How to retrieve policies
Relying parties can retrieve Ecosystem policies to check whether:
- An issuer is allowed to issue a certain credential type in the ecosystem.
- A verifier is allowed to verify a certain credential type in the ecosystem.
Once the policy is retrieved, relying parties can apply their own business logic based when applying the policy rules and permissions.
Retrieve an Issuer Policy
Request
Make a request of the following structure to retrieve an Ecosystem’s Issuer Policy:
GET /v1/ecosystems/{ecosystemId}/issuers
ecosystemId
: Unique identifier for the ecosystem you want to retrieve the Issuer Policy from. Use the ecosystem uniqueid
obtained when you created the ecosystem.
Response
{
"policyModifiedAt": "2023-10-17T00:00:00Z",
"credentials": [
{
"id": "599bf148-d711-405a-a20b-9c8a87ac8850",
"ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
"profile": "compact",
"type": "DriverLicense",
"name": "Driver's License"
}
],
"participants": [
{
"id": "a24e391a-c27f-4b6e-9805-1ee7e03f3c58",
"ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
"name": "My Participant",
"identifiers": {
"web-semantic": "did:web:example.com",
"compact-semantic": "did:web:example.com",
"compact": "did:web:example.com",
"mobile": ["12:34:56:78", "90:12:34:56"]
},
"isIssuer": true,
"isVerifier": false,
"isIssuerConstrained": true,
"isVerifierConstrained": true,
"issuerAllowedCredentials": [
"e0a07846-44e1-41a4-b704-1ccf6eb1a5af",
"25fa6ffc-bf6e-417c-865c-96fcf1d7d1a3"
],
"verifierAllowedCredentials": []
}
]
}
policyModifiedAt
: Indicates when the policy was last modified.credentials
: This array includes all the credential types that are valid in this ecosystem.participants
: This array includes all the participants that exist in this ecosystem.isIssuer
: This endpoint will only return participants that have this field set totrue
.issuerAllowedCredentials
: This array includes the identifiers of all the credential types that this participant is allowed to issue as valid credentials in this ecosystem.
When isIssuerConstrained
is set to false
, all credentials issued by this participant are
considered valid in the ecosystem, even if they are not included in the
issuerAllowedCredentials
array.
Retrieve a Verifier Policy
Request
Make a request of the following structure to retrieve an Ecosystem’s Verifier Policy:
GET /v1/ecosystems/{ecosystemId}/verifiers
ecosystemId
: Unique identifier for the ecosystem you want to retrieve the Verifier Policy from. Use the ecosystem uniqueid
obtained when you created the ecosystem.
Response
{
"policyModifiedAt": "2023-10-17T00:00:00Z",
"credentials": [
{
"id": "599bf148-d711-405a-a20b-9c8a87ac8850",
"ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
"profile": "compact",
"type": "DriverLicense",
"name": "Driver's License"
}
],
"participants": [
{
"id": "a24e391a-c27f-4b6e-9805-1ee7e03f3c58",
"ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
"name": "My Participant",
"identifiers": {
"web-semantic": "did:web:example.com",
"compact-semantic": "did:web:example.com",
"compact": "did:web:example.com",
"mobile": ["12:34:56:78", "90:12:34:56"]
},
"isIssuer": false,
"isVerifier": true,
"isIssuerConstrained": true,
"isVerifierConstrained": true,
"verifierAllowedCredentials": [
"4e25a240-76bb-4e9f-9f93-b93be287922b",
"daca4a43-3ff9-4ecb-93fe-d9104e36bf74"
],
"issuerAllowedCredentials": []
}
]
}
policyModifiedAt
: Indicates when the policy was last modified.credentials
: This array includes all the credential types that are valid in this ecosystem.participants
: This array includes all the participants that exist in this ecosystem.isVerifier
: This endpoint will only return participants that have this field set totrue
.verifierAllowedCredentials
: This array includes the identifiers of all the credential types for which this participant can create verification requests that are valid in this ecosystem.
When isVerifierConstrained
is set to false
, verification requests of all credential types
from this verifier are considered valid in the ecosystem, even if they are not included in the
issuerAllowedCredentials
array.
Retrieve a VICAL
When Ecosystem operators publish their ecosystem policy as a VICAL, relying parties can retrieve these VICALs via public endpoints.