How to retrieve policies
Relying parties can retrieve Ecosystem policies to check whether:
- An issuer is allowed to issue a certain credential type in the ecosystem.
- A verifier is allowed to verify a certain credential type in the ecosystem.
Once the policy is retrieved, relying parties can apply their own business logic based when applying the policy rules and permissions.
Retrieve an Issuer Policy
Request
Make a request of the following structure to retrieve an Ecosystem’s Issuer Policy:
HTTP
GET /v1/ecosystems/{ecosystemId}/issuersecosystemId: Unique identifier for the ecosystem you want to retrieve the Issuer Policy from. Use the ecosystem uniqueidobtained when you created the ecosystem.
Response
JSON
{
"policyModifiedAt": "2023-10-17T00:00:00Z",
"credentials": [
{
"id": "599bf148-d711-405a-a20b-9c8a87ac8850",
"ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
"profile": "compact",
"type": "DriverLicence",
"name": "Driver's Licence"
}
],
"participants": [
{
"id": "a24e391a-c27f-4b6e-9805-1ee7e03f3c58",
"ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
"name": "My Participant",
"identifiers": {
"web-semantic": "did:web:example.com",
"compact-semantic": "did:web:example.com",
"compact": "did:web:example.com",
"mobile": ["12:34:56:78", "90:12:34:56"]
},
"isIssuer": true,
"isVerifier": false,
"isIssuerConstrained": true,
"isVerifierConstrained": true,
"issuerAllowedCredentials": [
"e0a07846-44e1-41a4-b704-1ccf6eb1a5af",
"25fa6ffc-bf6e-417c-865c-96fcf1d7d1a3"
],
"verifierAllowedCredentials": []
}
]
}policyModifiedAt: Indicates when the policy was last modified.credentials: This array includes all the credential types that are valid in this ecosystem.participants: This array includes all the participants that exist in this ecosystem.isIssuer: This endpoint will only return participants that have this field set totrue.issuerAllowedCredentials: This array includes the identifiers of all the credential types that this participant is allowed to issue as valid credentials in this ecosystem.
When isIssuerConstrained is set to false, all credentials issued by this participant are
considered valid in the ecosystem, even if they are not included in the
issuerAllowedCredentials array.
Retrieve a Verifier Policy
Request
Make a request of the following structure to retrieve an Ecosystem’s Verifier Policy:
HTTP
GET /v1/ecosystems/{ecosystemId}/verifiersecosystemId: Unique identifier for the ecosystem you want to retrieve the Verifier Policy from. Use the ecosystem uniqueidobtained when you created the ecosystem.
Response
JSON
{
"policyModifiedAt": "2023-10-17T00:00:00Z",
"credentials": [
{
"id": "599bf148-d711-405a-a20b-9c8a87ac8850",
"ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
"profile": "compact",
"type": "DriverLicence",
"name": "Driver's Licence"
}
],
"participants": [
{
"id": "a24e391a-c27f-4b6e-9805-1ee7e03f3c58",
"ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
"name": "My Participant",
"identifiers": {
"web-semantic": "did:web:example.com",
"compact-semantic": "did:web:example.com",
"compact": "did:web:example.com",
"mobile": ["12:34:56:78", "90:12:34:56"]
},
"isIssuer": false,
"isVerifier": true,
"isIssuerConstrained": true,
"isVerifierConstrained": true,
"verifierAllowedCredentials": [
"4e25a240-76bb-4e9f-9f93-b93be287922b",
"daca4a43-3ff9-4ecb-93fe-d9104e36bf74"
],
"issuerAllowedCredentials": []
}
]
}policyModifiedAt: Indicates when the policy was last modified.credentials: This array includes all the credential types that are valid in this ecosystem.participants: This array includes all the participants that exist in this ecosystem.isVerifier: This endpoint will only return participants that have this field set totrue.verifierAllowedCredentials: This array includes the identifiers of all the credential types for which this participant can create verification requests that are valid in this ecosystem.
When isVerifierConstrained is set to false, verification requests of all credential types
from this verifier are considered valid in the ecosystem, even if they are not included in the
issuerAllowedCredentials array.