Create a Pre-Authorized Code credential offer

POST/v1/openid/offers/pre-authorized

Generate a new OpenID4VCI Pre-Authorized Code credential offer.

This offer can only be used once. Once the offer is successfully claimed and the credential is issued, the pre-authorized code is consumed and the offer becomes invalid. The offer cannot be claimed again, even if the same user attempts to claim it. This is a security measure to prevent unauthorized credential duplication. If you need to issue another credential to the same user, you must generate a new credential offer.

Analytic events

OPENID_PRE_AUTHORIZED_OFFER_CREATE_START
OPENID_PRE_AUTHORIZED_OFFER_CREATE_SUCCESS
OPENID_PRE_AUTHORIZED_OFFER_CREATE_FAIL

Authorization

bearerAuthOpenIdCredentials

AuthorizationBearer <token>

In: header

Request Body

application/json

credentials*array<>

This array includes a list of identifiers for mDocs credential configurations that will be included in the credential offer. These identifiers are the id elements returned in the response when you create a credential configuration. Providing the identifier of a non-mDocs credential configuration will result in an error.

userId?string

Unique system generated identifier to reference the user for this offer. This can be obtained by searching for a user. If not provided, a new user entity will be created.

transactionCodeConfiguration?

Configure whether a second-factor transaction code is required for this offer. If a configuration is provided, a code will be generated for the offer, and the end user must submit it during credential retrieval. If an incorrect transaction code is entered three times by the holder, the credential offer is permanently invalidated and the wallet can no longer claim the credential.

claims?object

Additional user claims that are available during credential issuance for this offer.

claimsToPersist?array<>

This array includes a list of claims that will be persisted against the user object in the MATTR VII database. These claims are then available for any future credential offers or issuance operations for this user. By default no claims are persisted, and it is recommended to consider carefully which claims to persist, if any, as this has implications for data privacy and security.

expiresIn?

Specifies when the offer will expire. Once the offer expires, the user can no longer use it to claim a credential, and a new offer must be generated. The expiration period can include any combination of minutes and seconds. By default, the offer expires in 5 minutes, and the maximum allowed duration is 10 minutes.

Response Body

`application/json`

curl -X POST "https://example.vii.au01.mattr.global/v1/openid/offers/pre-authorized" \  -H "Content-Type: application/json" \  -d '{    "credentials": [      "707e920a-f342-443b-ae24-6946b7b5033e"    ]  }'

{
  "id": "string",
  "userId": "string",
  "uri": "openid-credential-offer://?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Fexample.com%22%2C%22credentials%22%3A%5B%222edaf985-fcc2-4448-9c8e-a04c6c7351c2%22%5D%2C%22credential_configuration_ids%22%3A%5B%222edaf985-fcc2-4448-9c8e-a04c6c7351c2%22%5D%2C%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22stukD6lg9c9tQ3jUCa32wVi1HI%2BQIVsFK%2FQPvC2CHRs%3D%22%2C%22tx_code%22%3A%7B%22length%22%3A6%2C%22input_mode%22%3A%22numeric%22%2C%22description%22%3A%22Please%20provide%20the%20one-time%20code%20that%20was%20sent%20via%20e-mail%22%7D%7D%7D%7D",
  "expiresAt": "2025-05-01T00:01:00.000Z",
  "transactionCode": 493536
}

Create a Pre-Authorized Code credential offer

Roles

Analytics Events

Analytic events

Authorization

Request Body

Response Body

`application/json`

Create a Pre-Authorized Code credential offer

Roles

Analytics Events

Analytic events

Authorization

Request Body

Response Body

200application/json

`application/json`