The `Verification` endpoints enable the management and querying of verification policies, + which are applied to W3C Verifiable Credentials in JWT format.
+Users can retrieve and paginate existing policies or create new ones. + These policies determine the verification criteria, allowing users to specify constraints such as `schemaId` and `trustedIssuers` in the current implementation.
+The constraints are defined using the `schemaId` and a sequence of `trustedIssuers`. + This functionality ensures the system's integrity and adherence to specific verification requirements.
+Endpoints are secured by `apiKeyAuth` or `jwtAuth` authentication
+- name: Schema Registry + description: |2 + + The Schema Registry is a REST API that allows to publish and lookup credential schemas in [W3C](https://w3c.github.io/vc-json-schema/) and [AnonCreds](https://hyperledger.github.io/anoncreds-spec/#term:schema) formats. + The Schema Registry is a part of the [Atala PRISM](https://docs.atalaprism.io/) ecosystem. + + The Credential Schema is a JSON document that describes the structure of the credential and consists of the following parts: metadata, schema and signature. + The metadata contains the following fields: + * `id` - locally unique identifier of the schema + * `version` - version of the schema + * `author` - the DID of the issuer of the schema + * `guid` - globally unique identifier of the schema (generated by the Schema Registry based on `author`, `id` and `version`) + * `name` - name of the schema + * `tags` - list of tags that describe the schema + * `createdAt` - timestamp of the schema creation + * `description` - description of the schema + + The schema contains the JSON Schema that describes the structure of the credential in the `schema` field + The signature contains the signature of the schema by the issuer in the `proof` field. The signature is generated by the issuer's DID key using Ed25519Signature2020 method. + + The Credential Schema object is immutable, so update operation creates a new version of the schema. + The Credential Schema is referenced via `schemaId` field in the issuance and verification flows. + + Endpoints are secured by `apiKeyAuth` or `jwtAuth` authentication. + externalDocs: + url: https://docs.atalaprism.io/tutorials/schemas/credential-schema + description: Credential Schema documentation +- name: DID + description: |2 + + The __DID__ endpoints expose publicly available DID operations. + + The key distinction from the __DID Registrar__ endpoints is that it directly exposes the DID resources interfacing with the [VDR](https://www.w3.org/TR/did-core/#dfn-verifiable-data-registry). + It is independent of the key management and the exposed operations are not part of the tenancy within the agent. + It serves as a proxy for interacting with the VDR, facilitating actions like resolving DIDs. +- name: DID Registrar + description: |2 + + The __DID Registrar__ endpoints facilitate the management of [PRISM DIDs](https://github.com/input-output-hk/prism-did-method-spec) hosted in the cloud agent. + + Implentation of [DID management](https://docs.atalaprism.io/docs/atala-prism/prism-cloud-agent/did-management/) in the cloud agent. + The agent securely manages and stores DIDs along with their keys in its secret storage. + These endpoints allow users to create, read, update, deactivate, and publish without direct exposure to the key material. + These DIDs can be utilized for various operations during issuance and verification processes. + + More examples and tutorials can be found in this [documentation](https://docs.atalaprism.io/tutorials/category/dids/). +- name: Wallet Management + description: |2 + + The __Wallet Management__ endpoints enable both users and administrators to manage [wallets](https://docs.atalaprism.io/docs/concepts/multi-tenancy#wallet). + + In a multitenant agent, wallet is a container for various resources (e.g. Connections, DIDs) and it isolates the access based on the authorization settings. + [Admnistrator](https://docs.atalaprism.io/docs/concepts/glossary#administrator) can utilize the endpoints to manage and onboard [tenants](https://docs.atalaprism.io/docs/concepts/glossary#tenant). + See [this example](https://docs.atalaprism.io/tutorials/multitenancy/tenant-onboarding-ext-iam) for instructions how to utilize the endpoints for administrator. + Tenants can also manage and onboard their own wallets using these endpoints depending on the configuration. + See [this document](https://docs.atalaprism.io/tutorials/multitenancy/tenant-onboarding-ext-iam) for a detailed example for self-service tenants onboarding. + + Wallet permissions are controlled by [UMA](https://docs.atalaprism.io/docs/concepts/glossary#uma) configuration which the agent + exposes endpoints to easily configure wallet access using `uma-permissions` resource. + The permissions can also be configured out-of-band directly on the external IAM provider that supports the UMA standard. +servers: +- url: http://localhost:8085 + description: Local Prism Agent +- url: http://localhost/prism-agent + description: Local Prism Agent with APISIX proxy +- url: https://k8s-dev.atalaprism.io/prism-agent + description: Prism Agent on the Staging Environment paths: /credential-definition-registry/definitions: get: @@ -38,12 +151,16 @@ paths: example: licence - name: offset in: query + description: The number of items to skip before returning results. Default + is 0 if not specified. required: false schema: type: integer format: int32 - name: limit in: query + description: The maximum number of items to return. Defaults to 100 if not + specified. required: false schema: type: integer @@ -239,12 +356,16 @@ paths: example: driving - name: offset in: query + description: The number of items to skip before returning results. Default + is 0 if not specified. required: false schema: type: integer format: int32 - name: limit in: query + description: The maximum number of items to return. Defaults to 100 if not + specified. required: false schema: type: integer @@ -438,41 +559,6 @@ paths: application/json: schema: $ref: '#/components/schemas/ErrorResponse' - /schema-registry/test: - get: - tags: - - Schema Registry - summary: Trace the request input from the point of view of the server - description: Trace the request input from the point of view of the server - operationId: test - responses: - '200': - description: '' - content: - application/json: - schema: - type: string - '400': - description: Invalid request parameters - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - '403': - description: Forbidden - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - '500': - description: Internal server error - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - security: - - apiKeyAuth: [] - - jwtAuth: [] /verification/policies: get: tags: @@ -484,6 +570,8 @@ paths: parameters: - name: name in: query + description: A human-readable name for the verification policy. The `name` + cannot be empty. required: false schema: type: string @@ -510,7 +598,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VerificationPolicyPage' + $ref: '#/components/schemas/VerificationPolicyResponsePage' '400': description: Invalid request parameters content: @@ -551,7 +639,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VerificationPolicy' + $ref: '#/components/schemas/VerificationPolicyResponse' '400': description: Invalid request parameters content: @@ -594,7 +682,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VerificationPolicy' + $ref: '#/components/schemas/VerificationPolicyResponse' '400': description: Invalid request parameters content: @@ -655,7 +743,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VerificationPolicy' + $ref: '#/components/schemas/VerificationPolicyResponse' '400': description: Invalid request parameters content: @@ -731,31 +819,43 @@ paths: get: tags: - Connections Management - summary: Gets the list of connection records. - description: Get the list of connection records paginated + summary: Retrieves the list of connection flow records available from the agent's + database. + description: |2 + + Retrieve of a list containing connections available from the agent's database. + The API returns a comprehensive collection of connection flow records within the system, regardless of their state. + Each connection item includes essential metadata such as connection ID, thread ID, state, role, participant information, and other relevant details. + Pagination support is available, allowing for efficient handling of large datasets. operationId: getConnections parameters: - name: offset in: query + description: The number of items to skip before returning results. Default + is 0 if not specified. required: false schema: type: integer format: int32 - name: limit in: query + description: The maximum number of items to return. Defaults to 100 if not + specified. required: false schema: type: integer format: int32 - name: thid in: query - description: The thid of a DIDComm communication. + description: The `thid`, shared between the inviter and the invitee, that + uniquely identifies a connection flow. required: false schema: type: string responses: '200': - description: The list of connection records. + description: The list of connection flow records available from the agent's + database content: application/json: schema: @@ -784,12 +884,16 @@ paths: post: tags: - Connections Management - summary: Creates a new connection record and returns an Out of Band invitation. + summary: Create a new connection invitation that can be delivered out-of-band + to a peer agent. description: |2 - Generates a new Peer DID and creates an [Out of Band 2.0](https://identity.foundation/didcomm-messaging/spec/v2.0/#out-of-band-messages) invitation. - It returns a new connection record in `InvitationGenerated` state. - The request body may contain a `label` that can be used as a human readable alias for the connection, for example `{'label': "Bob"}` + Create a new connection invitation that can be delivered out-of-band to a peer agent, regardless of whether it resides in cloud or edge environment. + The generated invitation adheres to the DIDComm Messaging v2.0 - [Out of Band Messages](https://identity.foundation/didcomm-messaging/spec/v2.0/#out-of-band-messages) specification [section 9.5.4](https://identity.foundation/didcomm-messaging/spec/v2.0/#invitation). + The from field of the out-of-band invitation message contains a freshly generated Peer DID that complies with the [did:peer:2](https://identity.foundation/peer-did-method-spec/#generating-a-didpeer2) specification. + This Peer DID includes the 'uri' location of the DIDComm messaging service, essential for the invitee's subsequent execution of the connection flow. + In the agent database, the created connection record has an initial state set to `InvitationGenerated`. + The request body may contain a `label` that can be used as a human readable alias for the connection, for example `{'label': "Connection with Bob"}` operationId: createConnection requestBody: description: JSON object required for the connection creation @@ -831,20 +935,25 @@ paths: get: tags: - Connections Management - summary: Gets an existing connection record by its unique identifier. - description: Gets an existing connection record by its unique identifier + summary: Retrieves a specific connection flow record from the agent's database + based on its unique `connectionId`. + description: |2 + + Retrieve a specific connection flow record from the agent's database based in its unique `connectionId`. + The API returns a comprehensive collection of connection flow records within the system, regardless of their state. + The returned connection item includes essential metadata such as connection ID, thread ID, state, role, participant information, and other relevant details. operationId: getConnection parameters: - name: connectionId in: path - description: The unique identifier of the connection record. + description: The `connectionId` uniquely identifying the connection flow record. required: true schema: type: string format: uuid responses: '200': - description: The connection record. + description: The specific connection flow record. content: application/json: schema: @@ -880,12 +989,15 @@ paths: post: tags: - Connections Management - summary: Accepts an Out of Band invitation. + summary: Accept a new connection invitation received out-of-band from another + peer agent. description: |2 - Accepts an [Out of Band 2.0](https://identity.foundation/didcomm-messaging/spec/v2.0/#out-of-band-messages) invitation, generates a new Peer DID, - and submits a Connection Request to the inviter. - It returns a connection object in `ConnectionRequestPending` state, until the Connection Request is eventually sent to the inviter by the prism-agent's background process. The connection object state will then automatically move to `ConnectionRequestSent`. + Accept an new connection invitation received out-of-band from another peer agent. + The invitation must be compliant with the DIDComm Messaging v2.0 - [Out of Band Messages](https://identity.foundation/didcomm-messaging/spec/v2.0/#out-of-band-messages) specification [section 9.5.4](https://identity.foundation/didcomm-messaging/spec/v2.0/#invitation). + A new connection record with state `ConnectionRequestPending` will be created in the agent database and later processed by a background job to send a connection request to the peer agent. + The created record will contain a newly generated pairwise Peer DID used for that connection. + A connection request will then be sent to the peer agent to actually establish the connection, moving the record state to `ConnectionRequestSent`, and waiting the connection response from the peer agent. operationId: acceptConnectionInvitation requestBody: description: The request used by an invitee to accept a connection invitation @@ -1028,28 +1140,31 @@ paths: get: tags: - DID Registrar - summary: List all DIDs stored in Prism Agent's wallet + summary: List all DIDs stored in the agent's wallet description: |- - List all DIDs stored in Prism Agent's wallet. + List all DIDs stored in the agent's wallet. Return a paginated items ordered by created timestamp. - If the `limit` parameter is not set, it defaults to 100 items per page. operationId: getDid-registrarDids parameters: - name: offset in: query + description: The number of items to skip before returning results. Default + is 0 if not specified. required: false schema: type: integer format: int32 - name: limit in: query + description: The maximum number of items to return. Defaults to 100 if not + specified. required: false schema: type: integer format: int32 responses: '200': - description: List Prism Agent managed DIDs + description: List the agent managed DIDs in the wallet content: application/json: schema: @@ -1078,10 +1193,12 @@ paths: post: tags: - DID Registrar - summary: Create unpublished DID and store it in Prism Agent's wallet + summary: Create an unpublished PRISM DID and store it in the agent's wallet description: |- - Create unpublished DID and store it inside Prism Agent's wallet. The private keys of the DID is - managed by Prism Agent. The DID can later be published to the VDR using publications endpoint. + Create an unpublished PRISM DID and store it in the agent's wallet. + The public/private keys of the DID will be derived according to the `didDocumentTemplate` and managed by the agent. + The DID can later be published to the VDR using the `publications` endpoint. + After the DID is created, it has the `CREATED` status. operationId: postDid-registrarDids requestBody: content: @@ -1091,7 +1208,7 @@ paths: required: true responses: '201': - description: Created unpublished DID. + description: Created an unpublished PRISM DID content: application/json: schema: @@ -1133,8 +1250,8 @@ paths: get: tags: - DID Registrar - summary: Get DID stored in Prism Agent's wallet - description: Get DID stored in Prism Agent's wallet + summary: Get a specific DID stored in the agent's wallet + description: Get a specific DID stored in the agent's wallet operationId: getDid-registrarDidsDidref parameters: - name: didRef @@ -1146,7 +1263,7 @@ paths: example: did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff responses: '200': - description: Get Prism Agent managed DID + description: Get a DID in the agent's wallet content: application/json: schema: @@ -1182,8 +1299,14 @@ paths: post: tags: - DID Registrar - summary: Publish the DID stored in Prism Agent's wallet to the VDR - description: Publish the DID stored in Prism Agent's wallet to the VDR. + summary: Publish the DID stored in the agent's wallet to the VDR + description: | + Initiate the publication of the DID stored in the agent's wallet to the VDR. + The publishing process is asynchronous. + Attempting to publish the same DID while the previous publication is ongoing will not initiate another publication. + After the submission of the DID publication, its status is changed to `PUBLICATION_PENDING`. + Upon confirmation after a predefined number of blocks, the status is changed to `PUBLISHED`. + In case of a failed DID publication, the status is reverted to `CREATED`. operationId: postDid-registrarDidsDidrefPublications parameters: - name: didRef @@ -1195,7 +1318,7 @@ paths: example: did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff responses: '202': - description: Publishing DID to the VDR. + description: Publishing DID to the VDR initiated content: application/json: schema: @@ -1231,13 +1354,13 @@ paths: post: tags: - DID Registrar - summary: Update DID in Prism Agent's wallet and post update operation to the - VDR + summary: Update DID in the agent's wallet and post update operation to the VDR description: |- - Update DID in Prism Agent's wallet and post update operation to the VDR. + Update DID in the agent's wallet and post the update operation to the VDR. + Only the DID with status `PUBLISHED` can be updated. This endpoint updates the DID document from the last confirmed operation. - Submitting multiple update operations without waiting for confirmation will result in - some operations being rejected as only one operation is allowed to be appended to the last confirmed operation. + The update operation is asynchornous operation and the agent will reject + a new update request if the previous operation is not yet comfirmed. operationId: postDid-registrarDidsDidrefUpdates parameters: - name: didRef @@ -1303,10 +1426,13 @@ paths: post: tags: - DID Registrar - summary: Deactivate DID in Prism Agent's wallet and post deactivate operation + summary: Deactivate DID in the agent's wallet and post deactivate operation to the VDR - description: Deactivate DID in Prism Agent's wallet and post deactivate operation - to the VDR. + description: |- + Deactivate DID in the agent's wallet and post deactivate operation to the VDR. + Only the DID with status `PUBLISHED` can be deactivated. + The deactivate operation is asynchornous operation and the agent will reject + a new deactivate request if the previous operation is not yet comfirmed. operationId: postDid-registrarDidsDidrefDeactivations parameters: - name: didRef @@ -1415,12 +1541,16 @@ paths: parameters: - name: offset in: query + description: The number of items to skip before returning results. Default + is 0 if not specified. required: false schema: type: integer format: int32 - name: limit in: query + description: The maximum number of items to return. Defaults to 100 if not + specified. required: false schema: type: integer @@ -1625,12 +1755,16 @@ paths: parameters: - name: offset in: query + description: The number of items to skip before returning results. Default + is 0 if not specified. required: false schema: type: integer format: int32 - name: limit in: query + description: The maximum number of items to return. Defaults to 100 if not + specified. required: false schema: type: integer @@ -1886,12 +2020,16 @@ paths: parameters: - name: offset in: query + description: The number of items to skip before returning results. Default + is 0 if not specified. required: false schema: type: integer format: int32 - name: limit in: query + description: The maximum number of items to return. Defaults to 100 if not + specified. required: false schema: type: integer @@ -1922,8 +2060,8 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' security: - - {} - adminApiKeyAuth: [] + - jwtAuth: [] post: tags: - Identity and Access Management @@ -1970,8 +2108,8 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' security: - - {} - adminApiKeyAuth: [] + - jwtAuth: [] /iam/entities/{id}/name: put: tags: @@ -2025,8 +2163,8 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' security: - - {} - adminApiKeyAuth: [] + - jwtAuth: [] /iam/entities/{id}/walletId: put: tags: @@ -2080,8 +2218,8 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' security: - - {} - adminApiKeyAuth: [] + - jwtAuth: [] /iam/entities/{id}: get: tags: @@ -2129,8 +2267,8 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' security: - - {} - adminApiKeyAuth: [] + - jwtAuth: [] delete: tags: - Identity and Access Management @@ -2173,8 +2311,8 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' security: - - {} - adminApiKeyAuth: [] + - jwtAuth: [] /iam/apikey-authentication: post: tags: @@ -2217,8 +2355,8 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' security: - - {} - adminApiKeyAuth: [] + - jwtAuth: [] delete: tags: - Identity and Access Management @@ -2260,30 +2398,36 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' security: - - {} - adminApiKeyAuth: [] + - jwtAuth: [] /wallets: get: tags: - Wallet Management - summary: List all wallets + summary: List all permitted wallets + description: List all permitted wallets. If the role is admin, returns all the + wallets. If the role is tenant, only return permitted wallets. operationId: getWallets parameters: - name: offset in: query + description: The number of items to skip before returning results. Default + is 0 if not specified. required: false schema: type: integer format: int32 - name: limit in: query + description: The maximum number of items to return. Defaults to 100 if not + specified. required: false schema: type: integer format: int32 responses: '200': - description: Successfully list all the wallets + description: Successfully list all permitted wallets content: application/json: schema: @@ -2314,9 +2458,12 @@ paths: tags: - Wallet Management summary: Create a new wallet - description: |- - Create a new wallet with optional to use provided seed. - The seed will be used for DID key derivation inside the wallet. + description: "Create a new wallet with the option to provide the seed.\nThe\ + \ seed will be used for all PRISM DID keypair derivation within the wallet.\n\ + \nIf the role is admin, a wallet can be created at any time.\nIf the role\ + \ is tenant, a wallet can only be created if there is no existing wallet permission\ + \ for that tenant.\nThe permission for the tenant will be automatically granted\ + \ after the wallet is created with tenant role.\n " operationId: createWallet requestBody: content: @@ -2326,7 +2473,7 @@ paths: required: true responses: '201': - description: A new wallet has been created + description: Successfully create a new wallet content: application/json: schema: @@ -2358,6 +2505,8 @@ paths: tags: - Wallet Management summary: Get the wallet by ID + description: Get the wallet by ID. If the role is tenant, only search the ID + of permitted wallets. operationId: getWalletsWalletid parameters: - name: walletId @@ -2407,6 +2556,10 @@ paths: - Wallet Management summary: Create a UMA resource permission on an authorization server for the wallet. + description: "Create a UMA resource permission on an authorization server for\ + \ the wallet.\nThis grants the wallet permission to the specified `subject`,\ + \ where the `subject` denotes the identity of the tenant on an authorization\ + \ server.\n " operationId: createWalletUmaPermission parameters: - name: walletId @@ -2423,7 +2576,7 @@ paths: required: true responses: '200': - description: UMA resource permission is created on an authorization server. + description: UMA resource permission is created on an authorization server '400': description: Invalid request parameters content: @@ -2451,6 +2604,10 @@ paths: - Wallet Management summary: Delete a UMA resource permission on an authorization server for the wallet. + description: "Remove a UMA resource permission on an authorization server for\ + \ the wallet.\nThis remove the wallet permission to the specified `subject`,\ + \ where the `subject` denotes the identity of the tenant on an authorization\ + \ server.\n " operationId: deleteWalletUmaPermission parameters: - name: walletId @@ -2958,6 +3115,8 @@ components: type: array items: type: string + description: The JSON-LD context describing the JSON document + example: https://didcomm.org/messaging/contexts/v2 CreateWalletRequest: required: - name @@ -3444,7 +3603,8 @@ components: type: array items: type: string - description: The JSON-LD context for the DID resolution result. + description: The JSON-LD context describing the JSON document + example: https://didcomm.org/messaging/contexts/v2 id: type: string description: |- @@ -3552,8 +3712,8 @@ components: properties: '@context': type: string - description: The JSON-LD context for the DID resolution result. - example: https://w3id.org/did-resolution/v1 + description: The JSON-LD context describing the JSON document + example: https://didcomm.org/messaging/contexts/v2 didDocument: $ref: '#/components/schemas/DIDDocument' didDocumentMetadata: @@ -3757,7 +3917,7 @@ components: type: string description: The date and time when the issue credential record was created. format: date-time - example: '2023-12-21T10:46:39.901591685Z' + example: '2024-01-25T13:33:28.428671446Z' updatedAt: type: string description: The date and time when the issue credential record was last @@ -3845,7 +4005,7 @@ components: example: [] Json: description: The service endpoint. Can contain multiple possible values as described - in the [Create DID operation] + in the [Create DID operation](https://github.com/input-output-hk/prism-did-method-spec/blob/main/w3c-spec/PRISM-method.md#create-did) example: https://example.com oneOf: - $ref: '#/components/schemas/Arr' @@ -3866,14 +4026,14 @@ components: example: did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff longFormDid: type: string - description: A long-form DID. Mandatory when status is not PUBLISHED and - optional when status is PUBLISHED + description: A long-form DID. Mandatory when status is not `PUBLISHED` and + optional when status is `PUBLISHED` example: did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff:Cr4BCrsBElsKBmF1dGgtMRAEQk8KCXNlY3AyNTZrMRIg0opTuxu-zt6aRbT1tPniG4eu4CYsQPM3rrLzvzNiNgwaIIFTnyT2N4U7qCQ78qtWC3-p0el6Hvv8qxG5uuEw-WgMElwKB21hc3RlcjAQAUJPCglzZWNwMjU2azESIKhBU0eCOO6Vinz_8vhtFSAhYYqrkEXC8PHGxkuIUev8GiAydFHLXb7c22A1Uj_PR21NZp6BCDQqNq2xd244txRgsQ status: type: string description: |- - A status indicating a publication state of a DID in the wallet (e.g. PUBLICATION_PENDING, PUBLISHED). - Does not represent DID a full lifecyle (e.g. deactivated, recovered, updated). + A status indicating a publication state of a DID in the wallet (e.g. `PUBLICATION_PENDING`, `PUBLISHED`). + Does not represent DID a lifecyle (e.g. `deactivated`, `recovered`, `updated`). example: CREATED ManagedDIDKeyTemplate: required: @@ -3887,7 +4047,7 @@ components: example: key-1 purpose: $ref: '#/components/schemas/Purpose' - description: key-pair template to add to DID document. + description: A key-pair template to add to DID document. ManagedDIDPage: required: - self @@ -3947,6 +4107,8 @@ components: type: array items: type: string + description: The JSON-LD context describing the JSON document + example: https://didcomm.org/messaging/contexts/v2 PresentationStatus: required: - presentationId @@ -4288,7 +4450,7 @@ components: - type: string serviceEndpoint: $ref: '#/components/schemas/Json' - description: A service expressed in the DID document. https://www.w3.org/TR/did-core/#services + description: A service that should appear in the DID document. https://www.w3.org/TR/did-core/#services Str: required: - value @@ -4391,7 +4553,58 @@ components: publicKeyJwk: $ref: '#/components/schemas/PublicKeyJwk' description: A cryptographic public key expressed in the DID document. https://www.w3.org/TR/did-core/#verification-methods - VerificationPolicy: + VerificationPolicyConstraint: + required: + - schemaId + type: object + properties: + schemaId: + type: string + description: The schema ID of the credential that is being verified. + example: https://example.com/driving-license-1.0 + minLength: 1 + trustedIssuers: + type: array + items: + type: string + description: A list of DIDs of the trusted issuers. + example: + - did:example:123456789abcdefghi + VerificationPolicyInput: + required: + - name + - description + type: object + properties: + id: + type: string + description: A unique identifier to address the verification policy instance. + UUID is generated by the backend. + format: uuid + example: 0527aea1-d131-3948-a34d-03af39aba8b5 + name: + type: string + description: A human-readable name for the verification policy. The `name` + cannot be empty. + example: Trusted Issuers Verification Policy + minLength: 1 + description: + type: string + description: A human-readable description of the verification policy. + example: Verification policy that checks if the credential was issued by + a trusted issuer. + constraints: + type: array + items: + $ref: '#/components/schemas/VerificationPolicyConstraint' + description: The object that describes the constraints of the verification + policy. Each constraint is a tuple of the `schemaId` and a set of DIDs + of the trusted issuers. + example: + - schemaId: https://example.com/driving-license-1.0 + trustedIssuers: + - did:example:123456789abcdefghi + VerificationPolicyResponse: required: - self - kind @@ -4405,57 +4618,61 @@ components: properties: self: type: string + description: The URL that uniquely identifies the resource being returned + in the response. + example: /prism-agent/verification/policies/0527aea1-d131-3948-a34d-03af39aba8b4 kind: type: string + description: A string that identifies the type of resource being returned + in the response. + example: VerificationPolicy id: type: string + description: A unique identifier to address the verification policy instance. + UUID is generated by the backend. format: uuid + example: 0527aea1-d131-3948-a34d-03af39aba8b5 nonce: type: integer + description: A number that is changed every time the verification policy + is updated. format: int32 + example: 1234 name: type: string + description: A human-readable name for the verification policy. The `name` + cannot be empty. + example: Trusted Issuers Verification Policy + minLength: 1 description: type: string + description: A human-readable description of the verification policy. + example: Verification policy that checks if the credential was issued by + a trusted issuer. createdAt: type: string + description: '[RFC3339](https://www.rfc-editor.org/rfc/rfc3339) date on + which the verification policy was created.' format: date-time + example: 2022-03-10T12:00Z updatedAt: type: string + description: '[RFC3339](https://www.rfc-editor.org/rfc/rfc3339) date on + which the verification policy was updated.' format: date-time + example: 2022-03-10T12:00Z constraints: type: array items: $ref: '#/components/schemas/VerificationPolicyConstraint' - VerificationPolicyConstraint: - required: - - schemaId - type: object - properties: - schemaId: - type: string - trustedIssuers: - type: array - items: - type: string - VerificationPolicyInput: - required: - - name - - description - type: object - properties: - id: - type: string - format: uuid - name: - type: string - description: - type: string - constraints: - type: array - items: - $ref: '#/components/schemas/VerificationPolicyConstraint' - VerificationPolicyPage: + description: The object that describes the constraints of the verification + policy. Each constraint is a tuple of the `schemaId` and a set of DIDs + of the trusted issuers. + example: + - schemaId: https://example.com/driving-license-1.0 + trustedIssuers: + - did:example:123456789abcdefghi + VerificationPolicyResponsePage: required: - self - kind @@ -4464,18 +4681,51 @@ components: properties: self: type: string + description: The URL that uniquely identifies the resource being returned + in the response. + example: /prism-agent/verification/policies?name=Trusted&offset=0&limit=10 kind: type: string + description: A string that identifies the type of resource being returned + in the response. + example: VerificationPolicyPage pageOf: type: string + description: A string field indicating the type of resource that the contents + field contains + example: /prism-agent/verification/policies next: type: string + description: An optional string field containing the URL of the next page + of results. If the API response does not contain any more pages, this + field should be set to None. + example: /prism-agent/verification/policies?skip=20&limit=10 previous: type: string + description: An optional string field containing the URL of the previous + page of results. If the API response is the first page of results, this + field should be set to None. + example: /prism-agent/verification/policies?skip=0&limit=10 contents: type: array items: - $ref: '#/components/schemas/VerificationPolicy' + $ref: '#/components/schemas/VerificationPolicyResponse' + description: A sequence of VerificationPolicyResponse objects representing + the list of verification policies that the paginated response contains + example: + - self: /prism-agent/verification/policies + kind: VerificationPolicy + id: 0527aea1-d131-3948-a34d-03af39aba8b4 + nonce: 0 + name: Trusted Issuers Verification Policy + description: Verification policy that checks if the credential was issued + by a trusted issuer. + createdAt: '2022-03-10T12:00:00Z' + updatedAt: '2022-03-10T12:00:00Z' + constraints: + - schemaId: https://example.com/driving-license-1.0 + trustedIssuers: + - did:example:123456789abcdefghi WalletDetail: required: - id @@ -4570,14 +4820,26 @@ components: items: $ref: '#/components/schemas/WebhookNotification' securitySchemes: - adminApiKeyAuth: - type: apiKey - name: x-admin-api-key - in: header apiKeyAuth: type: apiKey + description: API Key Authentication. The header `apikey` must be set with the + API key. name: apikey in: header + adminApiKeyAuth: + type: apiKey + description: Admin API Key Authentication. The header `x-admin-api-key` must + be set with the Admin API key. + name: x-admin-api-key + in: header jwtAuth: type: http - scheme: bearer + description: JWT Authentication. The header `Authorization` must be set with + the JWT token using `Bearer` scheme + name: Authorization + in: header + scheme: Bearer +security: +- apiKeyAuth: [] + adminApiKeyAuth: [] + jwtAuth: [] diff --git a/version.sbt b/version.sbt index 9462f4c845..16718a55af 100644 --- a/version.sbt +++ b/version.sbt @@ -1 +1 @@ -ThisBuild / version := "1.24.0-SNAPSHOT" +ThisBuild / version := "1.25.0-SNAPSHOT"