Endpoint
Request
Authoring guidance
Choose the code carefully
Your tenant alias is automatically prepended as the author, so code: "basic-identity" becomes the canonical id <your-alias>:basic-identity. That id is what issuers will pass as presetId for the lifetime of the preset. The same <author>/<code> pair also derives the credential’s VCT.
Presets are immutable once published.
Keep the code short, lowercase, hyphen-separated, and meaningful on its own (degree-certificate, not cred1).
Write the description for someone scanning a list
templateName and templateDescription are what issuers see when browsing the catalogue. Be specific in the description. “Basic identity credential carrying first name and last name” is far more useful than “Identity credential”.
Use alwaysDisclosed: true sparingly
For SD-JWT credentials, the holder normally controls what’s shared on a per-presentation basis. alwaysDisclosed: true removes that choice for a given attribute.
Set it true only for fields whose presence is meaningful in itself, typically trust signals like a verified flag, where the credential carries no useful meaning without it. For ordinary personal data (name, date of birth, etc.), leave it false and let the holder decide.
Pick issuerConfig.signer deliberately
did:web is the typical default — credentials are signed using the tenant’s did:web DID, and verifiers fetch the DID document to validate. Choose certificate only when you need x509-based signing (rarer for SD-JWT; common in regulated environments). The certificate option also caps the validity window at 365 days.

