Retrieve a policy
Ecosystem policies configure roles and permissions that apply to participants within the ecosystem. For example, participant X can act as an issuer and issue valid credentials of type X, Y and Z.
Ecosystems have separate policies for issuers and verifiers, and these are openly available and can be accessed unauthenticated by design. This enables different parties to check whether:
An issuer is allowed to issue a certain credential type in the ecosystem.
A verifier is allowed to verify a certain credential type in the ecosystem.
Once the policy is retrieved, it is up to the retrieving party to apply their own business logic based on the information found in the policy.
Retrieve an Issuer Policy
Request
Make the following request to retrieve an issuer policy from a given ecosystem:
1GET https://YOUR_TENANT_URL/v1/ecosystems/{ecosystemId}/issuers
ecosystemId
: You must retrieve a policy from a given ecosystem. Use the ecosystem uniqueid
returned when you created the ecosystem.
Response
1{
2 "policyModifiedAt": "2023-10-17T00:00:00Z",
3 "credentials": [
4 {
5 "id": "599bf148-d711-405a-a20b-9c8a87ac8850",
6 "ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
7 "profile": "compact",
8 "type": "DriverLicence",
9 "name": "Driver's Licence"
10 }
11 ],
12 "participants": [
13 {
14 "id": "a24e391a-c27f-4b6e-9805-1ee7e03f3c58",
15 "ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
16 "name": "My Participant",
17 "identifiers": {
18 "web-semantic": "did:web:example.com",
19 "compact-semantic": "did:web:example.com",
20 "compact": "did:web:example.com",
21 "mobile": [
22 "12:34:56:78",
23 "90:12:34:56"
24 ]
25 },
26 "isIssuer": true,
27 "isVerifier": false,
28 "isIssuerConstrained": true,
29 "isVerifierConstrained": true,
30 "issuerAllowedCredentials": [
31 "e0a07846-44e1-41a4-b704-1ccf6eb1a5af",
32 "25fa6ffc-bf6e-417c-865c-96fcf1d7d1a3"
33 ],
34 "verifierAllowedCredentials": []
35 }
36 ]
37}
policyModifiedAt
: Indicates when the policy was last modified.credentials
: This array includes all the credential types that are valid in this ecosystem. Refer to Configure credential types for a a complete description of the different fields.participants
: This array includes all the participants that exist in this ecosystem. Refer to Create a participant for a complete description of the different fields.isIssuer
: This endpoint will only return participants that have this field set totrue
.issuerAllowedCredentials
: This array includes the identifiers of all the Credential types that this participant is allowed to issue within this ecosystem. Note that whenisIssuerConstrained
is set tofalse
, the participant is allowed to issue all credential types defined within thecredentials
array, even if they are not included in theissuerAllowedCredentials
array.
Retrieve a Verifier Policy
Request
Make the following request to retrieve a verifier policy from a given ecosystem:
1GET https://YOUR_TENANT_URL/v1/ecosystems/{ecosystemId}/verifiers
ecosystemId
: You must retrieve a policy from a given ecosystem. Use the ecosystem uniqueid
returned when you created the ecosystem.
Response
1{
2 "policyModifiedAt": "2023-10-17T00:00:00Z",
3 "credentials": [
4 {
5 "id": "599bf148-d711-405a-a20b-9c8a87ac8850",
6 "ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
7 "profile": "compact",
8 "type": "DriverLicence",
9 "name": "Driver's Licence"
10 }
11 ],
12 "participants": [
13 {
14 "id": "a24e391a-c27f-4b6e-9805-1ee7e03f3c58",
15 "ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
16 "name": "My Participant",
17 "identifiers": {
18 "web-semantic": "did:web:example.com",
19 "compact-semantic": "did:web:example.com",
20 "compact": "did:web:example.com",
21 "mobile": [
22 "12:34:56:78",
23 "90:12:34:56"
24 ]
25 },
26 "isIssuer": false,
27 "isVerifier": true,
28 "isIssuerConstrained": true,
29 "isVerifierConstrained": true,
30 "verifierAllowedCredentials": [
31 "4e25a240-76bb-4e9f-9f93-b93be287922b",
32 "daca4a43-3ff9-4ecb-93fe-d9104e36bf74"
33 ],
34 "issuerAllowedCredentials": []
35 }
36 ]
37}
policyModifiedAt
: Indicates when the policy was last modified.credentials
: This array includes all the credential types that are valid in this ecosystem. Refer to Configure credential types for a a complete description of the different fields.participants
: This array includes all the participants that exist in this ecosystem. Refer to Create a participant for a complete description of the different fields.isVerifier
: This endpoint will only return participants that have this field set totrue
.verifierAllowedCredentials
: This array includes the identifiers of all the Credential types that this participant is allowed to verify within this ecosystem. Note that whenisVerifierConstrained
is set tofalse
, the participant is allowed to verify all credential types defined within thecredentials
array, even if they are not included in theverifierAllowedCredentials
array.