Create a Credential configuration
Introduction
In an OpenID4VCI issuance workflow, Credential offers are created based on Credential configurations. These are templates that define rules and parameters that control the structure and content of the credentials being issued.
The purpose of this tutorial is to demonstrate how to create a Credential configuration using the MATTR Portal or via API calls.
Prerequisites
- Ensure you have completed either the Authorization Code or Pre-authorized Code tutorials, as the claims source tutorial builds upon them.
- Review the Credential configuration overview page for a detailed explanation of the key concepts and considerations involved in creating a credential configuration.
We recommend using the MATTR VII Postman collection in this tutorial. While this isn't an explicit prerequisite it can really speed things up.
Guide overview
When planning any credential configuration, an issuer should take the following factors into account:
- Credential type: Used to uniquely identify credentials issued via this configuration.
- Credential content: Decide what information will be included in the credential, and how it will be structured.
- Credential validity: Set the appropriate validity period to reflect how long the credential should be considered accurate and trustworthy.
- Revocation support: Determine whether the credential needs to support revocation status updates.
- Branding configuration: Specify how the credential should appear in a digital wallet. While display conventions are not yet standardized, this tutorial uses MATTR’s proprietary format to support branding, clarity, and holder trust.
This tutorial will walk you through each of these steps and explain the different considerations, options, and best practices to help you create a well-formed credential configuration.
Credential type
The credential type is used to differentiate between different types of credentials. It is a unique identifier that specifies the purpose and structure of the credential being issued.
It is set using the
type
property when creating a credential configuration:
{
    "type": "org.iso.18013.5.1.mDL"
    // Rest of the credential configuration
}Refer to the Credential configuration overview for considerations and best practices on defining credential types.
Credential content
The credential content defines the specific information that will be included in the credential. This can include various claims about the holder, such as their name, email address, and any other relevant data.
The content is set using the claimMappings object, as shown in the following example:
{
    "claimMappings": {
        "com.example.personaldetails.1": {
            "name": {
                "mapFrom": "claims.name",
                "type": "string",
                "required": true
            },
            "email": {
                "mapFrom": "claims.email",
                "type": "string",
                "defaultValue": "Not provided"
            }
        }
    },
    "claimSourceId": "78e1b90c-401d-45bb-89c0-938da4d44c60"
    // Rest of the credential configuration
}This example maps claims into a single namespace (com.example.personaldetails.1) and defines two
claims within it:
- name: This claim is mapped from the- claims.nameproperty in the claim source. It is of type- stringand is marked as- required, meaning that the issuance process will fail if this claim is not provided.
- email: This claim is also mapped from the- claims.emailproperty in the claim source. It is of type- stringbut is not marked as required. If the claim is not provided, it will default to the value "Not provided".
The claimSourceId property specifies the claims source
from which claims are dynamically retrieved as part of the issuance flow.
Refer to the Credential configuration overview for considerations and best practices on defining and mapping credential content.
Credential validity
Credential validity defines the period during which the credential is considered valid and can be used for its intended purpose. This is set using a combination of three properties in the credential configuration. Examples include:
{
    "expiresIn": {
        "days": 30
    }
    // Rest of the credential configuration
}In this example we are setting the credential to expire 30 days after issuance.
{
    "validFrom": {
        "defaultValue": "2023-01-01T00:00:00Z"
    },
    "validUntil": {
        "defaultValue": "2023-02-01T23:59:59Z"
    }
    // Rest of the credential configuration
}Note that in this example expiresIn must also be set, as it is a required property. Its value
will be ignored as both validFrom and validUntil are provided.
Refer to the Credential configuration overview for considerations and best practices on defining and mapping credential validity.
Revocation support
MATTR VII allows you to update the status of issued credentials, enabling you to revoke or suspend credentials when necessary. Verifiers can check the status of a presented credential without compromising the holder’s privacy.
Support for credential revocation is configured as part of the credential configuration, using the
includeStatus
boolean:
{
    "includeStatus": true
    // Rest of credential configuration
}- includeStatus: When set to- true, issued credentials are revocable. They'll include a- statusobject, which refers a Status list where the credential status is indicated.
Credential branding
Credential configurations can include information regarding how to brand them when they are displayed in a digital wallet. This is useful for enhancing the user experience and ensuring that the credential is easily recognizable.
While display conventions are not yet standardized, this tutorial uses MATTR’s proprietary format to support branding, clarity, and holder trust.
Branding is controlled via the following properties of the
branding
object:
{
    "branding": {
        "name": "Course credential",
        "description": "Diploma in Management",
        "backgroundColor": "#860012",
        "watermarkImage": "https://example-path-to-image-data.com",
        "issuerLogo": "data:image/png;base64,anything",
        "issuerIcon": "data:image/svg+xml;base64,anything"
    }
    // Rest of credential configuration
}
- name: Displayed on the top part of the credential.
- description: Displayed below the name field.
- backgroundColor: Applied as the credential background color.
- watermarkImage: Displayed as a pattern on top of the credential.
- issuerLogo: Displayed on the bottom part of the credential.
- issuerIcon: Displayed next to the issuer’s name.
Refer to the API Reference for requirements and best practices for each of these elements.
Putting it all together
Step 1: Create a Credential configuration
- 
In the navigation panel on the left-hand side, expand the Credential Issuance menu. 
- 
Select Mobile credential. 
- 
Select the Create new button. 
- 
In the Name text box, enter a clear and descriptive title that will appear on the credential in the wallet, for example "My Credential Configuration Tutorial Credential". 
- 
In the Description text box, enter a clear and descriptive description that will appear on the credential in the wallet, for example "Credential Configuration Best Practices". 
- 
In the Credential type text box, enter a unique identifier for the credential type, for example com.example.credentialconfiguration.2.
- 
Copy and paste the following JSON into the Claim mappings text box: Claim mappings { "com.example.personaldetails.1": { "name": { "mapFrom": "claims.name", "type": "string", "required": true }, "email": { "mapFrom": "claims.email", "type": "string", "required": true }, "age": { "mapFrom": "claims.age", "type": "number" } } }
- 
Enter "1" in the Months text box in the Validity for panel to set the credential expiration period. 
- 
Select the Create button to create the credential configuration. 
Step 2: Create a Credential offer
- In the navigation panel on the left-hand side, expand the Credential Issuance menu.
- Select Credential offer.
- Select the Select button.
- Check the checkbox next to the credential configuration you created in the previous step.
- Select the Apply button.
- Select the Generate button.
- Download the displayed QR code and save it on your computer.
Step 1: Create a Credential configuration
Make the following request to create an mDoc credentials configuration:
POST /v2/credentials/mobile/configurations{
    "type": "com.example.credentialconfiguration.2",
    "expiresIn": {
        "months": 1
    },
    "claimMappings": {
        "com.example.personaldetails.1": {
            "name": {
                "mapFrom": "claims.name",
                "type": "string",
                "required": true
            },
            "email": {
                "mapFrom": "claims.email",
                "type": "string",
                "required": true
            },
            "age": {
                "mapFrom": "claims.age",
                "type": "number"
            }
        }
    },
    "branding": {
        "name": "My Credential Configuration Tutorial Credential",
        "description": "Credential Configuration Best Practices",
        "backgroundColor": "#d82db3ff"
    },
    "claimSourceId": "<CLAIM_SOURCE_ID>",
    "includeStatus": true
}- claimSourceId: If you completed the Claim source tutorial, you can replace this with the ID of the claim source you created. Otherwise, omit this line from the request body.
Response
{
    "id": "294868aa-3814-4a50-9862-5ff48381a8e5"
    //... rest of your credential configuration
}- id: Unique identifier for the created mDocs credentials configuration. This ID is used to create a Credential offer in the next step.
Step 2: Create a Credential offer
You can now generate a Credential offer and share it with the intended holder.
Make sure you create a credential offer that matches the flow you are implementing.
Test the workflow
- Open the GO hold example app.
- Select Scan.
- Scan the QR code generated in the previous step.
- Review the credential offer and select Accept.
- Follow the issuance workflow instructions to claim the credential.
- If you are testing an Authorization Code flow, you will be redirected to the configured authentication provider to authenticate. After a successful authentication you will be redirected back to the GO hold app to continue the issuance workflow.
- If you are testing a Pre-authorized Code flow, you will also be prompted to enter the
transactionCodevalue returned in the response when you created the credential offer.
 
You should now have a new credential your MATTR GO Hold app.
If you are using a claim source as part of your credential configuration, ensure that it is correctly set up and accessible. Issuance may fail if the claims source is not reachable or does not return the expected claims.
What's next?
Check out more resources on MATTR Learn that will enable you to:
- Configure a Claims source to retrieve data from compatible data sources and use it in the issued credential.
- Configure an Interaction hook to redirect the user to custom components as part of the issuance workflow.
How would you rate this page?
