GuidesRetrieve a policy

How to retrieve policies

Relying parties can retrieve Ecosystem policies to check whether:

  • An issuer is allowed to issue a certain credential type in the ecosystem.
  • A verifier is allowed to verify a certain credential type in the ecosystem.

Once the policy is retrieved, relying parties can apply their own business logic based when applying the policy rules and permissions.

Retrieve an Issuer Policy

Request

Make a request of the following structure to retrieve an Ecosystem’s Issuer Policy:

HTTP
GET /v1/ecosystems/{ecosystemId}/issuers
  • ecosystemId : Unique identifier for the ecosystem you want to retrieve the Issuer Policy from. Use the ecosystem unique id obtained when you created the ecosystem.

Response

JSON
{
    "policyModifiedAt": "2023-10-17T00:00:00Z",
    "credentials": [
        {
            "id": "599bf148-d711-405a-a20b-9c8a87ac8850",
            "ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
            "profile": "compact",
            "type": "DriverLicense",
            "name": "Driver's License"
        }
    ],
    "participants": [
        {
            "id": "a24e391a-c27f-4b6e-9805-1ee7e03f3c58",
            "ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
            "name": "My Participant",
            "identifiers": {
                "web-semantic": "did:web:example.com",
                "compact-semantic": "did:web:example.com",
                "compact": "did:web:example.com",
                "mobile": ["12:34:56:78", "90:12:34:56"]
            },
            "isIssuer": true,
            "isVerifier": false,
            "isIssuerConstrained": true,
            "isVerifierConstrained": true,
            "issuerAllowedCredentials": [
                "e0a07846-44e1-41a4-b704-1ccf6eb1a5af",
                "25fa6ffc-bf6e-417c-865c-96fcf1d7d1a3"
            ],
            "verifierAllowedCredentials": []
        }
    ]
}
  • policyModifiedAt : Indicates when the policy was last modified.
  • credentials : This array includes all the credential types that are valid in this ecosystem.
  • participants : This array includes all the participants that exist in this ecosystem.
    • isIssuer : This endpoint will only return participants that have this field set to true.
    • issuerAllowedCredentials : This array includes the identifiers of all the credential types that this participant is allowed to issue as valid credentials in this ecosystem.

When isIssuerConstrained is set to false, all credentials issued by this participant are considered valid in the ecosystem, even if they are not included in the issuerAllowedCredentials array.

Retrieve a Verifier Policy

Request

Make a request of the following structure to retrieve an Ecosystem’s Verifier Policy:

HTTP
GET /v1/ecosystems/{ecosystemId}/verifiers
  • ecosystemId : Unique identifier for the ecosystem you want to retrieve the Verifier Policy from. Use the ecosystem unique id obtained when you created the ecosystem.

Response

JSON
{
    "policyModifiedAt": "2023-10-17T00:00:00Z",
    "credentials": [
        {
            "id": "599bf148-d711-405a-a20b-9c8a87ac8850",
            "ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
            "profile": "compact",
            "type": "DriverLicense",
            "name": "Driver's License"
        }
    ],
    "participants": [
        {
            "id": "a24e391a-c27f-4b6e-9805-1ee7e03f3c58",
            "ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
            "name": "My Participant",
            "identifiers": {
                "web-semantic": "did:web:example.com",
                "compact-semantic": "did:web:example.com",
                "compact": "did:web:example.com",
                "mobile": ["12:34:56:78", "90:12:34:56"]
            },
            "isIssuer": false,
            "isVerifier": true,
            "isIssuerConstrained": true,
            "isVerifierConstrained": true,
            "verifierAllowedCredentials": [
                "4e25a240-76bb-4e9f-9f93-b93be287922b",
                "daca4a43-3ff9-4ecb-93fe-d9104e36bf74"
            ],
            "issuerAllowedCredentials": []
        }
    ]
}
  • policyModifiedAt : Indicates when the policy was last modified.
  • credentials : This array includes all the credential types that are valid in this ecosystem.
  • participants : This array includes all the participants that exist in this ecosystem.
    • isVerifier : This endpoint will only return participants that have this field set to true.
    • verifierAllowedCredentials : This array includes the identifiers of all the credential types for which this participant can create verification requests that are valid in this ecosystem.

When isVerifierConstrained is set to false, verification requests of all credential types from this verifier are considered valid in the ecosystem, even if they are not included in the issuerAllowedCredentials array.

Retrieve a VICAL

When Ecosystem operators publish their ecosystem policy as a VICAL, relying parties can retrieve these VICALs via public endpoints.