Issuer integration
You have an existing identity verification flow (DigiD, BankID, OIDC, your own KYC) and want to mint Owl ID SD-JWT VC credentials for verified users.
Setup
Issuance flow
Code
The platform does not retain unhashed claims past the session TTL. Once issued, only the issuer-signed JWT (carrying SHA-256 hashes of each [salt, name, value] disclosure) and audit-event hashes remain.
OpenID4VCI (Batch Credential issuance)
To defeat multi-show linkability, ask the issuer for a batch of one-time-use credentials. Each has a distinct credential_id and is independently revocable on Midnight:
This is the OpenID4VCI Batch Credential endpoint. The verifier sees no correlation between batched presentations.
Provider flow types
Polling async sessions
For QR or webhook flows, poll until the session reaches verified:
Issuer identifier — did:web
The issuer publishes a DID document at https://<issuer-host>/.well-known/did.json (CORS public). The document's SHA-256 hash is anchored on Midnight's identity_registry (the did:webs pattern); the verifier resolves the did:web URL, re-hashes, and rejects any document substitution.
Issuer key management
Your account's signing key is generated by Owl ID on signup and its public key is registered into the on-chain issuer_registry automatically. Verifiers connecting to Owl ID trust your credentials without any extra setup on their side.
Reference
OwlIssuer— every method- Verifier integration — the other side of the flow