Presentation Endpoint (OpenID4VP)

Specifications and best practice implementations for Verifiable Credentials are currently being developed. This page is expected to be updated, closely following these developments.

The POST request to the presentation endpoint is where verifiable presentations are submitted by holders. This endpoint is part of the OpenID for Verifiable Presentations (OpenID4VP) protocol.

The POST request to the presentation endpoint is an OPTIONAL endpoint and is part of the iSHARE Framework's Verifiable Credentials support in line with OpenID for Verifiable Presentations (OpenID4VP).

Endpoint

POST /presentation

The URL for this endpoint is provided in the Verifier Metadata (see Verifier Metadata).

Request model

Headers

  • Content-Type String. MUST be equal to application/x-www-form-urlencoded or application/json.

Parameters

The request body MUST contain the following parameters (when using application/x-www-form-urlencoded):

  • vp_token String. A verifiable presentation token containing the verifiable presentation.

  • presentation_submission String (JSON). A Presentation Submission object when using presentation definitions.

  • state String. The state parameter value from the authorization request.

When using application/json, the request body is a JSON object containing the same parameters.

Example request

POST /presentation
Host: verifier.ishare.eu
Content-Type: application/x-www-form-urlencoded

vp_token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...&presentation_submission={"id":"submission123","definition_id":"participant-credential","descriptor_map":[...]}&state=xyz789

Response model

Success Response

The response is a JSON object or redirect containing:

  • vp_token String. The verifiable presentation token (if not already provided in request).

  • presentation_submission Object. The presentation submission object (if using presentation definitions).

  • state String. The state parameter value from the request.

Error Response

Error responses follow standard HTTP status codes and OAuth 2.0 error format:

  • error String. (Required) Error code (e.g., invalid_request, invalid_vp_token, presentation_rejected).

  • error_description String. Human-readable description of the error.

  • error_uri String. URI pointing to a document describing the error.

Example response

{
  "vp_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "presentation_submission": {
    "id": "submission123",
    "definition_id": "participant-credential",
    "descriptor_map": [
      {
        "id": "participant-credential-descriptor",
        "format": "vc+sd-jwt",
        "path": "$.vp.verifiableCredential[0]"
      }
    ]
  },
  "state": "xyz789"
}

iSHARE-Specific Requirements

Within iSHARE, the following requirements apply:

  • The verifier MUST validate the verifiable presentation:

    • Verify the presentation signature

    • Verify all included credential signatures

    • Check credential expiration and status

    • Verify issuer trust status

  • The verifier MUST verify that the credentials in the presentation match the requested presentation definition or scope.

  • The verifier MUST verify that the holder is authorized to present the credentials.

  • All verifiable presentations MUST conform to the W3C Verifiable Credentials Data Model 2.0.

  • Credentials in presentations MUST use schemas published at schemas.ishare.eu.

PreviousAuthorization Endpoint (OpenID4VP)NextGetting started

Last updated