Skip to content
Vidos Logo Vidos

Digital Credentials API

What is the Digital Credentials API?

Section titled “What is the Digital Credentials API?”

The W3C Digital Credentials API (DC API) defines a web platform API that enables a website to request the presentation or issuance of digital credentials.

The API builds on the W3C Credential Management Level 1 specification. The core idea is that the user agent (for example, a browser) mediates interactions between:

  • a website that wants to request or issue a credential
  • holder software (typically a digital wallet)
  • the person using the device

The API is designed to be agnostic to credential formats and underlying exchange or issuance protocols. Interoperability comes from a protocol registry that identifies protocols by a protocol identifier.

Goals and design constraints

Section titled “Goals and design constraints”

The DC API aims to:

  • keep request/issuance separate from specific protocols and formats
  • require user interaction (transient activation) for each request or issuance
  • enable user-agent selection UX when multiple wallets can fulfill a request
  • keep requests readable by the user agent for risk analysis
  • treat responses as opaque to the user agent (typically encrypted by the underlying protocol)

Two flows: presentation and issuance

Section titled “Two flows: presentation and issuance”

The DC API supports two conceptual operations:

  • Presentation: a verifier site requests a credential presentation via navigator.credentials.get().
  • Issuance: an issuer site requests credential issuance via navigator.credentials.create().

In both cases, the site provides one or more protocol-specific requests. Each request contains:

  • a protocol identifier
  • protocol-defined request data

See Methods for the WebIDL structures.

The credential request coordinator

Section titled “The credential request coordinator”

The specification defines a user-agent component called the credential request coordinator. It mediates credential interactions through the top-level browsing context, and ensures:

  • at most one credential interaction is active at a time
  • user activation is required and consumed
  • request/response values are validated and transformed by the user agent

Role in Vidos

Section titled “Role in Vidos”

Vidos uses the DC API as the browser-level invocation layer for OpenID4VP DC API response modes. In this model:

  • the Vidos Authorizer creates an OpenID4VP authorization request in a DC API-compatible shape
  • a verifier web app invokes the wallet using navigator.credentials.get()
  • the wallet returns a protocol-defined response, which is forwarded to the Vidos Authorizer for processing

For OpenID4VP-specific details such as supported response modes, protocol identifiers, and request object shapes, see:

Section titled “Related concepts”

W3C specifications

Section titled “W3C specifications”