| Field | Type | Label | Description |
| credential_id | string |
|
| Field | Type | Label | Description |
| credential_id | string |
|
|
| status | string | "active" or "revoked" |
|
| issuer_did | string |
|
|
| subject_did | string |
|
|
| issued_at | google.protobuf.Timestamp |
|
|
| revoked_at | google.protobuf.Timestamp |
|
|
| revocation_reason | string |
|
| Field | Type | Label | Description |
| credential_id | string |
|
|
| issuer_did | string |
|
|
| subject_did | string |
|
|
| status | string |
|
|
| issued_at | google.protobuf.Timestamp |
|
|
| revoked_at | google.protobuf.Timestamp |
|
|
| revocation_reason | string |
|
| Field | Type | Label | Description |
| institution_name | string |
|
|
| institution_did | string |
|
|
| degree | string |
|
|
| field_of_study | string |
|
|
| graduation_date | string |
|
|
| certificate_name | string |
|
|
| course_name | string |
|
|
| completion_date | string |
|
|
| grade | string |
|
|
| credits_earned | int32 |
|
| Field | Type | Label | Description |
| employer_name | string |
|
|
| employer_did | string |
|
|
| job_title | string |
|
|
| department | string |
|
|
| start_date | string |
|
|
| end_date | string |
|
|
| employment_type | string |
|
|
| work_location | string |
|
|
| current_employee | bool |
|
Credential subject types
| Field | Type | Label | Description |
| given_name | string |
|
|
| family_name | string |
|
|
| date_of_birth | string |
|
|
| nationality | string |
|
|
| document_type | string |
|
|
| document_id | string |
|
|
| place_of_birth | string |
|
|
| gender | string |
|
|
| address | string |
|
|
| verified_at | string |
|
|
| verified_level | string |
|
| Field | Type | Label | Description |
| issuer_did | string | Issuer's DID |
|
| issuer_private_key_base58 | string | Issuer's private key (base58 encoded) for signing |
|
| subject_did | string | Subject's DID (who the credential is about) |
|
| credential_type | CredentialType | Type of credential |
|
| identity | IdentitySubject |
|
|
| education | EducationSubject |
|
|
| employment | EmploymentSubject |
|
|
| membership | MembershipSubject |
|
| Field | Type | Label | Description |
| credential_token | string | The signed PASETO credential token |
|
| credential_id | string | Unique credential ID (for revocation) |
|
| issued_at | google.protobuf.Timestamp | When the credential was issued |
|
| expires_at | google.protobuf.Timestamp | When the credential expires |
| Field | Type | Label | Description |
| issuer_did | string |
|
| Field | Type | Label | Description |
| credentials | CredentialEntry | repeated |
|
| Field | Type | Label | Description |
| subject_did | string |
|
| Field | Type | Label | Description |
| credentials | CredentialEntry | repeated |
|
| Field | Type | Label | Description |
| organization_name | string |
|
|
| organization_did | string |
|
|
| membership_id | string |
|
|
| membership_type | string |
|
|
| role | string |
|
|
| roles | string | repeated |
|
| access_level | string |
|
|
| start_date | string |
|
|
| expiration_date | string |
|
|
| active_member | bool |
|
| Field | Type | Label | Description |
| credential_id | string |
|
|
| reason | string |
|
| Field | Type | Label | Description |
| success | bool |
|
|
| revoked_at | google.protobuf.Timestamp |
|
| Field | Type | Label | Description |
| credential_token | string | The credential token to verify |
|
| issuer_public_key_base58 | string | Issuer's public key (base58 encoded) |
|
| check_revocation | bool | Optional: Check revocation status |
| Field | Type | Label | Description |
| valid | bool |
|
|
| issuer_did | string | Validation details |
|
| subject_did | string |
|
|
| credential_id | string |
|
|
| credential_types | string | repeated |
|
| issued_at | google.protobuf.Timestamp |
|
|
| expires_at | google.protobuf.Timestamp |
|
|
| is_revoked | bool | Revocation status (if checked) |
|
| revocation_reason | string |
|
|
| error | string | Error message if invalid |
|
| credential_subject | google.protobuf.Struct | The credential subject data |
Credential types
| Name | Number | Description |
| CREDENTIAL_TYPE_UNSPECIFIED | 0 | |
| CREDENTIAL_TYPE_IDENTITY | 1 | |
| CREDENTIAL_TYPE_EDUCATION | 2 | |
| CREDENTIAL_TYPE_EMPLOYMENT | 3 | |
| CREDENTIAL_TYPE_MEMBERSHIP | 4 |
CredentialService handles Verifiable Credential operations
| Method Name | Request Type | Response Type | Description |
| IssueCredential | IssueCredentialRequest | IssueCredentialResponse | IssueCredential creates and signs a new Verifiable Credential |
| VerifyCredential | VerifyCredentialRequest | VerifyCredentialResponse | VerifyCredential verifies a credential token |
| RevokeCredential | RevokeCredentialRequest | RevokeCredentialResponse | RevokeCredential revokes a credential by ID |
| CheckRevocationStatus | CheckRevocationStatusRequest | CheckRevocationStatusResponse | CheckRevocationStatus checks if a credential is revoked |
| ListCredentialsByIssuer | ListCredentialsByIssuerRequest | ListCredentialsByIssuerResponse | ListCredentialsByIssuer returns all credentials issued by a DID |
| ListCredentialsBySubject | ListCredentialsBySubjectRequest | ListCredentialsBySubjectResponse | ListCredentialsBySubject returns all credentials for a subject DID |
| Method Name | Method | Pattern | Body |
| IssueCredential | POST | /v1/credentials | * |
| VerifyCredential | POST | /v1/credentials/verify | * |
| RevokeCredential | POST | /v1/credentials/{credential_id}/revoke | * |
| CheckRevocationStatus | GET | /v1/credentials/{credential_id}/status | |
| ListCredentialsByIssuer | GET | /v1/credentials/issuer/{issuer_did} | |
| ListCredentialsBySubject | GET | /v1/credentials/subject/{subject_did} |
| Field | Type | Label | Description |
| public_key_base58 | string | Optional: Provide your own public key (base58 encoded) If empty, a new keypair will be generated |
| Field | Type | Label | Description |
| did | string |
|
|
| public_key_base58 | string |
|
|
| private_key_base58 | string | Only returned if keypair was generated server-side WARNING: Store this securely - it cannot be recovered |
|
| did_document | DIDDocument |
|
DIDDocument represents a W3C DID Document
| Field | Type | Label | Description |
| context | string | repeated |
|
| id | string |
|
|
| verification_method | VerificationMethod | repeated |
|
| authentication | string | repeated |
|
| assertion_method | string | repeated |
|
| Field | Type | Label | Description |
| did | string |
|
| Field | Type | Label | Description |
| did_document | DIDDocument |
|
| Field | Type | Label | Description |
| did | string |
|
| Field | Type | Label | Description |
| did | string |
|
|
| public_key_base58 | string |
|
| Field | Type | Label | Description |
| id | string |
|
|
| type | string |
|
|
| controller | string |
|
|
| public_key_base58 | string |
|
DIDService handles Decentralized Identifier operations
| Method Name | Request Type | Response Type | Description |
| CreateDID | CreateDIDRequest | CreateDIDResponse | CreateDID generates a new DID with keypair |
| ResolveDID | ResolveDIDRequest | ResolveDIDResponse | ResolveDID resolves a DID to its public key |
| GetDIDDocument | GetDIDDocumentRequest | GetDIDDocumentResponse | GetDIDDocument returns the full DID Document for a DID |
| Method Name | Method | Pattern | Body |
| CreateDID | POST | /v1/did | * |
| ResolveDID | GET | /v1/did/{did} | |
| GetDIDDocument | GET | /v1/did/{did}/document |
| Field | Type | Label | Description |
| holder_did | string | Holder's DID |
|
| holder_private_key_base58 | string | Holder's private key (base58 encoded) for signing |
|
| credential_tokens | string | repeated | List of credential tokens to include |
| audience_did | string | Verifier's DID (audience) |
|
| nonce | string | Challenge nonce from verifier |
| Field | Type | Label | Description |
| presentation_token | string | The signed PASETO presentation token |
|
| presentation_id | string | Presentation ID |
|
| created_at | google.protobuf.Timestamp | When the presentation was created |
|
| expires_at | google.protobuf.Timestamp | When the presentation expires (15 minutes by default) |
| Field | Type | Label | Description |
| index | int32 |
|
|
| valid | bool |
|
|
| issuer_did | string |
|
|
| subject_did | string |
|
|
| types | string | repeated |
|
| error | string |
|
| Field | Type | Label | Description |
| verifier_did | string | Optional: Verifier's DID for context |
| Field | Type | Label | Description |
| nonce | string | Random nonce for challenge-response |
|
| expires_at | google.protobuf.Timestamp | When the challenge expires (5 minutes) |
| Field | Type | Label | Description |
| presentation_token | string | The presentation token to verify |
|
| holder_public_key_base58 | string | Holder's public key (base58 encoded) |
|
| expected_audience | string | Expected audience DID |
|
| expected_nonce | string | Expected nonce (challenge) |
|
| verify_credentials | bool | Optional: Also verify the embedded credentials |
|
| issuer_public_keys | VerifyPresentationRequest.IssuerPublicKeysEntry | repeated | Required if verify_credentials is true: map of issuer DID to public key |
| Field | Type | Label | Description |
| key | string |
|
|
| value | string |
|
| Field | Type | Label | Description |
| valid | bool |
|
|
| holder_did | string | Presentation details |
|
| audience_did | string |
|
|
| nonce | string |
|
|
| presentation_id | string |
|
|
| created_at | google.protobuf.Timestamp |
|
|
| expires_at | google.protobuf.Timestamp |
|
|
| credential_count | int32 | Number of credentials included |
|
| credential_tokens | string | repeated | Credential tokens (for further inspection) |
| credential_results | CredentialVerificationResult | repeated | If credentials were verified |
| error | string | Error message if invalid |
PresentationService handles Verifiable Presentation operations
| Method Name | Request Type | Response Type | Description |
| CreatePresentation | CreatePresentationRequest | CreatePresentationResponse | CreatePresentation creates a signed Verifiable Presentation |
| VerifyPresentation | VerifyPresentationRequest | VerifyPresentationResponse | VerifyPresentation verifies a presentation token |
| GenerateChallenge | GenerateChallengeRequest | GenerateChallengeResponse | GenerateChallenge generates a nonce for challenge-response |
| Method Name | Method | Pattern | Body |
| CreatePresentation | POST | /v1/presentations | * |
| VerifyPresentation | POST | /v1/presentations/verify | * |
| GenerateChallenge | POST | /v1/presentations/challenge | * |
| Field | Type | Label | Description |
| passphrase | string | Passphrase for encrypting the wallet |
|
| private_key_base58 | string | Optional: Provide existing keys instead of generating new ones |
|
| public_key_base58 | string |
|
| Field | Type | Label | Description |
| wallet_id | string | Wallet identifier |
|
| did | string | The DID associated with this wallet |
|
| public_key_base58 | string | Public key (base58) |
|
| did_document | DIDDocument | DID Document |
|
| created_at | google.protobuf.Timestamp | Creation timestamp |
| Field | Type | Label | Description |
| wallet_id | string |
|
|
| passphrase | string |
|
| Field | Type | Label | Description |
| encrypted_data | string | Base64-encoded encrypted wallet data |
| Field | Type | Label | Description |
| wallet_id | string |
|
|
| passphrase | string |
|
|
| credential_id | string |
|
| Field | Type | Label | Description |
| credential | StoredCredential |
|
| Field | Type | Label | Description |
| wallet_id | string |
|
| Field | Type | Label | Description |
| wallet_id | string |
|
|
| did | string |
|
|
| created_at | google.protobuf.Timestamp |
|
|
| updated_at | google.protobuf.Timestamp |
|
|
| credential_count | int32 |
|
| Field | Type | Label | Description |
| encrypted_data | string | Base64-encoded encrypted wallet data |
|
| passphrase | string |
|
| Field | Type | Label | Description |
| wallet_id | string |
|
|
| did | string |
|
|
| created_at | google.protobuf.Timestamp |
|
| Field | Type | Label | Description |
| wallet_id | string |
|
|
| passphrase | string |
|
| Field | Type | Label | Description |
| credentials | StoredCredential | repeated |
|
| Field | Type | Label | Description |
| wallet_id | string |
|
|
| passphrase | string |
|
| Field | Type | Label | Description |
| wallet_id | string |
|
|
| did | string |
|
|
| public_key_base58 | string |
|
|
| private_key_base58 | string | Private key is returned for signing operations Handle with care - do not log or expose |
|
| did_document | DIDDocument |
|
|
| credential_count | int32 |
|
| Field | Type | Label | Description |
| wallet_id | string |
|
|
| passphrase | string |
|
|
| credential_id | string |
|
| Field | Type | Label | Description |
| success | bool |
|
| Field | Type | Label | Description |
| wallet_id | string |
|
|
| passphrase | string |
|
|
| credential_token | string | The credential token to store |
|
| issuer_public_key_base58 | string | Issuer's public key for verification |
|
| issuer_did | string | Issuer's DID |
|
| credential_type | string | Credential type label |
| Field | Type | Label | Description |
| credential_id | string |
|
|
| stored_at | google.protobuf.Timestamp |
|
| Field | Type | Label | Description |
| id | string |
|
|
| type | string |
|
|
| issuer_did | string |
|
|
| issuer_public_key | string |
|
|
| token | string |
|
|
| issued_at | google.protobuf.Timestamp |
|
|
| expires_at | google.protobuf.Timestamp |
|
|
| stored_at | google.protobuf.Timestamp |
|
WalletService handles encrypted wallet operations
| Method Name | Request Type | Response Type | Description |
| CreateWallet | CreateWalletRequest | CreateWalletResponse | CreateWallet creates a new encrypted wallet |
| OpenWallet | OpenWalletRequest | OpenWalletResponse | OpenWallet decrypts and opens an existing wallet |
| GetWalletInfo | GetWalletInfoRequest | GetWalletInfoResponse | GetWalletInfo returns wallet metadata without sensitive data |
| StoreCredential | StoreCredentialRequest | StoreCredentialResponse | StoreCredential stores a credential in the wallet |
| GetCredential | GetCredentialRequest | GetCredentialResponse | GetCredential retrieves a credential from the wallet |
| ListCredentials | ListCredentialsRequest | ListCredentialsResponse | ListCredentials lists all credentials in the wallet |
| RemoveCredential | RemoveCredentialRequest | RemoveCredentialResponse | RemoveCredential removes a credential from the wallet |
| ExportWallet | ExportWalletRequest | ExportWalletResponse | ExportWallet exports wallet data (encrypted) |
| ImportWallet | ImportWalletRequest | ImportWalletResponse | ImportWallet imports wallet data |
| Method Name | Method | Pattern | Body |
| CreateWallet | POST | /v1/wallets | * |
| OpenWallet | POST | /v1/wallets/open | * |
| GetWalletInfo | GET | /v1/wallets/{wallet_id} | |
| StoreCredential | POST | /v1/wallets/{wallet_id}/credentials | * |
| GetCredential | GET | /v1/wallets/{wallet_id}/credentials/{credential_id} | |
| ListCredentials | GET | /v1/wallets/{wallet_id}/credentials | |
| RemoveCredential | DELETE | /v1/wallets/{wallet_id}/credentials/{credential_id} | |
| ExportWallet | POST | /v1/wallets/{wallet_id}/export | * |
| ImportWallet | POST | /v1/wallets/import | * |
| Field | Type | Label | Description |
| zk_credential | google.protobuf.Struct | The ZK credential to create a presentation from |
|
| revealed_attributes | string | repeated | List of attribute names to reveal |
| predicates | Predicate | repeated | Optional predicates to prove without revealing values |
| challenge | string | Challenge/nonce from the verifier |
|
| domain | string | Optional domain binding |
| Field | Type | Label | Description |
| presentation | google.protobuf.Struct | The zero-knowledge presentation |
|
| revealed_claims | google.protobuf.Struct | The revealed claims |
|
| predicate_results | google.protobuf.Struct | Results of predicate proofs |
|
| presentation_token | string | The presentation token |
|
| holder_did | string | Holder's DID |
|
| credential_id | string | Credential ID |
No parameters needed
| Field | Type | Label | Description |
| public_key | bytes | BBS+ public key (base64 encoded) |
|
| private_key | bytes | BBS+ private key (base64 encoded) - store securely |
No parameters needed
| Field | Type | Label | Description |
| nonce | string | Cryptographic nonce (hex encoded) |
|
| expires_at | google.protobuf.Timestamp | When the nonce expires |
| Field | Type | Label | Description |
| issuer_did | string | Issuer's DID |
|
| issuer_private_key_base58 | string | Issuer's Ed25519 private key (base58 encoded) for PASETO signing |
|
| bbs_private_key | bytes | BBS+ private key for selective disclosure signatures |
|
| subject_did | string | Subject's DID (who the credential is about) |
|
| credential_type | string | Type of credential (e.g., "identity", "education") |
|
| claims | google.protobuf.Struct | Claims/attributes to include in the credential |
| Field | Type | Label | Description |
| zk_credential | google.protobuf.Struct | The full ZK credential (includes both PASETO token and BBS+ signature data) |
|
| credential_id | string | Unique credential ID |
|
| credential_token | string | The PASETO credential token (backward compatible) |
|
| issued_at | google.protobuf.Timestamp | When the credential was issued |
|
| expires_at | google.protobuf.Timestamp | When the credential expires |
Predicate for zero-knowledge proofs
| Field | Type | Label | Description |
| attribute_name | string | Name of the attribute to prove about |
|
| predicate_type | string | Type of predicate (greater_than, less_than, equals, in_set) |
|
| value | int32 | Value to compare against (for numeric predicates) |
|
| value_set | string | repeated | Set of values (for in_set/not_in_set predicates) |
| Field | Type | Label | Description |
| presentation | google.protobuf.Struct | The presentation to verify |
|
| bbs_public_key | bytes | BBS+ public key of the issuer |
|
| challenge | string | Expected challenge/nonce |
|
| domain | string | Expected domain |
| Field | Type | Label | Description |
| valid | bool | Whether the presentation is valid |
|
| holder_did | string | Holder's DID |
|
| credential_id | string | Credential ID |
|
| revealed_claims | google.protobuf.Struct | The revealed claims |
|
| predicate_results | google.protobuf.Struct | Results of predicate verifications |
|
| verified_at | google.protobuf.Timestamp | When verification was performed |
|
| error | string | Error message if invalid |
Predicate types for zero-knowledge proofs
| Name | Number | Description |
| PREDICATE_TYPE_UNSPECIFIED | 0 | |
| PREDICATE_TYPE_GREATER_THAN | 1 | |
| PREDICATE_TYPE_LESS_THAN | 2 | |
| PREDICATE_TYPE_EQUALS | 3 | |
| PREDICATE_TYPE_IN_SET | 4 | |
| PREDICATE_TYPE_NOT_IN_SET | 5 |
ZKPService handles Zero-Knowledge Proof operations for selective disclosure
| Method Name | Request Type | Response Type | Description |
| GenerateBBSKeyPair | GenerateBBSKeyPairRequest | GenerateBBSKeyPairResponse | GenerateBBSKeyPair generates a new BBS+ key pair for ZK credentials |
| IssueZKCredential | IssueZKCredentialRequest | IssueZKCredentialResponse | IssueZKCredential issues a new zero-knowledge credential with BBS+ signatures |
| CreateZKPresentation | CreateZKPresentationRequest | CreateZKPresentationResponse | CreateZKPresentation creates a zero-knowledge presentation with selective disclosure |
| VerifyZKPresentation | VerifyZKPresentationRequest | VerifyZKPresentationResponse | VerifyZKPresentation verifies a zero-knowledge presentation |
| GenerateNonce | GenerateNonceRequest | GenerateNonceResponse | GenerateNonce generates a cryptographic nonce for ZK presentations |
| Method Name | Method | Pattern | Body |
| GenerateBBSKeyPair | POST | /v1/zkp/bbs-keys | * |
| IssueZKCredential | POST | /v1/zkp/credentials | * |
| CreateZKPresentation | POST | /v1/zkp/presentations | * |
| VerifyZKPresentation | POST | /v1/zkp/presentations/verify | * |
| GenerateNonce | POST | /v1/zkp/nonce | * |
| .proto Type | Notes | C++ | Java | Python | Go | C# | PHP | Ruby |
| double | double | double | float | float64 | double | float | Float | |
| float | float | float | float | float32 | float | float | Float | |
| int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int | int32 | int | integer | Bignum or Fixnum (as required) |
| int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long | int64 | long | integer/string | Bignum |
| uint32 | Uses variable-length encoding. | uint32 | int | int/long | uint32 | uint | integer | Bignum or Fixnum (as required) |
| uint64 | Uses variable-length encoding. | uint64 | long | int/long | uint64 | ulong | integer/string | Bignum or Fixnum (as required) |
| sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int | int32 | int | integer | Bignum or Fixnum (as required) |
| sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long | int64 | long | integer/string | Bignum |
| fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int | uint32 | uint | integer | Bignum or Fixnum (as required) |
| fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long | uint64 | ulong | integer/string | Bignum |
| sfixed32 | Always four bytes. | int32 | int | int | int32 | int | integer | Bignum or Fixnum (as required) |
| sfixed64 | Always eight bytes. | int64 | long | int/long | int64 | long | integer/string | Bignum |
| bool | bool | boolean | boolean | bool | bool | boolean | TrueClass/FalseClass | |
| string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode | string | string | string | String (UTF-8) |
| bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str | []byte | ByteString | string | String (ASCII-8BIT) |