6.7. Credential Services¶

This is version 1.3.0 of this interface.

Get the OpenAPI file: cms.yaml

6.7.1. Services¶

6.7.1.1. Credential Request¶

POST /v1/credentialRequests/{credentialRequestId}¶

Create a request for a credential

Scope required: cms.request.write

Parameters:

credentialRequestId (string) – the id of the credential request. Object of type string.

Query Parameters:

transactionId (string) – The id of the transaction. Object of type string. (Required)

Form Parameters:

body – Object of type CredentialRequest.

Status Codes:

201 Created – Operation successful.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Operation not allowed.
409 Conflict – Creation not allowed, credentialRequestId already exists.
500 Internal Server Error – Unexpected error. Object of type Error.

Example request:

POST /v1/credentialRequests/string?transactionId=string HTTP/1.1
Host: example.com
Content-Type: application/json

{
    "status": "PENDING",
    "requestData": {
        "priority": 1,
        "credentialProfileId": "ABC",
        "requestType": "FIRST_ISSUANCE",
        "validFromDate": "2020-10-08T18:38:56Z",
        "validToDate": "2025-10-08T18:38:56Z",
        "issuingAuthority": "OSIA",
        "deliveryAddress": {
            "address1": "11 Rue des Rosiers",
            "city": "Libourne",
            "postalCode": "33500",
            "country": "France"
        }
    },
    "personId": "string",
    "biographicData": {
        "firstName": "John",
        "lastName": "Doo",
        "dateOfBirth": "1985-11-30",
        "gender": "M",
        "nationality": "FRA",
        "...": "..."
    },
    "biometricData": [
        {
            "biometricType": "FINGER",
            "biometricSubType": "RIGHT_INDEX",
            "instance": "string",
            "encounterId": "string",
            "image": "string",
            "imageRef": "http://imageserver.com/image?id=00003",
            "captureDate": "2019-05-21T12:00:00+01:00",
            "captureDevice": "string",
            "impressionType": "LIVE_SCAN_PLAIN",
            "width": 1,
            "height": 1,
            "bitdepth": 1,
            "mimeType": "string",
            "resolution": 1,
            "compression": "WSQ",
            "missing": [
                {
                    "biometricSubType": "RIGHT_INDEX",
                    "presence": "BANDAGED"
                }
            ],
            "metadata": "string",
            "comment": "string",
            "template": "string",
            "templateRef": "http://dataserver.com/template?id=00014",
            "templateFormat": "string",
            "quality": 1,
            "qualityFormat": "string",
            "algorithm": "string",
            "vendor": "string",
            "encryption": {
                "type": "JWE",
                "scope": "string"
            },
            "integrity": [
                {
                    "id": "string",
                    "type": "NONE",
                    "scope": "string",
                    "alg": "string",
                    "encrypted": false,
                    "followRef": false,
                    "hash": "string",
                    "signature": "string",
                    "signatureRef": "https://objectserver.com/signature?id=00003"
                }
            ]
        }
    ],
    "encryption": {
        "type": "JWE",
        "scope": "string"
    },
    "integrity": [
        {
            "id": "string",
            "type": "NONE",
            "scope": "string",
            "alg": "string",
            "encrypted": false,
            "followRef": false,
            "hash": "string",
            "signature": "string",
            "signatureRef": "https://objectserver.com/signature?id=00003"
        }
    ]
}

Example response:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

Example response:

HTTP/1.1 500 Internal Server Error
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

GET /v1/credentialRequests/{credentialRequestId}¶

Read a credential request

Scope required: cms.request.read

Parameters:

credentialRequestId (string) – the id of the credential request. Object of type string.

Query Parameters:

attributes (array) – The (optional) set of attributes to retrieve. Array of string.
transactionId (string) – The id of the transaction. Object of type string. (Required)

Status Codes:

200 OK – Read successful. Object of type CredentialRequest.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Read not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.

Example request:

GET /v1/credentialRequests/string?attributes=%5B%27string%27%5D&transactionId=string HTTP/1.1
Host: example.com

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

{
    "credentialRequestId": "string",
    "status": "PENDING",
    "requestData": {
        "priority": 1,
        "credentialProfileId": "ABC",
        "requestType": "FIRST_ISSUANCE",
        "validFromDate": "2020-10-08T18:38:56Z",
        "validToDate": "2025-10-08T18:38:56Z",
        "issuingAuthority": "OSIA",
        "deliveryAddress": {
            "address1": "11 Rue des Rosiers",
            "city": "Libourne",
            "postalCode": "33500",
            "country": "France"
        }
    },
    "personId": "string",
    "biographicData": {
        "firstName": "John",
        "lastName": "Doo",
        "dateOfBirth": "1985-11-30",
        "gender": "M",
        "nationality": "FRA",
        "...": "..."
    },
    "biometricData": [
        {
            "biometricType": "FINGER",
            "biometricSubType": "RIGHT_INDEX",
            "instance": "string",
            "encounterId": "string",
            "image": "string",
            "imageRef": "http://imageserver.com/image?id=00003",
            "captureDate": "2019-05-21T12:00:00+01:00",
            "captureDevice": "string",
            "impressionType": "LIVE_SCAN_PLAIN",
            "width": 1,
            "height": 1,
            "bitdepth": 1,
            "mimeType": "string",
            "resolution": 1,
            "compression": "WSQ",
            "missing": [
                {
                    "biometricSubType": "RIGHT_INDEX",
                    "presence": "BANDAGED"
                }
            ],
            "metadata": "string",
            "comment": "string",
            "template": "string",
            "templateRef": "http://dataserver.com/template?id=00014",
            "templateFormat": "string",
            "quality": 1,
            "qualityFormat": "string",
            "algorithm": "string",
            "vendor": "string",
            "encryption": {
                "type": "JWE",
                "scope": "string"
            },
            "integrity": [
                {
                    "id": "string",
                    "type": "NONE",
                    "scope": "string",
                    "alg": "string",
                    "encrypted": false,
                    "followRef": false,
                    "hash": "string",
                    "signature": "string",
                    "signatureRef": "https://objectserver.com/signature?id=00003"
                }
            ]
        }
    ],
    "credentialIds": [
        "string"
    ],
    "encryption": {
        "type": "JWE",
        "scope": "string"
    },
    "integrity": [
        {
            "id": "string",
            "type": "NONE",
            "scope": "string",
            "alg": "string",
            "encrypted": false,
            "followRef": false,
            "hash": "string",
            "signature": "string",
            "signatureRef": "https://objectserver.com/signature?id=00003"
        }
    ]
}

Example response:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

Example response:

HTTP/1.1 500 Internal Server Error
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

PUT /v1/credentialRequests/{credentialRequestId}¶

Update a credential request

Scope required: cms.request.write

Parameters:

credentialRequestId (string) – the id of the credential request. Object of type string.

Query Parameters:

transactionId (string) – The id of the transaction. Object of type string. (Required)

Form Parameters:

body – Object of type CredentialRequest.

Status Codes:

204 No Content – Update successful.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Update not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.

Example request:

PUT /v1/credentialRequests/string?transactionId=string HTTP/1.1
Host: example.com
Content-Type: application/json

{
    "status": "PENDING",
    "requestData": {
        "priority": 1,
        "credentialProfileId": "ABC",
        "requestType": "FIRST_ISSUANCE",
        "validFromDate": "2020-10-08T18:38:56Z",
        "validToDate": "2025-10-08T18:38:56Z",
        "issuingAuthority": "OSIA",
        "deliveryAddress": {
            "address1": "11 Rue des Rosiers",
            "city": "Libourne",
            "postalCode": "33500",
            "country": "France"
        }
    },
    "personId": "string",
    "biographicData": {
        "firstName": "John",
        "lastName": "Doo",
        "dateOfBirth": "1985-11-30",
        "gender": "M",
        "nationality": "FRA",
        "...": "..."
    },
    "biometricData": [
        {
            "biometricType": "FINGER",
            "biometricSubType": "RIGHT_INDEX",
            "instance": "string",
            "encounterId": "string",
            "image": "string",
            "imageRef": "http://imageserver.com/image?id=00003",
            "captureDate": "2019-05-21T12:00:00+01:00",
            "captureDevice": "string",
            "impressionType": "LIVE_SCAN_PLAIN",
            "width": 1,
            "height": 1,
            "bitdepth": 1,
            "mimeType": "string",
            "resolution": 1,
            "compression": "WSQ",
            "missing": [
                {
                    "biometricSubType": "RIGHT_INDEX",
                    "presence": "BANDAGED"
                }
            ],
            "metadata": "string",
            "comment": "string",
            "template": "string",
            "templateRef": "http://dataserver.com/template?id=00014",
            "templateFormat": "string",
            "quality": 1,
            "qualityFormat": "string",
            "algorithm": "string",
            "vendor": "string",
            "encryption": {
                "type": "JWE",
                "scope": "string"
            },
            "integrity": [
                {
                    "id": "string",
                    "type": "NONE",
                    "scope": "string",
                    "alg": "string",
                    "encrypted": false,
                    "followRef": false,
                    "hash": "string",
                    "signature": "string",
                    "signatureRef": "https://objectserver.com/signature?id=00003"
                }
            ]
        }
    ],
    "encryption": {
        "type": "JWE",
        "scope": "string"
    },
    "integrity": [
        {
            "id": "string",
            "type": "NONE",
            "scope": "string",
            "alg": "string",
            "encrypted": false,
            "followRef": false,
            "hash": "string",
            "signature": "string",
            "signatureRef": "https://objectserver.com/signature?id=00003"
        }
    ]
}

Example response:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

Example response:

HTTP/1.1 500 Internal Server Error
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

POST /v1/credentialRequests/{credentialRequestId}/cancel¶

Cancel a credential request

Scope required: cms.request.write

Parameters:

credentialRequestId (string) – the id of the credential request. Object of type string.

Query Parameters:

transactionId (string) – The id of the transaction. Object of type string. (Required)

Status Codes:

204 No Content – Cancel successful.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Cancel not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.

Example response:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

Example response:

HTTP/1.1 500 Internal Server Error
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

6.7.1.2. Credential¶

POST /v1/credentials¶

Retrieve a list of credentials that match the given search criteria

Scope required: cms.credential.read

Query Parameters:

attributes (array) – The (optional) set of required attributes to retrieve. Array of string.
transactionId (string) – The id of the transaction. Object of type string. (Required)

Form Parameters:

body – Array of Expression.

Status Codes:

200 OK – Read successful. Array of CredentialData.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Read not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.

Example request:

POST /v1/credentials?attributes=%5B%27string%27%5D&transactionId=string HTTP/1.1
Host: example.com
Content-Type: application/json

[
    {
        "attributeName": "string",
        "operator": "<",
        "value": "string"
    }
]

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

[
    {
        "credentialId": "string",
        "status": "NEW",
        "statusOther": "string",
        "credentialNumber": "string",
        "personId": "string",
        "credentialProfileId": "string",
        "credentialProfileVersion": "string",
        "credentialProfileSubtype": "string",
        "numberOfPages": 1,
        "issuedDate": "2025-12-25T12:00:00",
        "expiryDate": "2035-12-25T12:00:00",
        "serialNumber": "string",
        "issuingAuthority": "string",
        "issuingPlace": "string",
        "others": {
            "...": "..."
        }
    }
]

Example response:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

Example response:

HTTP/1.1 500 Internal Server Error
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

GET /v1/credentials/{credentialId}¶

Read a credential

Scope required: cms.credential.read

Parameters:

credentialId (string) – the id of the credential. Object of type string.

Query Parameters:

attributes (array) – The (optional) set of required attributes to retrieve. Array of string.
transactionId (string) – The id of the transaction. Object of type string. (Required)

Status Codes:

200 OK – Read successful. Object of type CredentialData.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Read not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.

Example request:

GET /v1/credentials/string?attributes=%5B%27string%27%5D&transactionId=string HTTP/1.1
Host: example.com

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

{
    "credentialId": "string",
    "status": "NEW",
    "statusOther": "string",
    "credentialNumber": "string",
    "personId": "string",
    "credentialProfileId": "string",
    "credentialProfileVersion": "string",
    "credentialProfileSubtype": "string",
    "numberOfPages": 1,
    "issuedDate": "2025-12-25T12:00:00",
    "expiryDate": "2035-12-25T12:00:00",
    "serialNumber": "string",
    "issuingAuthority": "string",
    "issuingPlace": "string",
    "others": {
        "...": "..."
    }
}

Example response:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

Example response:

HTTP/1.1 500 Internal Server Error
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

PUT /v1/credentials/{credentialId}¶

Update a credential

Scope required: cms.credential.write

Parameters:

credentialId (string) – the id of the credential. Object of type string.

Query Parameters:

transactionId (string) – The id of the transaction. Object of type string. (Required)

Form Parameters:

body – Object of type CredentialData.

Status Codes:

204 No Content – Update successful.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Operation not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.

Example request:

PUT /v1/credentials/string?transactionId=string HTTP/1.1
Host: example.com
Content-Type: application/json

{
    "expiryDate": "2035-12-25T12:00:00",
    "issuingAuthority": "string",
    "issuingPlace": "string",
    "others": {
        "...": "..."
    }
}

Example response:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

Example response:

HTTP/1.1 500 Internal Server Error
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

POST /v1/credentials/{credentialId}/suspend¶

Suspend a credential

Scope required: cms.credential.write

Parameters:

credentialId (string) – the id of the credential. Object of type string.

Query Parameters:

transactionId (string) – The id of the transaction. Object of type string. (Required)

JSON Parameters:

reason (string) – the reason for suspension

Status Codes:

204 No Content – Update successful.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Update not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.

Example request:

POST /v1/credentials/string/suspend?transactionId=string HTTP/1.1
Host: example.com
Content-Type: application/json

{
    "reason": "string",
    "...": "..."
}

Example response:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

Example response:

HTTP/1.1 500 Internal Server Error
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

POST /v1/credentials/{credentialId}/unsuspend¶

Unsuspend a credential

Scope required: cms.credential.write

Parameters:

credentialId (string) – the id of the credential. Object of type string.

Query Parameters:

transactionId (string) – The id of the transaction. Object of type string. (Required)

JSON Parameters:

reason (string) – the reason for unsuspension

Status Codes:

204 No Content – Update successful.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Update not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.

Example request:

POST /v1/credentials/string/unsuspend?transactionId=string HTTP/1.1
Host: example.com
Content-Type: application/json

{
    "reason": "string",
    "...": "..."
}

Example response:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

Example response:

HTTP/1.1 500 Internal Server Error
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

POST /v1/credentials/{credentialId}/revoke¶

Revoke a credential

Scope required: cms.credential.write

Parameters:

credentialId (string) – the id of the credential. Object of type string.

Query Parameters:

transactionId (string) – The id of the transaction. Object of type string. (Required)

JSON Parameters:

reason (string) – the reason for revocation

Status Codes:

204 No Content – Update successful.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Update not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.

Example request:

POST /v1/credentials/string/revoke?transactionId=string HTTP/1.1
Host: example.com
Content-Type: application/json

{
    "reason": "string",
    "...": "..."
}

Example response:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

Example response:

HTTP/1.1 500 Internal Server Error
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

POST /v1/credentials/{credentialId}/status¶

Change the status of a credential

Scope required: cms.credential.write

Parameters:

credentialId (string) – the id of the credential. Object of type string.

Query Parameters:

transactionId (string) – The id of the transaction. Object of type string. (Required)

JSON Parameters:

status (string) – The new status of the credential
reason (string) – The reason for the change of status
requester (string) – The ID/name of the entity requesting the change
comment (string) – A free comment

Status Codes:

204 No Content – Operation successful.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Operation not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.

Example request:

POST /v1/credentials/string/status?transactionId=string HTTP/1.1
Host: example.com
Content-Type: application/json

{
    "status": "string",
    "reason": "string",
    "requester": "string",
    "comment": "string",
    "...": "..."
}

Example response:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

Example response:

HTTP/1.1 500 Internal Server Error
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

6.7.1.3. Credential Profile¶

POST /v1/credentialProfiles¶

Retrieve a list of credential profiles that match the given search criteria

Scope required: cms.profile.read

Query Parameters:

attributes (array) – The (optional) set of required attributes to retrieve. Array of string.
transactionId (string) – The id of the transaction. Object of type string. (Required)

Form Parameters:

body – Array of Expression.

Status Codes:

200 OK – Read successful. Array of CredentialProfile.
400 Bad Request – Bad request. Object of type Error.
403 Forbidden – Read not allowed.
404 Not Found – Unknown record.
500 Internal Server Error – Unexpected error. Object of type Error.

Example request:

POST /v1/credentialProfiles?attributes=%5B%27string%27%5D&transactionId=string HTTP/1.1
Host: example.com
Content-Type: application/json

[
    {
        "attributeName": "string",
        "operator": "<",
        "value": "string"
    }
]

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

[
    {
        "credentialProfileId": "string",
        "name": "string",
        "description": "string",
        "credentialType": "SMARTCARD",
        "defaultLifetime": 1,
        "credentialProfileVersion": "string",
        "credentialProfileSubtype": "string",
        "numberOfPages": 1
    }
]

Example response:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

Example response:

HTTP/1.1 500 Internal Server Error
Content-Type: application/json

{
    "code": 1,
    "message": "string"
}

6.7.2. Data Model¶

6.7.2.1. Error¶

Table 6.42 Error¶
Attribute	Type	Description	Required
`code`	integer/int32	Error code.	Yes
`message`	string	Error message.	Yes

6.7.2.2. Encryption¶

if present, indicates that a part of the data is encrypted using the provided format.

Table 6.43 Encryption¶
Attribute	Type	Description	Required
`type`	string	Constraints: possible values are `JWE`, `PKCS7`	Yes
`scope`	string	A whitespace-separated list of JSON paths to nodes containing encrypted data. For each node: If the node is a JSON object, the full content is encrypted and the node transformed to a single buffer. Canonicalization is recommended before encryption but not mandatory. If the node is an embedded buffer (image, PDF, etc.), the value is replaced with the encrypted data. If the node is a URL to a buffer, the node remains a URL in clear format but the pointed buffer is encrypted.	Yes

6.7.2.3. Integrity¶

Object describing the integrity (hash and signature) of a sub set of data.

It is possible to calculate multiple integrity blocks corresponding to different use cases: integrity before encryption, integrity limited to a small sub set of data and easy to check, etc.

Table 6.44 Integrity¶
Attribute	Type	Description	Required
`id`	string	An optional ID used in JSONPath expression to select a single integrity object.
`type`	string	Format of the signature of the hash. Cryptographic signature is optional. Use NONE when only the hash is required. Default: `"NONE"`. Constraints: possible values are `NONE`, `JWS`, `PKCS7`
`scope`	string	A whitespace-separated list of JSON paths to nodes containing the data to include in the hash calculation. It is used to build a JSON limited to the nodes identified in this scope. Then this JSON is canonicalized and a hash is calculated.	Yes
`alg`	string	Hash algorithm used to calculate the hash. Example of possible values: SHA256, SHA384, SHA512.	Yes
`encrypted`	boolean	if true, indicates that the hash was calculated using encrypted data. Default: `false`.
`followRef`	boolean	if true, indicates that the referenced buffers must be fetched and included in the hash. If false, only the URL is considered for the hash calculation Default: `false`.
`hash`	string	Hash calculated from the attributes listed in scope. Hash is calculated using the following process: Build an intermediate JSON containing only the fields identified in the scope Canonicalize the JSON using RFC8785 Hash the result If ‘followRef’ is true, include in the hash computation the binary data referenced by URI included in the scope.	Yes
`signature`	string	the signature of the hash. Compact format is used for JWS and PEM format for PKCS7.
`signatureRef`	string/uri	URI to the signature data. DER format is accepted for PKCS7 to optimize the storage space.

6.7.2.4. Address¶

Table 6.45 Address¶
Attribute	Type	Description
`address1`	string	the first line of the address.
`address2`	string	the second line of the address.
`city`	string	the city of the address.
`state`	string	the state of the address.
`postalCode`	string	the postal code of the address.
`country`	string	the country of the address.
`others.*`		Additional properties

Example #1:

{
  "address1": "11 Rue des Rosiers",
  "address2": "1st floor",
  "city": "Libourne",
  "state": "Gironde",
  "postalCode": "33500",
  "country": "France"
}

6.7.2.5. BiographicData¶

The set of biographic data.

Table 6.46 BiographicData¶
Attribute	Type	Description	Required
`*`		Additional properties

Example #1:

{
  "firstName": "John",
  "lastName": "Doo",
  "dateOfBirth": "1985-11-30",
  "gender": "M",
  "nationality": "FRA"
}

6.7.2.6. BiometricData¶

Table 6.47 BiometricData¶
Attribute	Type	Description	Required
`biometricType`	string	Constraints: possible values are `FACE`, `FINGER`, `IRIS`, `SIGNATURE`, `UNKNOWN`	Yes
`biometricSubType`	string	Constraints: possible values are `UNKNOWN`, `RIGHT_THUMB`, `RIGHT_INDEX`, `RIGHT_MIDDLE`, `RIGHT_RING`, `RIGHT_LITTLE`, `LEFT_THUMB`, `LEFT_INDEX`, `LEFT_MIDDLE`, `LEFT_RING`, `LEFT_LITTLE`, `PLAIN_RIGHT_FOUR_FINGERS`, `PLAIN_LEFT_FOUR_FINGERS`, `PLAIN_THUMBS`, `UNKNOWN_PALM`, `RIGHT_FULL_PALM`, `RIGHT_WRITERS_PALM`, `LEFT_FULL_PALM`, `LEFT_WRITERS_PALM`, `RIGHT_LOWER_PALM`, `RIGHT_UPPER_PALM`, `LEFT_LOWER_PALM`, `LEFT_UPPER_PALM`, `RIGHT_OTHER`, `LEFT_OTHER`, `RIGHT_INTERDIGITAL`, `RIGHT_THENAR`, `RIGHT_HYPOTHENAR`, `LEFT_INTERDIGITAL`, `LEFT_THENAR`, `LEFT_HYPOTHENAR`, `RIGHT_INDEX_AND_MIDDLE`, `RIGHT_MIDDLE_AND_RING`, `RIGHT_RING_AND_LITTLE`, `LEFT_INDEX_AND_MIDDLE`, `LEFT_MIDDLE_AND_RING`, `LEFT_RING_AND_LITTLE`, `RIGHT_INDEX_AND_LEFT_INDEX`, `RIGHT_INDEX_AND_MIDDLE_AND_RING`, `RIGHT_MIDDLE_AND_RING_AND_LITTLE`, `LEFT_INDEX_AND_MIDDLE_AND_RING`, `LEFT_MIDDLE_AND_RING_AND_LITTLE`, `EYE_UNDEF`, `EYE_RIGHT`, `EYE_LEFT`, `EYE_BOTH`, `PORTRAIT`, `LEFT_PROFILE`, `RIGHT_PROFILE`
`instance`	string	Used to separate two distincts biometric items of the same type and subtype.
`encounterId`	string	the id of the encounter owner of this biometric.
`image`	string	Encoded image buffer.
`imageRef`	string/uri	URI to an image.
`captureDate`	string/date-time	Data & time of the data capture, using RFC3339 format.
`captureDevice`	string	A string identifying the device used to capture the biometric.
`impressionType`	string	Constraints: possible values are `LIVE_SCAN_PLAIN`, `LIVE_SCAN_ROLLED`, `NONLIVE_SCAN_PLAIN`, `NONLIVE_SCAN_ROLLED`, `LATENT_IMPRESSION`, `LATENT_TRACING`, `LATENT_PHOTO`, `LATENT_LIFT`, `LIVE_SCAN_SWIPE`, `LIVE_SCAN_VERTICAL_ROLL`, `LIVE_SCAN_PALM`, `NONLIVE_SCAN_PALM`, `LATENT_PALM_IMPRESSION`, `LATENT_PALM_TRACING`, `LATENT_PALM_PHOTO`, `LATENT_PALM_LIFT`, `LIVE_SCAN_OPTICAL_CONTACTLESS_PLAIN`, `OTHER`, `UNKNOWN`
`width`	integer	the width of the image.
`height`	integer	the height of the image.
`bitdepth`	integer
`mimeType`	string	the nature and format of the image. The mime type definitions should be in compliance with RFC 6838.
`resolution`	integer	the image resolution (in DPI).
`compression`	string	Constraints: possible values are `NONE`, `WSQ`, `JPEG`, `JPEG2000`, `PNG`
`missing`	Array of MissingType	Optional properties indicating if a part of the biometric data is missing.
`metadata`	string	An optional string used to convey information vendor-specific.
`comment`	string	A comment about the biometric data.
`template`	string	Encoded template buffer.
`templateRef`	string/uri	URI to the template when it is managed in a dedicated data server.
`templateFormat`	string	Format of the template. One of ISO_19794_2, ISO_19794_2_NS, ISO_19794_2_CS, ISO_19794_2_2011, ANSI_378_2009 or ANSI_378. Can be extended to include additional proprietary template format
`quality`	integer/int64	Quality, as a number, of the biometric.
`qualityFormat`	string	Format of the quality. One of ISO_19794, NFIQ, or NFIQ2. Can be extended to include additional proprietary quality format
`algorithm`	string
`vendor`	string
`encryption`	Object of type Encryption	if present, indicates that a part of the data is encrypted using the provided format.
`integrity`	Array of Integrity

6.7.2.7. MissingType¶

Table 6.48 MissingType¶
Attribute	Type	Description	Required
`biometricSubType`	string	Constraints: possible values are `UNKNOWN`, `RIGHT_THUMB`, `RIGHT_INDEX`, `RIGHT_MIDDLE`, `RIGHT_RING`, `RIGHT_LITTLE`, `LEFT_THUMB`, `LEFT_INDEX`, `LEFT_MIDDLE`, `LEFT_RING`, `LEFT_LITTLE`, `PLAIN_RIGHT_FOUR_FINGERS`, `PLAIN_LEFT_FOUR_FINGERS`, `PLAIN_THUMBS`, `UNKNOWN_PALM`, `RIGHT_FULL_PALM`, `RIGHT_WRITERS_PALM`, `LEFT_FULL_PALM`, `LEFT_WRITERS_PALM`, `RIGHT_LOWER_PALM`, `RIGHT_UPPER_PALM`, `LEFT_LOWER_PALM`, `LEFT_UPPER_PALM`, `RIGHT_OTHER`, `LEFT_OTHER`, `RIGHT_INTERDIGITAL`, `RIGHT_THENAR`, `RIGHT_HYPOTHENAR`, `LEFT_INTERDIGITAL`, `LEFT_THENAR`, `LEFT_HYPOTHENAR`, `RIGHT_INDEX_AND_MIDDLE`, `RIGHT_MIDDLE_AND_RING`, `RIGHT_RING_AND_LITTLE`, `LEFT_INDEX_AND_MIDDLE`, `LEFT_MIDDLE_AND_RING`, `LEFT_RING_AND_LITTLE`, `RIGHT_INDEX_AND_LEFT_INDEX`, `RIGHT_INDEX_AND_MIDDLE_AND_RING`, `RIGHT_MIDDLE_AND_RING_AND_LITTLE`, `LEFT_INDEX_AND_MIDDLE_AND_RING`, `LEFT_MIDDLE_AND_RING_AND_LITTLE`, `EYE_UNDEF`, `EYE_RIGHT`, `EYE_LEFT`, `EYE_BOTH`, `PORTRAIT`, `LEFT_PROFILE`, `RIGHT_PROFILE`
`presence`	string	Constraints: possible values are `BANDAGED`, `AMPUTATED`, `DAMAGED`

6.7.2.8. RequestData¶

The data describing the request itself

Table 6.49 RequestData¶
Attribute	Type	Description	Required
`priority`	integer	the request priority (0: lowest priority; 9: highest priority).	Yes
`credentialProfileId`	string	The id of the credential profile requested.	Yes
`credentialProfileVersion`	string	The version of the credential profile.
`credentialProfileSubtype`	string	The subtype of the credential profile, for example diplomatic for a passport.
`numberOfPages`	integer	The number of pages, in case the requested credential is a booklet, for example for a passport.
`requestType`	string	The type of request, e.g. first issuance, renewal, etc. Constraints: possible values are `FIRST_ISSUANCE`, `RENEWAL`, `REPLACEMENT`, `OTHER`	Yes
`requestTypeOther`	string	Details about the request type when OTHER is selected.
`validFromDate`	string/date-time	May be used to override the default start date of the requested credential. This must only be later than the current date, not earlier.
`validToDate`	string/date-time	May be used to override the default expiry date of the requested credential. This must only be earlier than the default expiry, not later.
`credentialNumber`	string	Number to be used for the new credentials created. It can be used for example when requesting a digital credential sharing the same number with a physical credential, or when the number is not created by the issuance system.
`issuingAuthority`	string
`deliveryOffice`	string	Single code or name identifying the office where the credential has to be delivered.
`deliveryAddress`	Object of type Address
`parentCredentialId`	string	The ID credential used as a reference, or parent, to build a new one.
`others.*`		Additional properties

Example #1:

{
  "priority": 1,
  "credentialProfileId": "ABC",
  "requestType": "FIRST_ISSUANCE",
  "validFromDate": "2020-10-08T18:38:56Z",
  "validToDate": "2025-10-08T18:38:56Z",
  "issuingAuthority": "OSIA",
  "deliveryAddress": {
    "address1": "11 Rue des Rosiers",
    "city": "Libourne",
    "postalCode": "33500",
    "country": "France"
  }
}

6.7.2.9. CredentialRequest¶

A request for a credential

Table 6.50 CredentialRequest¶
Attribute	Type	Description	Required
`credentialRequestId`	string	The unique id of this credential request. Constraints: read only
`status`	string	Constraints: possible values are `PENDING`, `ISSUED`, `CANCELLED`, `FAILED`
`requestData`	Object of type RequestData	The data describing the request itself.	Yes
`personId`	string	The id of the person who is the target of the request.	Yes
`biographicData`	Object of type BiographicData	The set of biographic data.	Yes
`biometricData`	Array of BiometricData
`credentialIds`	Array of string	The id of the credentials created for this request. The unique id of the credential. Constraints: read only
`encryption`	Object of type Encryption	if present, indicates that a part of the data is encrypted using the provided format.
`integrity`	Array of Integrity

6.7.2.10. CredentialData¶

A credential

Table 6.51 CredentialData¶
Attribute	Type	Description	Required
`credentialId`	string	The unique id for this credential. Constraints: read only	Yes
`status`	string	The status of the credential. Constraints: possible values are `NEW`, `ACTIVE`, `SUSPENDED`, `REVOKED`, `OTHER`; read only	Yes
`statusOther`	string	Details about the status when OTHER is used. Constraints: read only
`credentialNumber`	string	The number attached to the credential (ex: passport number). Constraints: read only
`personId`	string	The unique id of the person that the credential request is for. Constraints: read only	Yes
`credentialProfileId`	string	The unique id of the credential profile. Constraints: read only	Yes
`credentialProfileVersion`	string	The version of the credential profile. Constraints: read only
`credentialProfileSubtype`	string	The subtype of the credential profile, for example diplomatic for a passport. Constraints: read only
`numberOfPages`	integer	The number of pages, in case the requested credential is a booklet, for example for a passport. Constraints: read only
`issuedDate`	string/date-time	The date and time that this credential was issued. Constraints: read only
`expiryDate`	string/date-time	The date and time that this credential expires.
`serialNumber`	string	the serial number of the credential. Constraints: read only
`issuingAuthority`	string	The authority issuing the credential (ex: the Ministry of Interior).
`issuingPlace`	string	The place where the credential was issued (ex: Paris).
`others.*`		Additional properties

6.7.2.11. CredentialProfile¶

A credential profile

Table 6.52 CredentialProfile¶
Attribute	Type	Description
`credentialProfileId`	string	The unique id for this credential profile.
`name`	string	The name of the credential profile.
`description`	string	The description of the credential profile.
`credentialType`	string	The type of credential that this profile will issue. Constraints: possible values are `SMARTCARD`, `VIRTUAL_SMARTCARD`, `MOBILE`, `PASSPORT`, `ID_CARD`
`defaultLifetime`	integer	The default number of days that this credential will be considered valid for after issuance.
`credentialProfileVersion`	string	The version of the credential profile.
`credentialProfileSubtype`	string	The subtype of the credential profile, for example diplomatic for a passport.
`numberOfPages`	integer	The number of pages, in case the requested credential is a booklet, for example for a passport.

6.7.2.12. Expression¶

Table 6.53 Expression¶
Attribute	Type	Description	Required
`attributeName`	string		Yes
`operator`	string	Constraints: possible values are `<`, `>`, `=`, `>=`, `<=`, `!=`	Yes
`value`	One of string, integer, number, boolean		Yes

6.7.2.13. Expressions¶

Table 6.54 Expressions¶
Attribute	Type	Description	Required
N/A	Array of Expression

6.7. Credential Services¶

6.7.1. Services¶

6.7.1.1. Credential Request¶

6.7.1.2. Credential¶

6.7.1.3. Credential Profile¶

6.7.2. Data Model¶

6.7.2.1. Error¶

6.7.2.2. Encryption¶

6.7.2.3. Integrity¶

6.7.2.4. Address¶

6.7.2.5. BiographicData¶

6.7.2.6. BiometricData¶

6.7.2.7. MissingType¶

6.7.2.8. RequestData¶

6.7.2.9. CredentialRequest¶

6.7.2.10. CredentialData¶

6.7.2.11. CredentialProfile¶

6.7.2.12. Expression¶

6.7.2.13. Expressions¶

Navigation

Related Topics