Guides
  1. CREDENTIAL PRESENTATION

Authorization Request

The credential presentation flow begins when your application redirects the user to Proof's authorization endpoint. This is a standard OAuth 2.0 authorization request extended with OpenID4VP parameters.

GET https://api.proof.com/verifiable-credentials/v1/presentation/authorize

Flow

  1. Redirect — Your application constructs an authorization request URL and redirects the user's browser to Proof.
  2. Authenticate — Proof authenticates the user against their cloud wallet. If the user has not enrolled, Proof initiates identity verification.
  3. Consent — Proof displays a consent screen showing which claims are being requested and by whom.
  4. Build VP — Upon consent, Proof constructs the VP Token with only the requested disclosures and a Key Binding JWT.
  5. Callback — Proof redirects the user back to your redirect_uri with the vp_token.

Request Parameters

ParameterTypeDescription
response_typeStringRequiredMust be vp_token.
client_idStringRequiredYour Proof OAuth Application Client ID.
redirect_uriStringRequiredThe callback URL where the user is returned. Must match a registered URI.
scopeStringRequiredSpace-separated list of scopes that translate to DCQL queries. See Scopes.
login_hintStringRequiredThe email address associated with the end-user.
nonceStringRequiredUnique cryptographically random string (≥16 chars). Bound into the KB-JWT to prevent replay attacks.
stateStringOptionalOpaque value to maintain state between request and callback. Returned unmodified.
transaction_dataStringOptionalSpace-separated base64url-encoded JSON objects containing transaction data to bind. See Transaction Data.

Example Request

POST /verifiable-credentials/v1/presentation/authorize?
  response_type=vp_token
  &client_id=your_client_id
  &redirect_uri=https://app.example.com/callback
  &scope=urn:proof:params:scope:verifiable-credentials:basic
  &[email protected]
  &nonce=n-0S6_WzA2Mj_6a8bRs2TU
  &state=af0ifjsldkj
ℹ️

The URL above is shown with line breaks for readability. In production, this must be a single URL with no whitespace.

Scopes

Each scope maps to a predefined set of Selective Disclosures that will be included in the Verifiable Presentation. Pass one or more scopes in the scope parameter to control which claims are requested from the user's credential.

ScopeSelective Disclosures
urn:proof:params:scope:verifiable-credentials:basicgiven_name, family_name, age_equal_or_over.18

Transaction Data Binding

Each transaction_data value is a base64url-encoded JSON object with the following properties:

PropertyTypeDescription
typeStringRequiredOne of the supported transaction data types listed below.
credential_idsString[]RequiredArray of credential query IDs this transaction data applies to.
payloadObjectRequiredType-specific data to bind into the presentation. Varies by type.

Session Data

urn:proof:params:vc:transaction-data:session-data

Binds session context to the presentation.

payload

PropertyTypeDescription
ip_addressStringRequiredIP address of the end-user.
device_idStringOptionalDevice identifier of the end-user.

Itemized Payment

urn:proof:params:vc:transaction-data:payment-itemized:v1

Binds an itemized payment summary to the presentation.

payload

PropertyTypeDescription
titleStringOptionalTitle of the payment.
descriptionStringOptionalDescription of the payment.
currencyStringRequiredCurrency code (e.g., USD).
itemsObject[]RequiredList of line items in the payment.

Each object in items:

PropertyTypeDescription
quantityIntegerRequiredQuantity of the item.
unit_costFloatRequiredCost per unit of the item.
labelStringRequiredLabel describing the item.

Wire Instructions

urn:proof:params:vc:transaction-data:wire-instructions:v1

Binds wire transfer instructions to the presentation.

payload

PropertyTypeDescription
recipientObjectRequiredThe recipient of the wire transfer.
sourceObjectRequiredThe funding source for the wire transfer.
amountFloatRequiredTransfer amount.
currencyStringRequiredCurrency code (e.g., USD).
memoStringOptionalMemo or reference note for the transfer.

recipient object:

PropertyTypeDescription
individual_nameStringOptionalName of the recipient individual.
institution_nameStringRequiredName of the recipient institution.
routing_numberStringRequiredRouting number of the recipient account.
account_numberStringRequiredAccount number of the recipient.
websiteStringOptionalWebsite of the recipient.

source object:

PropertyTypeDescription
individual_nameStringRequiredName of the source individual.
institution_nameStringOptionalName of the source institution.
account_numberStringRequiredAccount number of the source.
routing_numberStringRequiredRouting number of the source account.

Payment Mandate

urn:proof:params:vc:transaction-data:payment-mandate:v1

Binds a payment mandate authorization to the presentation.

payload

PropertyTypeDescription
payment_instrumentObjectRequiredThe payment instrument used for the mandate.
payeeObjectRequiredThe payee receiving the payment.
prompt_summaryStringRequiredSummary text displayed to the user for consent.
amountFloatRequiredPayment amount.
currencyStringRequiredCurrency code (e.g., USD).

payment_instrument object:

PropertyTypeDescription
typeStringRequiredType of payment instrument.
idStringRequiredIdentifier of the payment instrument.
instructionStringOptionalInstruction associated with the instrument.

payee object:

PropertyTypeDescription
idStringOptionalIdentifier of the payee.
nameStringRequiredName of the payee.
websiteStringOptionalWebsite of the payee.

Authorization Response

After the user authenticates and consents, Proof redirects the browser back to your redirect_uri. The response parameters are appended as a URI fragment.

REDIRECT https://app.example.com/callback#vp_token=...&state=...

Response Parameters

ParameterTypeDescription
vp_tokenStringAlwaysThe SD-JWT VC string
stateStringConditionalReturned if a state value was provided in the request.

Updated 30 days ago