FortID LogoFortID

Initiate Verification Session

Start a new verification session.

Initiate the verification session with an external wallet.

POST
/verification-session/initiate

This API is intended to be called when attempting to initiate a verification session with an external wallet via OpenID for Verifiable Presentations protocol.

To do so, the caller should essentially:

  • Define what the wallet should present. This includes specifying the type of credential (e.g. org.iso.18013.5.1.mDL), its format (e.g. mso_mdoc), and claims that ought to be disclosed. More details can be found in the definition of a credentialDescription schema.
  • Configure their trust policy. This includes specifying the roots of trust that will be valid throughout the verification session (e.g. by pointing to a well-known trusted list or by explicitly providing trusted certificates). These are used to validate the authenticity of the Credential Issuer. More details can be found in the definition of a trustConfig schema.
  • Configure the protocol details. This includes defining OpenID4VP specifics such as clientIdScheme or responseMode. More details can be found in the definition of a protocolConfig schema.

Claims from multiple credentials can be requested by the FortID Verifier. In that case, the credentialDescription should be an array.

Based on that information, Verifier Service will create a new verification session, prepare the corresponding Authorization Request, and serve it.

In the response, the caller will obtain the following:

  • verificationSessionId — representing the unique identifier of the newly-created verification session.
  • authorization_request — An Authorization Request represented either by value (URL encoded) or by reference (a link containing a request_uri parameter) according to the requested authorizationRequestType.

Once the wallet obtains or dereferences the authorization_request, the remainder of the verification protocol is done directly between Verification Service and the wallet through the appropriate Protocol APIs.

The caller can gain additional information about the verification session status through the /verification-session/status/{verificationSessionId} endpoint.

Note

The mso_mdoc credential format is not compatible with the direct_post response mode and will result in an error. This configuration is not supported by the mDL specifications.

Header Parameters

X-API-KEY*string

API key for authenticating requests to the Verifier Service.

Request Body

application/json

credentialDescription*|array<>
trustConfig*|array<>

Configuration for trust of Credential Issuers.

  • "trust_all": All Credential Issuers are trusted, i.e. no authenticity will be verified.

  • array: Roots of trust used to validate the authenticity of Credential Issuer(s).

    The trust is evaluated as in "any option must be satisfied".

    This must not be empty, because it would mean that no Issuers are trusted, effectively invalidating all VP tokens.

    • type: "x5chain_root": The trusted X.509 certificate chain root.
    • cert: A trusted root certificate in the PEM format.
protocolConfig?

Configuration instantiating a specific flavour of the OID4VP protocol for this verification session.

If omitted, the default values will be used, allowing the integration with wallets based on EUDI Reference implementation.

authorizationRequestType*string

Determines whether the Authorization Request is returned inline (byValue) or as a reference (byReference). When byReference is used, wallets must dereference the Authorization Request by getting the value through the request_uri parameter in the URL which this response contains.

Default"byReference"
Value in"byValue" | "byReference"

Response Body

application/json

application/json

application/json

curl -X POST "https://evs.fortid.com/verification-session/initiate" \  -H "X-API-KEY: 9LFHJCyxgzDjMsFLUf2FfpiI9ZLTlaLi" \  -H "Content-Type: application/json" \  -d '{    "credentialDescription": {      "credentialType": "org.iso.18013.5.1.mDL",      "credentialFormat": "mso_mdoc"    },    "trustConfig": "trust_all",    "authorizationRequestType": "byReference"  }'
{
  "verificationSessionId": "b3c66e96-8415-41af-862a-657d5033b776",
  "authorization_request": "openid4vp://authorize?client_id=https%3A%2F%2Fverifier-service%2Fprotocol&request_uri=https%3A%2F%2Fverifier-service%2Fprotocol%2Fauthorization-request%2F9f2df5ad-928d-4b18-8c61-a88f57158b1c&request_uri_method=get"
}
{
  "message": "Missing required field - credentialDescription.credentialFormat"
}
{
  "message": "Internal Server Error"
}

How to install EUDI Reference Wallet

A step-by-step guide for installing the EUDI Reference Wallet published by FortID.

Verification Status Check GET

Next Page