Learn

mDocs

Create a trusted issuer

Add a new mDocs trusted issuer, to be used in online presentation workflows.

Analytic events

  • MOBILE_CREDENTIAL_TRUSTED_ISSUER_CREATE_START
  • MOBILE_CREDENTIAL_TRUSTED_ISSUER_CREATE_SUCCESS
  • MOBILE_CREDENTIAL_TRUSTED_ISSUER_CREATE_FAIL
SecuritybearerAuth
Request
Request Body schema: application/json
required

The trusted issuer payload

certificatePem
required
string

Certificate PEM containing trusted issuer data.

Responses
201

Trusted issuer created

400

Bad Request

post/v2/credentials/mobile/trusted-issuers
Request samples
application/json
{
  • "certificatePem": "-----BEGIN CERTIFICATE-----\\r\\nMIICUDCCAfWgAwIBAgIKVVqBlVonWFs3lTAKBggqhkjOPQQDAjAkMQswCQYDVQQG\\r\\nEwJOWjEVMBMGA1UEAwwMRXhhbXBsZSBJQUNBMB4XDTI0MDExMTAzMjYwMFoXDTM0\\r\\nMDEwODAzMjYwMFowJDELMAkGA1UEBhMCTloxFTATBgNVBAMMDEV4YW1wbGUgSUFD\\r\\nQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOHxm9MYkCvIvZc/MyoWGul8+tla\\r\\nFSSRVkDllFERbO/Tg7DOj4CJfYrhDJEuV04eRgcowBDhr9W/bvnTMZMa/RijggEN\\r\\nMIIBCTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E\\r\\nFgQUpS3hOCbmCUwu8n91X9CLS682cOkwOwYDVR0SBDQwMoYwaHR0cHM6Ly9odWRz\\r\\nb24tdGVuYW50LTAwMS52aWkuYXUzMDEubWF0dHJsYWJzLmlvMIGGBgNVHR8EfzB9\\r\\nMHugeaB3hnVodHRwczovL2h1ZHNvbi10ZW5hbnQtMDAxLnZpaS5hdTMwMS5tYXR0\\r\\ncmxhYnMuaW8vdjIvY3JlZGVudGlhbHMvbW9iaWxlL2lhY2FzL2VkNzQzMTllLTcy\\r\\nYTYtNDQwMS1iM2E1LTk0ZTk4MGZiZWJlYS9jcmwwCgYIKoZIzj0EAwIDSQAwRgIh\\r\\nAJxWGZvntq+hymL7zWwrlZo1Jz1+lWglu/MESdmUhTNFAiEAg+x5e3TzBxgHneIM\\r\\nVpTmZNOyZI3Hn17WRKkyKSg+5/8=\\r\\n-----END CERTIFICATE-----\\r\\n"
}
Response samples
application/json
{
  • "id": "ed74319e-72a6-4401-b3a5-94e980fbebea",
  • "certificatePem": "-----BEGIN CERTIFICATE-----\\r\\nMIICUDCCAfWgAwIBAgIKVVqBlVonWFs3lTAKBggqhkjOPQQDAjAkMQswCQYDVQQG\\r\\nEwJOWjEVMBMGA1UEAwwMRXhhbXBsZSBJQUNBMB4XDTI0MDExMTAzMjYwMFoXDTM0\\r\\nMDEwODAzMjYwMFowJDELMAkGA1UEBhMCTloxFTATBgNVBAMMDEV4YW1wbGUgSUFD\\r\\nQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOHxm9MYkCvIvZc/MyoWGul8+tla\\r\\nFSSRVkDllFERbO/Tg7DOj4CJfYrhDJEuV04eRgcowBDhr9W/bvnTMZMa/RijggEN\\r\\nMIIBCTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E\\r\\nFgQUpS3hOCbmCUwu8n91X9CLS682cOkwOwYDVR0SBDQwMoYwaHR0cHM6Ly9odWRz\\r\\nb24tdGVuYW50LTAwMS52aWkuYXUzMDEubWF0dHJsYWJzLmlvMIGGBgNVHR8EfzB9\\r\\nMHugeaB3hnVodHRwczovL2h1ZHNvbi10ZW5hbnQtMDAxLnZpaS5hdTMwMS5tYXR0\\r\\ncmxhYnMuaW8vdjIvY3JlZGVudGlhbHMvbW9iaWxlL2lhY2FzL2VkNzQzMTllLTcy\\r\\nYTYtNDQwMS1iM2E1LTk0ZTk4MGZiZWJlYS9jcmwwCgYIKoZIzj0EAwIDSQAwRgIh\\r\\nAJxWGZvntq+hymL7zWwrlZo1Jz1+lWglu/MESdmUhTNFAiEAg+x5e3TzBxgHneIM\\r\\nVpTmZNOyZI3Hn17WRKkyKSg+5/8=\\r\\n-----END CERTIFICATE-----\\r\\n",
  • "certificateData": {
    }
}

Retrieve all trusted issuers

Retrieves all mDocs trusted issuers from your tenant.

Analytic events

  • MOBILE_CREDENTIAL_TRUSTED_ISSUER_RETRIEVE_LIST_START
  • MOBILE_CREDENTIAL_TRUSTED_ISSUER_RETRIEVE_LIST_SUCCESS
  • MOBILE_CREDENTIAL_TRUSTED_ISSUER_RETRIEVE_LIST_FAIL
SecuritybearerAuth
Request
query Parameters
limit
number [ 1 .. 1000 ]
Default: 100

Range size of the list, default 100

Example: limit=2
cursor
string

Starting point for the list

Example: cursor=Y3JlYXRlZEF0PTIwMjAtMDgtMjVUMDY6NDY6MDkuNTEwWiZpZD1h
Responses
200

Trusted issuers retrieved

400

Bad Request

get/v2/credentials/mobile/trusted-issuers
Request samples 
Response samples 
application/json
{
  • "code": "BadRequest",
  • "message": "Validation Error",
  • "details": [
    ]
}
Retrieve a trusted issuer
Retrieves an existing trusted issuer from your tenant by providing its ID.


Analytic events


    

  • MOBILE_CREDENTIAL_TRUSTED_ISSUER_RETRIEVE_START
    • 

  • MOBILE_CREDENTIAL_TRUSTED_ISSUER_RETRIEVE_SUCCESS
    • 

  • MOBILE_CREDENTIAL_TRUSTED_ISSUER_RETRIEVE_FAIL
    • 



SecuritybearerAuth 
Request 
path Parameters
id
required
string <uuid> 
Trusted issuer ID


 
 Example:  3948c40e-6e19-4ffc-933c-91f643f24264
Responses 
200
Trusted issuer retrieved


400
Bad Request


404
Trusted issuer Not Found


get/v2/credentials/mobile/trusted-issuers/{id}
Request samples 
Response samples 
application/json
{
  • "id": "ed74319e-72a6-4401-b3a5-94e980fbebea",
  • "certificatePem": "-----BEGIN CERTIFICATE-----\\r\\nMIICUDCCAfWgAwIBAgIKVVqBlVonWFs3lTAKBggqhkjOPQQDAjAkMQswCQYDVQQG\\r\\nEwJOWjEVMBMGA1UEAwwMRXhhbXBsZSBJQUNBMB4XDTI0MDExMTAzMjYwMFoXDTM0\\r\\nMDEwODAzMjYwMFowJDELMAkGA1UEBhMCTloxFTATBgNVBAMMDEV4YW1wbGUgSUFD\\r\\nQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOHxm9MYkCvIvZc/MyoWGul8+tla\\r\\nFSSRVkDllFERbO/Tg7DOj4CJfYrhDJEuV04eRgcowBDhr9W/bvnTMZMa/RijggEN\\r\\nMIIBCTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E\\r\\nFgQUpS3hOCbmCUwu8n91X9CLS682cOkwOwYDVR0SBDQwMoYwaHR0cHM6Ly9odWRz\\r\\nb24tdGVuYW50LTAwMS52aWkuYXUzMDEubWF0dHJsYWJzLmlvMIGGBgNVHR8EfzB9\\r\\nMHugeaB3hnVodHRwczovL2h1ZHNvbi10ZW5hbnQtMDAxLnZpaS5hdTMwMS5tYXR0\\r\\ncmxhYnMuaW8vdjIvY3JlZGVudGlhbHMvbW9iaWxlL2lhY2FzL2VkNzQzMTllLTcy\\r\\nYTYtNDQwMS1iM2E1LTk0ZTk4MGZiZWJlYS9jcmwwCgYIKoZIzj0EAwIDSQAwRgIh\\r\\nAJxWGZvntq+hymL7zWwrlZo1Jz1+lWglu/MESdmUhTNFAiEAg+x5e3TzBxgHneIM\\r\\nVpTmZNOyZI3Hn17WRKkyKSg+5/8=\\r\\n-----END CERTIFICATE-----\\r\\n",
  • "certificateData": {
    }
}
Delete a trusted issuer
Deletes an existing trusted issuer by providing its ID.


Analytic events


    

  • MOBILE_CREDENTIAL_TRUSTED_ISSUER_DELETE_START
    • 

  • MOBILE_CREDENTIAL_TRUSTED_ISSUER_DELETE_SUCCESS
    • 

  • MOBILE_CREDENTIAL_TRUSTED_ISSUER_DELETE_FAIL
    • 



SecuritybearerAuth 
Request 
path Parameters
id
required
string <uuid> 
Trusted issuer ID


 
 Example:  3948c40e-6e19-4ffc-933c-91f643f24264
Responses 
204
Trusted issuer deleted


400
Bad Request


404
Trusted issuer not Found


delete/v2/credentials/mobile/trusted-issuers/{id}
Request samples 
Response samples 
application/json
{
  • "code": "BadRequest",
  • "message": "Validation Error",
  • "details": [
    ]
}
Retrieve presentation session result
Retrieves the result of an online presentation session by providing the session's ID.


Analytic events


    

  • CREDENTIAL_PRESENTATION_SESSION_RESULT_RETRIEVE_START
    • 

  • CREDENTIAL_PRESENTATION_SESSION_RESULT_RETRIEVE_SUCCESS
    • 

  • CREDENTIAL_PRESENTATION_SESSION_RESULT_RETRIEVE_FAIL
    • 



SecuritybearerAuth 
Request 
path Parameters
sessionId
required
string <uuid> 
Session ID


 
Responses 
200
Session result retrieved


404
Session not found


get/v2/presentations/sessions/{sessionId}/result
Request samples 
Response samples 
application/json
{
  • "sessionId": "string",
  • "challenge": "string",
  • "credentialQuery": [
    ],
  • "error": {
    }
}
Exchange session result
Exchange presentation session result.


Analytic events


    

  • CREDENTIAL_PRESENTATION_SESSION_RESULT_EXCHANGE_START
    • 

  • CREDENTIAL_PRESENTATION_SESSION_RESULT_EXCHANGE_SUCCESS
    • 

  • CREDENTIAL_PRESENTATION_SESSION_RESULT_EXCHANGE_FAIL
    • 



SecuritybearerAuth 
Request 
path Parameters
sessionId
required
string <uuid> 
Session ID


 
Responses 
200
Session result exchanged


400
Bad request


401
Unauthorized


404
Session not found


post/v2/presentations/sessions/{sessionId}/result
Request samples 
Response samples 
application/json
{
  • "sessionId": "string"
}
Update verifier configuration
Creates or updates verifier configuration for online presentation of mDocs.


Analytic events


    

  • CREDENTIAL_PRESENTATION_VERIFIER_CONFIGURATION_UPSERT_START
    • 

  • CREDENTIAL_PRESENTATION_VERIFIER_CONFIGURATION_UPSERT_SUCCESS
    • 

  • CREDENTIAL_PRESENTATION_VERIFIER_CONFIGURATION_UPSERT_FAIL
    • 



SecuritybearerAuth 
Request 
Request Body schema: application/json
required
The Verifier Configuration payload


Array of objects
This optional array can be used to define the digital wallets the tenant can create online presentation workflows with, and what URL schemes should be used to invoke these wallets. 


Incoming presentation verification requests can include a unique identifier of the wallet they want to invoke as part of the verification workflow


    

  • If an identifier is provided and matches the id of one of the objects in the walletProviders array, the verifier tenant will invoke that specific wallet using its configured authorizationEndpoint.
    • 

  • If an identifier is provided and does not match the id of any of the objects in the walletProviders array, the request will fail.
    • 

  • If an identifier is not provided, the verifier tenant will use mdoc-openid4vp:// (default OID4VP scheme) to invoke any wallet.
    • 



 
domains
Array of strings  non-empty 
List of fully qualified domain names of verifier web applications who can request to create an online presentation session. This ensures the verifier tenant only accepts requests from known and trusted web applications. Note that localhost is not supported. Use local tunneling services for testing.


 
supportedMode
string
 Default:  "all"
Indicates whether a verifier supports only a same device flow, a cross device flow, or both. This enables the relying party to adjust verification workflows based on their own business logic and security requirements.


 Enum: "all" "sameDevice" "crossDevice"  
redirectUris
required
Array of strings  non-empty 
This is the location the user is redirected to when completing a same-device presentation flow. This can be any URI, including custom URI schemes.


 
certificateCommonName
string
 Default:  "{tenantDomain} Verifier"
Used to define the Common name of the verifier root certificate that will be created as part of this request. Wallets that are implementing certificate-based trust should be paying extra attention to this value as it would be used by the user to establish trust with the verifier.


 
certificateCountry
string
 Default:  "NZ"
Used to define the ISO 31661 alpha-2 country code of the verifier root certificate that will be created as part of this request.


 
object
Controls the appearance of the iframe modal displayed in cross-device presentation workflows. This object is required when supportedMode is set to all or sameDevice.


 
resultAvailableInFrontChannel
boolean
 Default:  true
Indicating whether or not the verification result should be returned directly to the web application (true) or only via a configured back-end (false).


 
Responses 
200
Verifier configuration updated


400
Bad Request


404
Verifier configuration not found


put/v2/presentations/configuration
Request samples 
application/json
{
  • "walletProviders": [
    ],
  • "domains": [
    ],
  • "supportedMode": "all",
  • "redirectUris": [],
  • "certificateCommonName": "{tenantDomain} Verifier",
  • "certificateCountry": "NZ",
  • "display": {},
  • "resultAvailableInFrontChannel": true
}
Response samples 
application/json
{}
Retrieve verifier configuration
Retrieves current verifier configuration for online presentation of mDocs.


Analytic events


    

  • CREDENTIAL_PRESENTATION_VERIFIER_CONFIGURATION_RETRIEVE_START
    • 

  • CREDENTIAL_PRESENTATION_VERIFIER_CONFIGURATION_RETRIEVE_SUCCESS
    • 

  • CREDENTIAL_PRESENTATION_VERIFIER_CONFIGURATION_RETRIEVE_FAIL
    • 



SecuritybearerAuth 
Responses 
200
Verifier configuration retrieved


404
Verifier configuration not found


get/v2/presentations/configuration
Request samples 
Response samples 
application/json
{}
Delete verifier configuration
Removes verifier configuration for online presentation of mDocs.


Analytic events


    

  • PRESENTATION_VERIFIER_CONFIGURATION_DELETE_START
    • 

  • PRESENTATION_VERIFIER_CONFIGURATION_DELETE_SUCCESS
    • 

  • PRESENTATION_VERIFIER_CONFIGURATION_DELETE_FAIL
    • 



SecuritybearerAuth 
Responses 
204
Verifier configuration deleted


404
Verifier configuration not found


delete/v2/presentations/configuration
Request samples 
Response samples 
application/json
{
  • "code": "string",
  • "message": "string",
  • "details": [
    ]
}
➔ Next to CWT credentials PDF templates