurationId": {
"type": "string",
"description": "The ID of the credential configuration\nThis is optional, if not provided, all credentials will be revoked of the session."
},
"status": {
"type": "number",
"description": "The status of the credential\n0 = valid, 1 = revoked",
"enum": [
0,
1
]
}
},
"required": [
"sessionId",
"status"
]
}
Response 201 Created
Oid4vp¶
POST /oid4vp¶
Create an offer for a credential. This endpoint may be protected
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
apiKey |
header | string | N/A | No | API key |
Request body
{
"response_type": "qrcode",
"requestId": "pid",
"webhook": {
"url": "string",
"auhth": {
"type": "apiKey",
"config": {
"headerName": "string",
"value": "string"
}
}
}
}
Schema of the request body
Response 201 Created
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
GET /oid4vp/request/{requestId}/{session}¶
Returns the authorization request for a given requestId and session.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
requestId |
path | string | No | ||
session |
path | string | No |
Response 200 OK
POST /oid4vp/response¶
Endpoint to receive the response from the wallet.
Request body
⚠️ This example has been generated automatically from the schema and it is not accurate. Refer to the schema for more information.
Response 201 Created
PresentationManagement¶
GET /presentation-management¶
Returns the presentation request configurations.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
apiKey |
header | string | N/A | No | API key |
Response 200 OK
POST /presentation-management¶
Store a presentation request configuration. If it already exists, it will be updated.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
apiKey |
header | string | N/A | No | API key |
Request body
{
"id": "string",
"dcql_query": {},
"registrationCert": {
"id": "string",
"body": {}
},
"webhook": null
}
Schema of the request body
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the VP request."
},
"dcql_query": {
"type": "object",
"description": "The DCQL query to be used for the VP request."
},
"registrationCert": {
"$ref": "#/components/schemas/RegistrationCertificateRequest"
},
"webhook": {
"description": "Optional webhook URL to receive the response.",
"allOf": [
{
"$ref": "#/components/schemas/WebhookConfig"
}
]
}
},
"required": [
"id",
"dcql_query",
"registrationCert"
]
}
Response 201 Created
DELETE /presentation-management/{id}¶
Deletes a presentation request configuration by its ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
apiKey |
header | string | N/A | No | API key |
id |
path | string | No |
Response 200 OK
Session¶
GET /session¶
Retrieves all sessions.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
apiKey |
header | string | N/A | No | API key |
Response 200 OK
[
{
"id": "string",
"credentials": [
{}
],
"authorization_code": "string",
"request_uri": "string",
"auth_queries": {
"issuer_state": "string",
"response_type": "string",
"client_id": "string",
"redirect_uri": "string",
"resource": "string",
"scope": "string",
"code_challenge": "string",
"code_challenge_method": "string",
"dpop_jkt": "string",
"request_uri": "string",
"auth_session": "string"
},
"vp_nonce": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"offer": {},
"credentialPayload": {
"response_type": "qrcode",
"credentialConfigurationIds": [
"pid"
]
},
"webhook": {
"url": "string",
"auhth": {
"type": "apiKey",
"config": {
"headerName": "string",
"value": "string"
}
}
}
}
]
GET /session/{id}¶
Retrieves the session information for a given session ID.
Input parameters
| Parameter | In | Type | Default | Nullable | Description |
|---|---|---|---|---|---|
apiKey |
header | string | N/A | No | API key |
id |
path | string | No |
Response 200 OK
{
"id": "string",
"credentials": [
{}
],
"authorization_code": "string",
"request_uri": "string",
"auth_queries": {
"issuer_state": "string",
"response_type": "string",
"client_id": "string",
"redirect_uri": "string",
"resource": "string",
"scope": "string",
"code_challenge": "string",
"code_challenge_method": "string",
"dpop_jkt": "string",
"request_uri": "string",
"auth_session": "string"
},
"vp_nonce": "string",
"createdAt": "2022-04-13T15:42:05.901Z",
"offer": {},
"credentialPayload": {
"response_type": "qrcode",
"credentialConfigurationIds": [
"pid"
]
},
"webhook": {
"url": "string",
"auhth": {
"type": "apiKey",
"config": {
"headerName": "string",
"value": "string"
}
}
}
}
Schema of the response body
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"credentials": {
"type": "array",
"items": {
"type": "object"
}
},
"authorization_code": {
"type": "string"
},
"request_uri": {
"type": "string"
},
"auth_queries": {
"$ref": "#/components/schemas/AuthorizeQueries"
},
"vp_nonce": {
"type": "string"
},
"createdAt": {
"format": "date-time",
"type": "string"
},
"offer": {
"type": "object"
},
"credentialPayload": {
"$ref": "#/components/schemas/OfferRequest"
},
"webhook": {
"$ref": "#/components/schemas/WebhookConfig"
}
},
"required": [
"id",
"createdAt"
]
}
Health¶
GET /health¶
Endpoint to check the health of the service.
Response 200 OK
{
"status": "ok",
"info": {
"database": {
"status": "up"
}
},
"error": {},
"details": {
"database": {
"status": "up"
}
}
}
Schema of the response body
{
"type": "object",
"properties": {
"status": {
"type": "string",
"example": "ok"
},
"info": {
"type": "object",
"example": {
"database": {
"status": "up"
}
},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
},
"nullable": true
},
"error": {
"type": "object",
"example": {},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
},
"nullable": true
},
"details": {
"type": "object",
"example": {
"database": {
"status": "up"
}
},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
}
}
}
}
Response 503 Service Unavailable
{
"status": "error",
"info": {
"database": {
"status": "up"
}
},
"error": {
"redis": {
"status": "down",
"message": "Could not connect"
}
},
"details": {
"database": {
"status": "up"
},
"redis": {
"status": "down",
"message": "Could not connect"
}
}
}
Schema of the response body
{
"type": "object",
"properties": {
"status": {
"type": "string",
"example": "error"
},
"info": {
"type": "object",
"example": {
"database": {
"status": "up"
}
},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
},
"nullable": true
},
"error": {
"type": "object",
"example": {
"redis": {
"status": "down",
"message": "Could not connect"
}
},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
},
"nullable": true
},
"details": {
"type": "object",
"example": {
"database": {
"status": "up"
},
"redis": {
"status": "down",
"message": "Could not connect"
}
},
"additionalProperties": {
"type": "object",
"required": [
"status"
],
"properties": {
"status": {
"type": "string"
}
},
"additionalProperties": true
}
}
}
}
Schemas¶
ApiKeyConfig¶
| Name | Type |
|---|---|
headerName |
string |
value |
string |
AuthorizationResponse¶
| Name | Type |
|---|---|
response |
string |
AuthorizeQueries¶
| Name | Type |
|---|---|
auth_session |
string |
client_id |
string |
code_challenge |
string |
code_challenge_method |
string |
dpop_jkt |
string |
issuer_state |
string |
redirect_uri |
string |
request_uri |
string |
resource |
string |
response_type |
string |
scope |
string |
CredentialConfig¶
| Name | Type |
|---|---|
claims |
|
config |
|
disclosureFrame |
|
id |
string |
presentation_during_issuance |
PresentationDuringIssuance |
schema |
SchemaResponse |
vct |
VCT |
CredentialIssuerMetadataDto¶
| Name | Type |
|---|---|
authorization_server |
string |
authorization_servers |
Array<string> |
batch_credential_issuance |
Properties: batch_size |
credential_configurations_supported |
|
credential_endpoint |
string |
credential_issuer |
string |
display |
Array<> |
notification_endpoint |
string |
EC_Public¶
| Name | Type |
|---|---|
crv |
string |
kty |
string |
x |
string |
y |
string |
JwksResponseDto¶
| Name | Type |
|---|---|
keys |
Array<EC_Public> |
Oauth2AuthorizationServerResponse¶
| Name | Type |
|---|---|
authorization_challenge_endpoint |
string |
authorization_endpoint |
string |
code_challenge_methods_supported |
Array<string> |
dpop_signing_alg_values_supported |
Array<string> |
issuer |
string |
jwks_uri |
string |
pushed_authorization_request_endpoint |
string |
require_pushed_authorization_requests |
boolean |
token_endpoint |
string |
OfferRequest¶
| Name | Type |
|---|---|
credentialConfigurationIds |
Array<string> |
response_type |
string |
OfferResponse¶
| Name | Type |
|---|---|
session |
string |
uri |
string |
ParResponseDto¶
| Name | Type |
|---|---|
expires_in |
number |
request_uri |
string |
PresentationDuringIssuance¶
| Name | Type |
|---|---|
type |
string |
webhook |
WebhookConfig |
PresentationRequest¶
| Name | Type |
|---|---|
requestId |
string |
response_type |
string |
webhook |
WebhookConfig |
RegistrationCertificateRequest¶
| Name | Type |
|---|---|
body |
|
id |
string |
SchemaResponse¶
| Name | Type |
|---|---|
$schema |
|
properties |
|
required |
Array<string> |
type |
Session¶
| Name | Type |
|---|---|
auth_queries |
AuthorizeQueries |
authorization_code |
string |
createdAt |
string(date-time) |
credentialPayload |
OfferRequest |
credentials |
Array<> |
id |
string |
offer |
|
request_uri |
string |
vp_nonce |
string |
webhook |
WebhookConfig |
StatusUpdateDto¶
| Name | Type |
|---|---|
credentialConfigurationId |
string |
sessionId |
string |
status |
number |
VCT¶
| Name | Type |
|---|---|
description |
string |
extends |
string |
extends#integrity |
string |
name |
string |
schema_uri |
string |
schema_uri#integrity |
string |
vct |
string |
VPRequest¶
| Name | Type |
|---|---|
dcql_query |
|
id |
string |
registrationCert |
RegistrationCertificateRequest |
webhook |
WebHookAuthConfig¶
| Name | Type |
|---|---|
config |
ApiKeyConfig |
type |
string |
WebhookConfig¶
| Name | Type |
|---|---|
auhth |
WebHookAuthConfig |
url |
string |
Security schemes¶
| Name | Type | Scheme | Description |
|---|---|---|---|
| apiKey | apiKey |
More documentation¶
Documentation
For more information: https://cre8.github.io/eudiplo/