Console: Credentials
Credential list
Section titled “Credential list”
The credentials page shows all issued credentials with format, types, subject, creation date, and revocation status.
Issuing credentials
Section titled “Issuing credentials”
Click Issue credential to open the issuance form.
Format
Section titled “Format”| Format | When to use |
|---|---|
| JWT-VC (jwt_vc_json) | Full disclosure — all claims visible to every verifier. Best for credentials where transparency is expected (e.g., organizational membership). |
| SD-JWT VC (vc+sd-jwt) | Selective disclosure — the holder chooses which claims to reveal. Best for privacy-sensitive data (e.g., age verification without revealing date of birth). |
Issuer DID
Section titled “Issuer DID”The DID that signs the credential. You must have at least one DID created on the DIDs page. The DID’s private key is used to produce the signature.
Subject DID
Section titled “Subject DID”The holder’s DID. Optional — leave empty to create a bearer credential (anyone who possesses it can present it).
Comma-separated credential types. VerifiableCredential is always included.
Add your own domain-specific types like CanadianDigitalID, DriverLicense,
or EmploymentCredential.
Claims
Section titled “Claims”A JSON object with the credential’s data fields. These become the
credentialSubject in the issued credential.
{ "givenName": "Alice", "familyName": "Martin", "dateOfBirth": "1990-05-15", "province": "Ontario"}Revoking credentials
Section titled “Revoking credentials”Click Revoke on an active credential. Revocation is:
- Immediate — the status changes right away
- Permanent — cannot be undone
- Verifiable — verifiers checking status will see “revoked”
- Data-preserving — the credential data is kept for audit purposes
Revocation does not delete the credential or notify the holder. Verifiers must check the status API to detect revocation.
Credential formats explained
Section titled “Credential formats explained”JWT-VC (W3C Verifiable Credential as JWT)
Section titled “JWT-VC (W3C Verifiable Credential as JWT)”The credential is signed as a JSON Web Token. The payload contains:
iss— issuer DIDsub— subject DID (if provided)vc— the full Verifiable Credential object with types and claims
All claims are visible to any party that receives the JWT.
SD-JWT VC (Selective Disclosure JWT)
Section titled “SD-JWT VC (Selective Disclosure JWT)”Built on the SD-JWT specification. The issuer signs all claims, but each claim is individually disclosable:
iss,sub,vct,iatare always visible (plain claims)- All custom claims become selectively disclosable
- The holder creates a presentation revealing only chosen claims
Best for GDPR compliance and minimal disclosure scenarios.
See the Credentials API reference for programmatic usage.
See also
Section titled “See also”- Credential Formats concept — JWT-VC vs SD-JWT vs mDL vs BBS+
- Credentials API — programmatic issuance and verification
- Protocols concept — OID4VCI issuance flow