Getting Started

Prepare base URL

Your Issuer API environment is entirely managed by TNG's Product Suite Platform (PSP), so there is nothing to worry about setting up the technology stack. You will receive the Issuer API Base URL for your environment. The Issuer API uses a single base URL to standardize all endpoints.

$API_KEY=INSERT_YOUR_API_KEY_HERE # the API key assigned to you via Issuer portal
$IDENTITY_ENV_ID=426f1ce15bf3df70 # the unique idenitifer for your env
$ISSUER_API_BASE_URL=https://identity.products.teranode.group/products/web/$IDENTITY_ENV_ID/issuer

Make sure to replace $ISSUER_API_BASE_URL with the Issuer API base URL provided to you.

API Key Authentication

The API supports API Key authentication providing the following header

X-API-KEY: <API_KEY>

The API key grants you access to the API documented at API Documentation

If the API returns 403 means the API key privileges does not suffice to access the action you want to perform. Ask an Admin or Owner of the environment to review your access.

If the API returns 401 means the API key is not authorised or invalid. Ask an Admin or Owner to review access.

Authorization

The Issuer API uses role-based access control (RBAC) to manage permissions. Authorization is enforced using the cognito:groups claim in the JWT access token, which specifies the user’s assigned claims. These permissions determine what actions the user can perform within the API.

Supported Roles

• Issuer Admin - can view and issue verifiable credentials, can view the history of issued credentials, can revoke credentials & more

• Issuer User - can view and issue verifiable credentials, can view the history of its own issued credentials, can revoke its own credentials and more.

• Issuer Auditor - can view the history of issued credentials, can revoke credentials & more