Pre-authorized Code flow
API Reference
Create Credential Offer
POST
/v1/openid/offers/pre-authorizedAuthorization
bearerAuthOpenIdCredentials AuthorizationBearer <token>
In: header
Request Body
application/json
Response Body
application/json
curl -X POST "https://example.vii.au01.mattr.global/v1/openid/offers/pre-authorized" \ -H "Content-Type: application/json" \ -d '{ "credentials": [ "707e920a-f342-443b-ae24-6946b7b5033e" ] }'{
"id": "string",
"userId": "string",
"uri": "openid-credential-offer://?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Fexample.com%22%2C%22credentials%22%3A%5B%222edaf985-fcc2-4448-9c8e-a04c6c7351c2%22%5D%2C%22credential_configuration_ids%22%3A%5B%222edaf985-fcc2-4448-9c8e-a04c6c7351c2%22%5D%2C%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22stukD6lg9c9tQ3jUCa32wVi1HI%2BQIVsFK%2FQPvC2CHRs%3D%22%2C%22tx_code%22%3A%7B%22length%22%3A6%2C%22input_mode%22%3A%22numeric%22%2C%22description%22%3A%22Please%20provide%20the%20one-time%20code%20that%20was%20sent%20via%20e-mail%22%7D%7D%7D%7D",
"expiresAt": "2025-05-01T00:01:00.000Z",
"transactionCode": 493536
}Delete Credential Offer
DELETE
/v1/openid/offers/pre-authorized/{id}Authorization
bearerAuthOpenIdCredentials AuthorizationBearer <token>
In: header
Path Parameters
id*string
Pre-authorized credential offer ID
Format
uuidResponse Body
application/json
application/json
curl -X DELETE "https://example.vii.au01.mattr.global/v1/openid/offers/pre-authorized/8241400f-de3b-42c5-ad7c-8a380039e796"Empty
{
"code": "string",
"message": "string",
"details": [
{
"value": "string",
"msg": "Invalid value",
"param": "id",
"location": "body"
}
]
}{
"code": "string",
"message": "string",
"details": [
{
"value": "string",
"msg": "Invalid value",
"param": "id",
"location": "body"
}
]
}Issue a verifiable credential
POST
/v1/openid/credentialAuthorizationBearer <token>
In: header
Header Parameters
DPoP?string
DPoP proof JWT. A signed JWT that demonstrates proof-of-possession of a private key.
DPoP is offered as a closed beta preview feature and is not generally available yet. If you are interested in trying this feature, please contact us
When to use:
- Token endpoint: Required when
dpop_jktwas provided in the authorization request - Credential endpoint: Required when using DPoP-bound access tokens (Authorization header must use format:
Authorization: DPoP <access_token>)
The DPoP proof must be a signed JWT with the following structure:
Header:
alg: Must beES256typ: Must bedpop+jwtjwk: Public key (JWK format)
Payload:
htu: HTTP URI of the target endpointhtm: HTTP method (e.g.,POST)jti: Unique identifier for this DPoP proofiat: Unix timestamp when the DPoP proof was createdath: Optional base64url-encoded SHA-256 hash of theaccess_token. Required when authenticating with the resource server.htcd: Optional base64-encoded SHA-256 hash (content digest) of the HTTP request payload used to validate integrity.
Each DPoP proof must be unique and cannot be reused across requests.
Response Body
curl -X POST "https://example.vii.au01.mattr.global/v1/openid/credential" \ -H "Content-Type: application/json" \ -d '{ "credential_configuration_id": "2cdb2c15-39a7-4556-abab-4515ce2d831b", "proofs": { "jwt": [ "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9..." ] } }'{
"credentials": [
{
"credential": {
"@context": [
"https://www.w3.org/2018/credentials/v1"
],
"id": "http://example.edu/credentials/3732",
"type": [
"VerifiableCredential",
"AlumniCredential"
],
"issuer": "https://example.edu/issuers/14",
"issuanceDate": "2020-03-10T04:24:12.164Z",
"credentialSubject": {
"id": "did:example:123",
"alumniOf": "Example University"
},
"proof": {
"type": "RsaSignature2018",
"created": "2020-03-10T04:24:12Z",
"proofPurpose": "assertionMethod",
"verificationMethod": "https://example.edu/issuers/keys/1",
"jws": "EXAMPLE_JWS_TOKEN_eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9aH0..."
}
}
}
]
}Retrieve issuer metadata
curl --request GET \ --url https://{tenantName}.{region}.mattr.global/.well-known/openid-credential-issuer \ --header 'Accept: application/json'{
"issuer": "http://example.com",
"authorization_endpoint": "http://example.com",
"jwks_uri": "http://example.com",
"token_endpoint": "http://example.com",
"scopes_supported": [
"ldp_vc:ExampleCredential"
],
"response_types_supported": [
"code"
],
"response_modes_supported": [
"query"
],
"grant_types_supported": [
"authorization_code"
],
"code_challenge_methods_supported": [
"S256"
],
"credential_issuer": "http://example.com",
"credential_endpoint": "http://example.com",
"credentials_supported": [
{
"format": "string",
"id": "string",
"scope": "string",
"@context": [
"string"
],
"type": [
"string"
],
"credentialSubject": {},
"cryptographic_binding_methods_supported": [
"did:key",
"mso"
],
"cryptographic_suites_supported": [
"Ed25519Signature2018",
"ES256"
]
}
],
"credential_configurations_supported": {
"2cdb2c15-39a7-4556-abab-4515ce2d831b": {
"format": "ldp_vc",
"id": "2cdb2c15-39a7-4556-abab-4515ce2d831b",
"scope": "ldp_vc:TestCredential",
"credential_definition": {
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://schema.org"
],
"type": [
"VerifiableCredential",
"TestCredential"
]
},
"credential_signing_alg_values_supported": [
"Ed25519Signature2018",
"BbsSignatureProof2022"
],
"cryptographic_binding_methods_supported": [
"did:key"
],
"proof_types_supported": {
"jwt": {
"proof_signing_alg_values_supported": [
"EdDSA"
]
}
},
"credential_metadata": {
"display": [
{
"name": "Test Credential",
"logo": {
"uri": "https://example.com/logo.png",
"alt_text": "Example Logo"
},
"locale": "en-US",
"background_color": "#FFFFFF",
"text_color": "#000000"
}
],
"claims": [
{
"path": [
"credentialSubject",
"firstName"
],
"mandatory": true,
"display": [
{
"name": "First Name",
"locale": "en-US"
}
]
}
]
}
},
"3dfe1c4a-5b6c-4e2f-9f3a-2b1c4d5e6f7g": {
"format": "cwt_vc",
"id": "3dfe1c4a-5b6c-4e2f-9f3a-2b1c4d5e6f7g",
"scope": "cwt_vc:TestCredential",
"types": [
"VerifiableCredential",
"TestCredential"
],
"cryptographic_binding_methods_supported": [],
"credential_signing_alg_values_supported": [
-7
],
"credential_metadata": {
"claims": [
{
"path": [
"vc",
"credentialSubject",
"firstName"
],
"mandatory": true,
"display": [
{
"name": "First Name",
"locale": "en-US"
}
]
}
]
}
},
"b068c060-cc72-4758-9526-92d29edb821f": {
"format": "cwt",
"id": "b068c060-cc72-4758-9526-92d29edb821f",
"scope": "cwt:TestCredential",
"type": "TestCredential",
"cryptographic_binding_methods_supported": [],
"credential_signing_alg_values_supported": [
-7
],
"credential_metadata": {
"claims": [
{
"path": [
"firstName"
],
"mandatory": true,
"display": [
{
"name": "First Name",
"locale": "en-US"
}
]
}
]
}
},
"a1b2c3d4-e5f6-4789-abcd-ef0123456789": {
"format": "mso_mdoc",
"doctype": "org.iso.18013.5.1.mDL.T",
"scope": "mso_mdoc:TestCredential",
"id": "a1b2c3d4-e5f6-4789-abcd-ef0123456789",
"cryptographic_binding_methods_supported": [
"mso"
],
"credential_signing_alg_values_supported": [
-7
],
"proof_types_supported": {
"jwt": {
"proof_signing_alg_values_supported": [
"ES256"
]
}
},
"credential_metadata": {
"claims": [
{
"path": [
"org.iso.18013.5.1",
"firstName"
],
"mandatory": true,
"display": [
{
"name": "First Name",
"locale": "en-US"
}
]
}
],
"display": [
{
"name": "Test Mobile Credential",
"logo": {
"uri": "https://example.com/logo.png",
"alt_text": "Example Logo"
},
"locale": "en-US",
"background_color": "#FFFFFF",
"text_color": "#000000"
}
]
}
}
},
"mdoc_iacas_uri": "http://example.com",
"credential_response_encryption": {
"alg_values_supported": [
"HPKE-7"
],
"enc_values_supported": [
"A256GCM"
],
"encryption_required": false
},
"credential_request_encryption": {
"jwks": {
"keys": [
{
"kty": "EC",
"kid": "kid",
"use": "enc",
"crv": "P-256",
"alg": "HPKE-7",
"x": "YO4epjifD-KWeq1sL2tNmm36BhXnkJ0He-WqMYrp9Fk",
"y": "Hekpm0zfK7C-YccH5iBjcIXgf6YdUvNUac_0At55Okk"
}
]
},
"enc_values_supported": [
"A256GCM"
],
"encryption_required": false
}
}How would you rate this page?
Last updated on