Learn

Retrieve a policy

Ecosystem policies configure roles and permissions that apply to participants within the ecosystem. For example, participant X can act as an issuer and issue valid credentials of type X, Y and Z.

Ecosystems have separate policies for issuers and verifiers, and these are openly available and can be accessed unauthenticated by design. This enables different parties to check whether:

  • An issuer is allowed to issue a certain credential type in the ecosystem.

  • A verifier is allowed to verify a certain credential type in the ecosystem.

Once the policy is retrieved, it is up to the retrieving party to apply their own business logic based on the information found in the policy.

Retrieve an Issuer Policy

Request

Make the following request to retrieve an issuer policy from a given ecosystem:

http
Copy to clipboard.
1GET https://YOUR_TENANT_URL/v1/ecosystems/{ecosystemId}/issuers

  • ecosystemId: You must retrieve a policy from a given ecosystem. Use the ecosystem unique id returned when you created the ecosystem.

Response

json
Copy to clipboard.
1{
2  "policyModifiedAt": "2023-10-17T00:00:00Z",
3  "credentials": [
4    {
5      "id": "599bf148-d711-405a-a20b-9c8a87ac8850",
6      "ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
7      "profile": "compact",
8      "type": "DriverLicence",
9      "name": "Driver's Licence"
10    }
11  ],
12  "participants": [
13    {
14      "id": "a24e391a-c27f-4b6e-9805-1ee7e03f3c58",
15      "ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
16      "name": "My Participant",
17      "identifiers": {
18        "web-semantic": "did:web:example.com",
19        "compact-semantic": "did:web:example.com",
20        "compact": "did:web:example.com",
21        "mobile": [
22          "12:34:56:78",
23          "90:12:34:56"
24        ]
25      },
26      "isIssuer": true,
27      "isVerifier": false,
28      "isIssuerConstrained": true,
29      "isVerifierConstrained": true,
30      "issuerAllowedCredentials": [
31        "e0a07846-44e1-41a4-b704-1ccf6eb1a5af",
32        "25fa6ffc-bf6e-417c-865c-96fcf1d7d1a3"
33      ],
34      "verifierAllowedCredentials": []
35    }
36  ]
37}

  • policyModifiedAt: Indicates when the policy was last modified.

  • credentials: This array includes all the credential types that are valid in this ecosystem. Refer to Configure credential types for a a complete description of the different fields.

  • participants: This array includes all the participants that exist in this ecosystem. Refer to Create a participant for a complete description of the different fields.

    • isIssuer: This endpoint will only return participants that have this field set to true.

    • issuerAllowedCredentials: This array includes the identifiers of all the Credential types that this participant is allowed to issue within this ecosystem. Note that when isIssuerConstrained is set to false, the participant is allowed to issue all credential types defined within the credentials array, even if they are not included in the issuerAllowedCredentials array.

Retrieve a Verifier Policy

Request

Make the following request to retrieve a verifier policy from a given ecosystem:

http
Copy to clipboard.
1GET https://YOUR_TENANT_URL/v1/ecosystems/{ecosystemId}/verifiers

  • ecosystemId: You must retrieve a policy from a given ecosystem. Use the ecosystem unique id returned when you created the ecosystem.

Response

json
Copy to clipboard.
1{
2  "policyModifiedAt": "2023-10-17T00:00:00Z",
3  "credentials": [
4    {
5      "id": "599bf148-d711-405a-a20b-9c8a87ac8850",
6      "ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
7      "profile": "compact",
8      "type": "DriverLicence",
9      "name": "Driver's Licence"
10    }
11  ],
12  "participants": [
13    {
14      "id": "a24e391a-c27f-4b6e-9805-1ee7e03f3c58",
15      "ecosystemId": "87880d7e-a4d0-462e-8383-3f1e5e16865d",
16      "name": "My Participant",
17      "identifiers": {
18        "web-semantic": "did:web:example.com",
19        "compact-semantic": "did:web:example.com",
20        "compact": "did:web:example.com",
21        "mobile": [
22          "12:34:56:78",
23          "90:12:34:56"
24        ]
25      },
26      "isIssuer": false,
27      "isVerifier": true,
28      "isIssuerConstrained": true,
29      "isVerifierConstrained": true,
30      "verifierAllowedCredentials": [
31        "4e25a240-76bb-4e9f-9f93-b93be287922b",
32        "daca4a43-3ff9-4ecb-93fe-d9104e36bf74"
33      ],
34      "issuerAllowedCredentials": []
35    }
36  ]
37}

  • policyModifiedAt: Indicates when the policy was last modified.

  • credentials: This array includes all the credential types that are valid in this ecosystem. Refer to Configure credential types for a a complete description of the different fields.

  • participants: This array includes all the participants that exist in this ecosystem. Refer to Create a participant for a complete description of the different fields.

    • isVerifier: This endpoint will only return participants that have this field set to true.

    • verifierAllowedCredentials: This array includes the identifiers of all the Credential types that this participant is allowed to verify within this ecosystem. Note that when isVerifierConstrained is set to false, the participant is allowed to verify all credential types defined within the credentials array, even if they are not included in the verifierAllowedCredentials array.