7.7. Credential Services¶
This is version 1.2.1 of this interface.
Get the OpenAPI file: cms.yaml
7.7.1. Services¶
7.7.1.1. Credential Request¶
- POST /v1/credentialRequests/{credentialRequestId}¶
Create a request for a credential
Scope required:
cms.request.write
- Parameters:
credentialRequestId (string) – the id of the credential request. Object of type string.
- Query Parameters:
transactionId (string) – The id of the transaction. Object of type string. (Required)
- Form Parameters:
body – Object of type CredentialRequest.
- Status Codes:
201 Created – Operation successful.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Operation not allowed.
409 Conflict – Creation not allowed, credentialRequestId already exists.
500 Internal Server Error – Unexpected error. Object of type Error.
Example request:
POST /v1/credentialRequests/string?transactionId=string HTTP/1.1 Host: example.com Content-Type: application/json { "status": "PENDING", "requestData": { "priority": 1, "credentialProfileId": "ABC", "requestType": "FIRST_ISSUANCE", "validFromDate": "2020-10-08T18:38:56Z", "validToDate": "2025-10-08T18:38:56Z", "issuingAuthority": "OSIA", "deliveryAddress": { "address1": "11 Rue des Rosiers", "city": "Libourne", "postalCode": "33500", "country": "France" } }, "personId": "string", "biographicData": { "firstName": "John", "lastName": "Doo", "dateOfBirth": "1985-11-30", "gender": "M", "nationality": "FRA", "...": "..." }, "biometricData": [ { "biometricType": "FINGER", "biometricSubType": "RIGHT_INDEX", "instance": "string", "encounterId": "string", "image": "c3RyaW5n", "imageRef": "http://imageserver.com/image?id=00003", "captureDate": "2019-05-21T12:00:00Z", "captureDevice": "string", "impressionType": "LIVE_SCAN_PLAIN", "width": 1, "height": 1, "bitdepth": 1, "mimeType": "string", "resolution": 1, "compression": "WSQ", "missing": [ { "biometricSubType": "RIGHT_INDEX", "presence": "BANDAGED" } ], "metadata": "string", "comment": "string", "template": "c3RyaW5n", "templateRef": "http://dataserver.com/template?id=00014", "templateFormat": "string", "quality": 1, "qualityFormat": "string", "algorithm": "string", "vendor": "string" } ] }
Example response:
HTTP/1.1 400 Bad Request Content-Type: application/json { "code": 1, "message": "string" }
Example response:
HTTP/1.1 500 Internal Server Error Content-Type: application/json { "code": 1, "message": "string" }
- GET /v1/credentialRequests/{credentialRequestId}¶
Read a credential request
Scope required:
cms.request.read
- Parameters:
credentialRequestId (string) – the id of the credential request. Object of type string.
- Query Parameters:
attributes (array) – The (optional) set of attributes to retrieve. Array of string.
transactionId (string) – The id of the transaction. Object of type string. (Required)
- Status Codes:
200 OK – Read successful. Object of type CredentialRequest.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Read not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.
Example request:
GET /v1/credentialRequests/string?attributes=%5B%27string%27%5D&transactionId=string HTTP/1.1 Host: example.com
Example response:
HTTP/1.1 200 OK Content-Type: application/json { "credentialRequestId": "string", "status": "PENDING", "requestData": { "priority": 1, "credentialProfileId": "ABC", "requestType": "FIRST_ISSUANCE", "validFromDate": "2020-10-08T18:38:56Z", "validToDate": "2025-10-08T18:38:56Z", "issuingAuthority": "OSIA", "deliveryAddress": { "address1": "11 Rue des Rosiers", "city": "Libourne", "postalCode": "33500", "country": "France" } }, "personId": "string", "biographicData": { "firstName": "John", "lastName": "Doo", "dateOfBirth": "1985-11-30", "gender": "M", "nationality": "FRA", "...": "..." }, "biometricData": [ { "biometricType": "FINGER", "biometricSubType": "RIGHT_INDEX", "instance": "string", "encounterId": "string", "image": "c3RyaW5n", "imageRef": "http://imageserver.com/image?id=00003", "captureDate": "2019-05-21T12:00:00Z", "captureDevice": "string", "impressionType": "LIVE_SCAN_PLAIN", "width": 1, "height": 1, "bitdepth": 1, "mimeType": "string", "resolution": 1, "compression": "WSQ", "missing": [ { "biometricSubType": "RIGHT_INDEX", "presence": "BANDAGED" } ], "metadata": "string", "comment": "string", "template": "c3RyaW5n", "templateRef": "http://dataserver.com/template?id=00014", "templateFormat": "string", "quality": 1, "qualityFormat": "string", "algorithm": "string", "vendor": "string" } ], "credentialIds": [ "string" ] }
Example response:
HTTP/1.1 400 Bad Request Content-Type: application/json { "code": 1, "message": "string" }
Example response:
HTTP/1.1 500 Internal Server Error Content-Type: application/json { "code": 1, "message": "string" }
- PUT /v1/credentialRequests/{credentialRequestId}¶
Update a credential request
Scope required:
cms.request.write
- Parameters:
credentialRequestId (string) – the id of the credential request. Object of type string.
- Query Parameters:
transactionId (string) – The id of the transaction. Object of type string. (Required)
- Form Parameters:
body – Object of type CredentialRequest.
- Status Codes:
204 No Content – Update successful.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Update not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.
Example request:
PUT /v1/credentialRequests/string?transactionId=string HTTP/1.1 Host: example.com Content-Type: application/json { "status": "PENDING", "requestData": { "priority": 1, "credentialProfileId": "ABC", "requestType": "FIRST_ISSUANCE", "validFromDate": "2020-10-08T18:38:56Z", "validToDate": "2025-10-08T18:38:56Z", "issuingAuthority": "OSIA", "deliveryAddress": { "address1": "11 Rue des Rosiers", "city": "Libourne", "postalCode": "33500", "country": "France" } }, "personId": "string", "biographicData": { "firstName": "John", "lastName": "Doo", "dateOfBirth": "1985-11-30", "gender": "M", "nationality": "FRA", "...": "..." }, "biometricData": [ { "biometricType": "FINGER", "biometricSubType": "RIGHT_INDEX", "instance": "string", "encounterId": "string", "image": "c3RyaW5n", "imageRef": "http://imageserver.com/image?id=00003", "captureDate": "2019-05-21T12:00:00Z", "captureDevice": "string", "impressionType": "LIVE_SCAN_PLAIN", "width": 1, "height": 1, "bitdepth": 1, "mimeType": "string", "resolution": 1, "compression": "WSQ", "missing": [ { "biometricSubType": "RIGHT_INDEX", "presence": "BANDAGED" } ], "metadata": "string", "comment": "string", "template": "c3RyaW5n", "templateRef": "http://dataserver.com/template?id=00014", "templateFormat": "string", "quality": 1, "qualityFormat": "string", "algorithm": "string", "vendor": "string" } ] }
Example response:
HTTP/1.1 400 Bad Request Content-Type: application/json { "code": 1, "message": "string" }
Example response:
HTTP/1.1 500 Internal Server Error Content-Type: application/json { "code": 1, "message": "string" }
- POST /v1/credentialRequests/{credentialRequestId}/cancel¶
Cancel a credential request
Scope required:
cms.request.write
- Parameters:
credentialRequestId (string) – the id of the credential request. Object of type string.
- Query Parameters:
transactionId (string) – The id of the transaction. Object of type string. (Required)
- Status Codes:
204 No Content – Cancel successful.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Cancel not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.
Example response:
HTTP/1.1 400 Bad Request Content-Type: application/json { "code": 1, "message": "string" }
Example response:
HTTP/1.1 500 Internal Server Error Content-Type: application/json { "code": 1, "message": "string" }
7.7.1.2. Credential¶
- POST /v1/credentials¶
Retrieve a list of credentials that match the given search criteria
Scope required:
cms.credential.read
- Query Parameters:
attributes (array) – The (optional) set of required attributes to retrieve. Array of string.
transactionId (string) – The id of the transaction. Object of type string. (Required)
- Form Parameters:
body – Array of Expression.
- Status Codes:
200 OK – Read successful. Array of CredentialData.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Read not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.
Example request:
POST /v1/credentials?attributes=%5B%27string%27%5D&transactionId=string HTTP/1.1 Host: example.com Content-Type: application/json [ { "attributeName": "string", "operator": "<", "value": "string" } ]
Example response:
HTTP/1.1 200 OK Content-Type: application/json [ { "credentialId": "string", "status": "NEW", "statusOther": "string", "credentialNumber": "string", "personId": "string", "credentialProfileId": "string", "issuedDate": "2024-10-30T17:16:21.316059", "expiryDate": "2024-10-30T17:16:21.316059", "serialNumber": "string", "issuingAuthority": "string", "issuingPlace": "string", "others": { "...": "..." } } ]
Example response:
HTTP/1.1 400 Bad Request Content-Type: application/json { "code": 1, "message": "string" }
Example response:
HTTP/1.1 500 Internal Server Error Content-Type: application/json { "code": 1, "message": "string" }
- GET /v1/credentials/{credentialId}¶
Read a credential
Scope required:
cms.credential.read
- Parameters:
credentialId (string) – the id of the credential. Object of type string.
- Query Parameters:
attributes (array) – The (optional) set of required attributes to retrieve. Array of string.
transactionId (string) – The id of the transaction. Object of type string. (Required)
- Status Codes:
200 OK – Read successful. Object of type CredentialData.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Read not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.
Example request:
GET /v1/credentials/string?attributes=%5B%27string%27%5D&transactionId=string HTTP/1.1 Host: example.com
Example response:
HTTP/1.1 200 OK Content-Type: application/json { "credentialId": "string", "status": "NEW", "statusOther": "string", "credentialNumber": "string", "personId": "string", "credentialProfileId": "string", "issuedDate": "2024-10-30T17:16:21.316059", "expiryDate": "2024-10-30T17:16:21.316059", "serialNumber": "string", "issuingAuthority": "string", "issuingPlace": "string", "others": { "...": "..." } }
Example response:
HTTP/1.1 400 Bad Request Content-Type: application/json { "code": 1, "message": "string" }
Example response:
HTTP/1.1 500 Internal Server Error Content-Type: application/json { "code": 1, "message": "string" }
- POST /v1/credentials/{credentialId}/suspend¶
Suspend a credential
Scope required:
cms.credential.write
- Parameters:
credentialId (string) – the id of the credential. Object of type string.
- Query Parameters:
transactionId (string) – The id of the transaction. Object of type string. (Required)
- JSON Parameters:
reason (string) – the reason for suspension
- Status Codes:
204 No Content – Update successful.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Update not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.
Example request:
POST /v1/credentials/string/suspend?transactionId=string HTTP/1.1 Host: example.com Content-Type: application/json { "reason": "string" }
Example response:
HTTP/1.1 400 Bad Request Content-Type: application/json { "code": 1, "message": "string" }
Example response:
HTTP/1.1 500 Internal Server Error Content-Type: application/json { "code": 1, "message": "string" }
- POST /v1/credentials/{credentialId}/unsuspend¶
Unsuspend a credential
Scope required:
cms.credential.write
- Parameters:
credentialId (string) – the id of the credential. Object of type string.
- Query Parameters:
transactionId (string) – The id of the transaction. Object of type string. (Required)
- JSON Parameters:
reason (string) – the reason for unsuspension
- Status Codes:
204 No Content – Update successful.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Update not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.
Example request:
POST /v1/credentials/string/unsuspend?transactionId=string HTTP/1.1 Host: example.com Content-Type: application/json { "reason": "string" }
Example response:
HTTP/1.1 400 Bad Request Content-Type: application/json { "code": 1, "message": "string" }
Example response:
HTTP/1.1 500 Internal Server Error Content-Type: application/json { "code": 1, "message": "string" }
- POST /v1/credentials/{credentialId}/revoke¶
Revoke a credential
Scope required:
cms.credential.write
- Parameters:
credentialId (string) – the id of the credential. Object of type string.
- Query Parameters:
transactionId (string) – The id of the transaction. Object of type string. (Required)
- JSON Parameters:
reason (string) – the reason for revocation
- Status Codes:
204 No Content – Update successful.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Update not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.
Example request:
POST /v1/credentials/string/revoke?transactionId=string HTTP/1.1 Host: example.com Content-Type: application/json { "reason": "string" }
Example response:
HTTP/1.1 400 Bad Request Content-Type: application/json { "code": 1, "message": "string" }
Example response:
HTTP/1.1 500 Internal Server Error Content-Type: application/json { "code": 1, "message": "string" }
- POST /v1/credentials/{credentialId}/status¶
Change the status of a credential
Scope required:
cms.credential.write
- Parameters:
credentialId (string) – the id of the credential. Object of type string.
- Query Parameters:
transactionId (string) – The id of the transaction. Object of type string. (Required)
- JSON Parameters:
status (string) – The new status of the credential
reason (string) – The reason for the change of status
requester (string) – The ID/name of the entity requesting the change
comment (string) – A free comment
- Status Codes:
204 No Content – Operation successful.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Operation not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.
Example request:
POST /v1/credentials/string/status?transactionId=string HTTP/1.1 Host: example.com Content-Type: application/json { "status": "string", "reason": "string", "requester": "string", "comment": "string" }
Example response:
HTTP/1.1 400 Bad Request Content-Type: application/json { "code": 1, "message": "string" }
Example response:
HTTP/1.1 500 Internal Server Error Content-Type: application/json { "code": 1, "message": "string" }
7.7.1.3. Credential Profile¶
- POST /v1/credentialProfiles¶
Retrieve a list of credential profiles that match the given search criteria
Scope required:
cms.profile.read
- Query Parameters:
attributes (array) – The (optional) set of required attributes to retrieve. Array of string.
transactionId (string) – The id of the transaction. Object of type string. (Required)
- Form Parameters:
body – Array of Expression.
- Status Codes:
200 OK – Read successful. Array of CredentialProfile.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Read not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.
Example request:
POST /v1/credentialProfiles?attributes=%5B%27string%27%5D&transactionId=string HTTP/1.1 Host: example.com Content-Type: application/json [ { "attributeName": "string", "operator": "<", "value": "string" } ]
Example response:
HTTP/1.1 200 OK Content-Type: application/json [ { "credentialProfileId": "string", "name": "string", "description": "string", "credentialType": "SMARTCARD", "defaultLifetime": 1 } ]
Example response:
HTTP/1.1 400 Bad Request Content-Type: application/json { "code": 1, "message": "string" }
Example response:
HTTP/1.1 500 Internal Server Error Content-Type: application/json { "code": 1, "message": "string" }
7.7.2. Data Model¶
7.7.2.1. Error¶
Attribute |
Type |
Description |
Required |
---|---|---|---|
|
integer/int32 |
Error code. |
Yes |
|
string |
Error message. |
Yes |
7.7.2.2. Address¶
Attribute |
Type |
Description |
Required |
---|---|---|---|
|
string |
the first line of the address. |
|
|
string |
the second line of the address. |
|
|
string |
the city of the address. |
|
|
string |
the state of the address. |
|
|
string |
the postal code of the address. |
|
|
string |
the country of the address. |
|
|
Additional properties |
Example #1:
{
"address1": "11 Rue des Rosiers",
"address2": "1st floor",
"city": "Libourne",
"state": "Gironde",
"postalCode": "33500",
"country": "France"
}
7.7.2.3. BiographicData¶
The set of biographic data.
Attribute |
Type |
Description |
Required |
---|---|---|---|
|
Additional properties |
Example #1:
{
"firstName": "John",
"lastName": "Doo",
"dateOfBirth": "1985-11-30",
"gender": "M",
"nationality": "FRA"
}
7.7.2.4. BiometricData¶
Attribute |
Type |
Description |
Required |
---|---|---|---|
|
string |
Constraints: possible values are |
Yes |
|
string |
Constraints: possible values are |
|
|
string |
Used to separate two distincts biometric items of the same type and subtype. |
|
|
string |
the id of the encounter owner of this biometric. |
|
|
string/byte |
Base64-encoded image. |
|
|
string/uri |
URI to an image. |
|
|
string/date-time |
||
|
string |
A string identifying the device used to capture the biometric. |
|
|
string |
Constraints: possible values are |
|
|
integer |
the width of the image. |
|
|
integer |
the height of the image. |
|
|
integer |
||
|
string |
the nature and format of the image. The mime type definitions should be in compliance with RFC 6838. |
|
|
integer |
the image resolution (in DPI). |
|
|
string |
Constraints: possible values are |
|
|
Array of MissingType |
Optional properties indicating if a part of the biometric data is missing. |
|
|
string |
An optional string used to convey information vendor-specific. |
|
|
string |
A comment about the biometric data. |
|
|
string/byte |
Base64-encoded template. |
|
|
string/uri |
URI to the template when it is managed in a dedicated data server. |
|
|
string |
Format of the template. One of ISO_19794_2, ISO_19794_2_NS, ISO_19794_2_CS, ISO_19794_2_2011, ANSI_378_2009 or ANSI_378. Can be extended to include additional proprietary template format |
|
|
integer/int64 |
Quality, as a number, of the biometric. |
|
|
string |
Format of the quality. One of ISO_19794, NFIQ, or NFIQ2. Can be extended to include additional proprietary quality format |
|
|
string |
||
|
string |
7.7.2.5. MissingType¶
Attribute |
Type |
Description |
Required |
---|---|---|---|
|
string |
Constraints: possible values are |
|
|
string |
Constraints: possible values are |
7.7.2.6. RequestData¶
The data describing the request itself
Attribute |
Type |
Description |
Required |
---|---|---|---|
|
integer |
the request priority (0: lowest priority; 9: highest priority). |
Yes |
|
string |
The id of the credential profile to request. |
Yes |
|
string |
The type of request, e.g. first issuance, renewal, etc. Constraints: possible values are |
Yes |
|
string |
Details about the request type when OTHER is selected. |
|
|
string/date-time |
May be used to override the default start date of the requested credential. This must only be later than the current date, not earlier. |
|
|
string/date-time |
May be used to override the default expiry date of the requested credential. This must only be earlier than the default expiry, not later. |
|
|
string |
Number to be used for the new credentials created. It can be used for example when requesting a digital credential sharing the same number with a physical credential, or when the number is not created by the issuance system. |
|
|
string |
||
|
string |
Single code or name identifying the office where the credential has to be delivered. |
|
|
Object of type Address |
||
|
string |
The ID credential used as a reference, or parent, to build a new one. |
|
|
Additional properties |
Example #1:
{
"priority": 1,
"credentialProfileId": "ABC",
"requestType": "FIRST_ISSUANCE",
"validFromDate": "2020-10-08T18:38:56Z",
"validToDate": "2025-10-08T18:38:56Z",
"issuingAuthority": "OSIA",
"deliveryAddress": {
"address1": "11 Rue des Rosiers",
"city": "Libourne",
"postalCode": "33500",
"country": "France"
}
}
7.7.2.7. CredentialRequest¶
A request for a credential
Attribute |
Type |
Description |
Required |
---|---|---|---|
|
string |
The unique id of this credential request. Constraints: read only |
|
|
string |
Constraints: possible values are |
|
|
Object of type RequestData |
The data describing the request itself. |
Yes |
|
string |
The id of the person who is the target of the request. |
Yes |
|
Object of type BiographicData |
The set of biographic data. |
Yes |
|
Array of BiometricData |
||
|
Array of string |
The id of the credentials created for this request. The unique id of the credential. Constraints: read only |
7.7.2.8. CredentialData¶
A credential
Attribute |
Type |
Description |
Required |
---|---|---|---|
|
string |
The unique id for this credential. Constraints: read only |
Yes |
|
string |
The status of the credential. Constraints: possible values are |
Yes |
|
string |
Details about the status when OTHER is used. Constraints: read only |
|
|
string |
The number attached to the credential (ex: passport number). |
|
|
string |
The unique id of the person that the credential request is for. |
Yes |
|
string |
The unique id of the credential profile. |
Yes |
|
string/date-time |
The date and time that this credential was issued. |
|
|
string/date-time |
The date and time that this credential expires. |
|
|
string |
the serial number of the credential. |
|
|
string |
The authority issuing the credential (ex: the Ministry of Interior). |
|
|
string |
The place where the credential was issued (ex: Paris). |
|
|
Additional properties |
7.7.2.9. CredentialProfile¶
A credential profile
Attribute |
Type |
Description |
Required |
---|---|---|---|
|
string |
The unique id for this credential profile. |
|
|
string |
The name of the credential profile. |
|
|
string |
The description of the credential profile. |
|
|
string |
The type of credential that this profile will issue. Constraints: possible values are |
|
|
integer |
The default number of days that this credential will be considered valid for after issuance. |
7.7.2.10. Expression¶
Attribute |
Type |
Description |
Required |
---|---|---|---|
|
string |
Yes |
|
|
string |
Constraints: possible values are |
Yes |
|
One of string, integer, number, boolean |
Yes |
7.7.2.11. Expressions¶
Attribute |
Type |
Description |
Required |
---|---|---|---|
N/A |
Array of Expression |