Deliver credential offers to holders
The credential offer is what starts the issuance flow for the holder. This page covers how offers reach your users and which wallet applications can claim them.
Deliver credential offers to holders
The credential offer is what starts the issuance flow for the holder. You need to decide how offers reach your users and which wallet applications can claim them.
Offer delivery methods
| Method | Best for | Description |
|---|---|---|
| QR code | In-person kiosks, printed materials | User scans with their wallet app |
| Deep link | Email, SMS, in-app notifications | Clickable URL that opens the wallet |
| Silent push | Existing app sessions | Credential delivered without user initiation |
Wallet targeting
You can control which wallet apps can claim your offers:
- Open model: any OID4VCI-compatible wallet can claim using the standard
openid-credential-offer://scheme. - Private-use scheme: a custom URI scheme targets specific wallet applications.
- Claimed HTTPS links: App Links (Android) or Universal Links (iOS) provide the strongest app-binding with domain verification.
- Wallet attestation: requires wallets to cryptographically prove their authenticity before claiming credentials. This provides the strongest level of wallet trust by validating the wallet instance through a certificate-based trust chain, ensuring only authorized wallet applications can receive your credentials.
See claiming credential offers for detailed configuration guidance.
Next steps
Extend the basic workflow with optional components such as an authentication provider, claims source, or interaction hook.
How would you rate this page?
Last updated on