Skip to main content

Overview

Digital Credentials integration lets you verify identity documents (passports, ID cards, driver’s licenses) stored in device wallets like Google Wallet and Apple Wallet. Your app requests the credential, the user consents, and Hopae Connect validates the cryptographically signed response.
When to use this integration:
  • Building a native mobile app (Android or iOS)
  • Building a web app that calls the DC API directly
  • Want the wallet request payload returned immediately (no QR scan or polling)
  • Verifying credentials from decentralized wallet providers (e.g., us-id-pass)

How it works

Your app makes 3 API calls to Hopae Connect. The wallet interaction (step 2) happens entirely on-device — Hopae is not involved.

Prerequisites

  • API credentials from the Console
  • A DC-enabled provider (e.g., us-id-pass) enabled for your app
  • Android: CredentialManager API (requires Google Play Services)
  • iOS: Safari 26+ with Digital Credentials API support
  • Web: Chrome 128+ with Digital Credentials API support

Implementation Steps

Step 1: Create Verification Session

Create a verification with options.mode = "native" to receive the wallet request payload immediately in the response.

Options parameters

Response

When platform is "ios", the request.data contains deviceRequest and encryptionInfo (binary CBOR) instead of the JSON fields shown above.
The key field is flowDetails.request — pass this to the device wallet in step 2. The session expires after 30 minutes.

Step 2: Request Credential from Wallet

Pass flowDetails.request from step 1 to the W3C Digital Credentials API on your platform. This step happens entirely on-device — no Hopae API call is needed.
Use Android CredentialManager with GetDigitalCredentialOption:
The OS displays a consent screen showing which data is being requested. The user must approve before the credential is released.

Step 3: Submit Wallet Response

Send the signed credential response to Hopae Connect for validation.
This endpoint requires the same Basic Auth credentials (CLIENT_ID:CLIENT_SECRET) as steps 1 and 4. The credential is also validated cryptographically by the Verifier — signature verification, nonce binding, origin check, and trust chain validation against government issuer certificates. A forged or replayed credential is rejected regardless of the caller.
Success response:

Step 4: Retrieve Verified Claims

Once the verification is complete, retrieve the normalized identity data with provenance.
Response
Identity claims are available in provenance.presentation.credentials[].claims. The sub field is a stable pseudonymous identifier derived from the document number — consistent across verifications of the same document.

Error Handling

Available Providers

More DC-enabled providers will be added. The integration flow is identical — only providerId changes.

Comparison with Standard API Flow

This guide is for native DC providers only. Most eID providers (BankID, MitID, Smart-ID, etc.) use the standard REST API integration with QR, redirect, or push flows. Use this guide only when integrating DC-enabled wallet providers listed above.

Next Steps

Standard API Integration

For QR, redirect, and push flow providers

Verification API Reference

Full endpoint documentation

Return Data Model

Understanding user claims and provenance

Digital ID Types

Learn about wallet-based credentials