# Presentation Endpoint (OpenID4VP) {% hint style="info" %} Specifications and best practice implementations for Verifiable Credentials are currently being developed. This page is expected to be updated, closely following these developments. {% endhint %} The `POST` request to the presentation endpoint is where verifiable presentations are submitted by holders. This endpoint is part of the OpenID for Verifiable Presentations (OpenID4VP) protocol. {% hint style="info" %} The `POST` request to the presentation endpoint is an **OPTIONAL** endpoint and is part of the iSHARE Framework's Verifiable Credentials support in line with **OpenID for Verifiable Presentations (OpenID4VP)**. {% endhint %} ### Endpoint ``` POST /presentation ``` The URL for this endpoint is provided in the Verifier Metadata (see [Verifier Metadata](https://dev.ishare.eu/all-roles-common-endpoints/openid4vp-endpoints/verifier-metadata-openid4vp)). ### Request model #### Headers * `Content-Type`\ **String**.\ MUST be equal to `application/x-www-form-urlencoded` or `application/json`. #### Parameters The request body MUST contain the following parameters (when using `application/x-www-form-urlencoded`): * `vp_token`\ **String**.\ A verifiable presentation token containing the verifiable presentation. * `presentation_submission`\ **String (JSON)**.\ A [Presentation Submission](https://identity.foundation/presentation-exchange/spec/v2.1.1/#presentation-submission) object when using presentation definitions. * `state`\ **String**.\ The state parameter value from the authorization request. When using `application/json`, the request body is a JSON object containing the same parameters. ### Example request ``` POST /presentation Host: verifier.ishare.eu Content-Type: application/x-www-form-urlencoded vp_token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...&presentation_submission={"id":"submission123","definition_id":"participant-credential","descriptor_map":[...]}&state=xyz789 ``` ### Response model #### Success Response The response is a JSON object or redirect containing: * `vp_token`\ **String**.\ The verifiable presentation token (if not already provided in request). * `presentation_submission`\ **Object**.\ The presentation submission object (if using presentation definitions). * `state`\ **String**.\ The state parameter value from the request. #### Error Response Error responses follow standard HTTP status codes and OAuth 2.0 error format: * `error`\ **String**. (Required)\ Error code (e.g., `invalid_request`, `invalid_vp_token`, `presentation_rejected`). * `error_description`\ **String**.\ Human-readable description of the error. * `error_uri`\ **String**.\ URI pointing to a document describing the error. ### Example response ```json { "vp_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...", "presentation_submission": { "id": "submission123", "definition_id": "participant-credential", "descriptor_map": [ { "id": "participant-credential-descriptor", "format": "vc+sd-jwt", "path": "$.vp.verifiableCredential[0]" } ] }, "state": "xyz789" } ``` ### iSHARE-Specific Requirements Within iSHARE, the following requirements apply: * The verifier MUST validate the verifiable presentation: * Verify the presentation signature * Verify all included credential signatures * Check credential expiration and status * Verify issuer trust status * The verifier MUST verify that the credentials in the presentation match the requested presentation definition or scope. * The verifier MUST verify that the holder is authorized to present the credentials. * All verifiable presentations MUST conform to the [W3C Verifiable Credentials Data Model 2.0](https://www.w3.org/TR/vc-data-model-2.0/). * Credentials in presentations MUST use schemas published at [schemas.ishare.eu](https://schemas.ishare.eu).