Credential Management

Credential management allows you to issue, retrieve, and manage verifiable credentials using templates defined in the system. These methods support formats such as AnonCreds and JSON-LD, enabling secure credential issuance and tracking across multiple ecosystems (OpenID, Privado ID, Indicio, Cheqd). This section covers methods to retrieve credentials and offer them to connections.

Get All Credentials
Get Credential by ID
Offer Credential (AnonCreds)
Offer Credential (JSON-LD)

Get All Credentials

Retrieves a list of all credentials associated with a tenant.

import { OpenIDEcosystem } from '@openid/core-sdk';
const openid = new OpenIDEcosystem({
  apiKey: 'your-ecosystem-api-key',
});
const credentials = await openid.getAllCredentials({
  tenantId: 'a1b2c3d4-5678-4def-90ab-c12d34e5f6g7',
});

Params

Parameter	Type	Description
tenantId	string (Required)	The ID of the tenant to query.

note

Use this to audit or manage all issued credentials for a tenant.
Response size may vary; consider implementing pagination if supported in future updates.

Get Credential by ID

Retrieves a specific credential by its ID.

import { OpenIDEcosystem } from '@openid/core-sdk';
const openid = new OpenIDEcosystem({
  apiKey: 'your-ecosystem-api-key',
});
const credential = await openid.getCredentialById({
  tenantId: 'a1b2c3d4-5678-4def-90ab-c12d34e5f6g7',
  credentialId: 'g8h9i0j1-k2l3-4pqr-stuv-wxyzabcdefhi',
});

Params

Parameter	Type	Description
tenantId	string (Required)	The ID of the tenant owning the credential.
credentialId	string (Required)	The ID of the credential to retrieve.

note

Ensure the credentialId exists, or the method will return an error.
Useful for verifying or updating individual credentials.

Offer Credential (AnonCreds)

Offers a new AnonCreds credential to a connection.

import { OpenIDEcosystem } from '@openid/core-sdk';
const openid = new OpenIDEcosystem({
  apiKey: 'your-ecosystem-api-key',
});
const credential = await openid.offerCredentialAnoncreds({
  tenantId: 'your-tenant-id',
  credentialTemplateId: 'your-credential-template-id',
  connectionId: 'conn-789',
  credentialValues: {
    firstName: 'John',
    lastName: 'Doe',
  },
});

Params

Parameter	Type	Description
tenantId	string (Required)	The ID of the tenant initiating the offer.
credentialTemplateId	string (Required)	The ID of the credential template to use.
connectionId	string (Required)	The ID of the connection to send the offer to.
credentialValues	CredentialValue (Required)	The values for the credential attributes.
comment	string (Optional)	A comment or message for the offer.

note

The credentialValues must match the attributes defined in the template.
Ensure the connectionId is valid and active.

Offer Credential (mDoc)

Offers a credential in mDoc format to a holder using the specified credential template.

import { OpenIDEcosystem } from '@openid/core-sdk';

const openid = new OpenIDEcosystem({
  apiKey: 'your-ecosystem-api-key',
});

const credential = await openid.offerCredentialMdoc({
  tenantId: 'a1b2c3d4-5678-4def-90ab-c12d34e5f6g7',
  credentialTemplateId: 'a1b2c3d4-5678-4def-90ab-c12d34e5f6g7',
  credentialValues: {
    firstName: 'John',
    lastName: 'Doe',
  },
});

Params

Parameter	Type	Description
tenantId	string (Required)	The ID of the tenant issuing the credential.
credentialTemplateId	string (Required)	The ID of the credential template to use.
credentialValues	CredentialValue (Required)	An object containing the credential’s attribute values.
codeflow	string (Optional)	The code flow type for issuance (e.g., pre-authorized).
preAuthorizedCodeflowConfig	{ useTransactionCode?: boolean; transactionCode?: { description?: string; length?: number; } } (Optional)	Configuration for pre-authorized code flow.

note

The docType from the template determines the mDoc format (e.g., mDL).
Use preAuthorizedCodeflowConfig for secure, transaction-based issuance.

Offer Credential (JSON-LD)

Offers a new JSON-LD credential to a connection or holder.

import { OpenIDEcosystem } from '@openid/core-sdk';
const openid = new OpenIDEcosystem({
  apiKey: 'your-ecosystem-api-key',
});
const credential = await openid.offerCredentialJsonld({
  tenantId: 'your-tenant-id',
  credentialTemplateId: 'your-credential-template-id',
  connectionId: 'conn-789',
  credentialValues: {
      firstName: 'John',
      lastName: 'Doe',
  },
  holderDid: 'did:example:holder123',
});

Params

Parameter	Type	Description
tenantId	string (Required)	The ID of the tenant initiating the offer.
credentialTemplateId	string (Required)	The ID of the credential template to use.
connectionId	string (Optional)	The ID of the connection to send the offer to.
credentialValues	CredentialValue (Required)	The values for the credential attributes.
holderDid	string (Optional)	The DID of the holder.
comment	string (Optional)	A comment or message for the offer.
codeflow	string (Optional)	The code flow type (e.g., `pre-authorized`).
preAuthorizedCodeflowConfig	{ useTransactionCode?: boolean; transactionCode?: { description?: string; length?: number; } } (Optional)	Configuration for pre-authorized code flow.

note

Either connectionId or holderDid must be provided to identify the recipient.
Use preAuthorizedCodeflowConfig for secure credential issuance with transaction codes.

Offer Credential (SD-JWT)

Offers a credential in SD-JWT format to a holder using the specified credential template.

import { OpenIDEcosystem } from '@openid/core-sdk';

const openid = new OpenIDEcosystem({
  apiKey: 'your-ecosystem-api-key',
});

const credential = await openid.offerCredentialSdJwt({
  tenantId: 'a1b2c3d4-5678-4def-90ab-c12d34e5f6g7',
  credentialTemplateId: 'a1b2c3d4-5678-4def-90ab-c12d34e5f6g7',
  credentialValues: {
    firstName: 'John',
    lastName: 'Doe',
  },
});

Params

Parameter	Type	Description
tenantId	string (Required)	The ID of the tenant issuing the credential.
credentialTemplateId	string (Required)	The ID of the credential template to use.
credentialValues	CredentialValue (Required)	An object containing the credential’s attribute values.
codeflow	string (Optional)	The code flow type for issuance (e.g., pre-authorized).
preAuthorizedCodeflowConfig	{ useTransactionCode?: boolean; transactionCode?: { description?: string; length?: number; } } (Optional)	Configuration for pre-authorized code flow.

note

SD-JWT supports selective disclosure; ensure credentialValues align with the template.
Use codeflow and preAuthorizedCodeflowConfig for secure issuance options.

Credential Management

Get All Credentials​

Params​

Get Credential by ID​

Params​

Offer Credential (AnonCreds)​

Params​

Offer Credential (mDoc)​

Params​

Offer Credential (JSON-LD)​

Params​

Offer Credential (SD-JWT)​

Params​

Contents

Get All Credentials

Params

Get Credential by ID

Params

Offer Credential (AnonCreds)

Params

Offer Credential (mDoc)

Params

Offer Credential (JSON-LD)

Params

Offer Credential (SD-JWT)

Params