HTTP API
Most integrations should use @owlid/sdk — it wraps these endpoints with typed clients, challenge handling, and the WebSocket presentation flow. Reach for the raw HTTP API only for non-TypeScript backends.
Base URLs
The Swagger UI is the canonical, always-current reference — every route, request body, and response schema is generated from the live service. The tables below are a map of the surface.
All endpoints require an Authorization: Bearer <api-key> header unless marked otherwise.
Verification service
Issuer service
Example — verify a presentation
The verify endpoint takes a DCQL vp_token (OpenID4VP 1.0). The SDK's OwlVerifier.verify() wraps this for you.