> ## Documentation Index
> Fetch the complete documentation index at: https://docs.didx.co.za/llms.txt
> Use this file to discover all available pages before exploring further.

# Create an SD-JWT credential preset

> Publish an SD-JWT credential preset that issuers can use by reference.

This page covers authoring an **SD-JWT** credential preset: the request body, the decisions that only the author makes, and the common pitfalls. For the field-by-field shape walkthrough, see [Anatomy of an SD-JWT credential preset](/products/didx-me/guides/issuers/sd-jwt-credential-preset-anatomy). For mDoc credentials, see [Create an mDoc credential preset](/products/didx-me/guides/issuers/create-mdoc-credential-preset).

## Endpoint

```
POST /presets/credentials/sd-jwt
```

## Request

```bash theme={null}
curl -X POST "https://test.didxtech.com/me-creds/api/v1/presets/credentials/sd-jwt" \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "code": "basic-identity",
    "templateName": "Basic Identity Credential",
    "templateDescription": "A basic identity credential template",
    "templateAttributes": {
      "firstName": {
        "type": "string",
        "name": "First Name",
        "required": true,
        "alwaysDisclosed": false
      },
      "lastName": {
        "type": "string",
        "name": "Last Name",
        "required": true,
        "alwaysDisclosed": false
      }
    }
  }'
```

## Authoring guidance

### Choose the `code` carefully

Your tenant alias is automatically prepended as the author, so `code: "basic-identity"` becomes the canonical id `<your-alias>:basic-identity`. That id is what issuers will pass as `presetId` for the **lifetime of the preset**. The same `<author>/<code>` pair also derives the credential's VCT.

Presets are immutable once published.

Keep the code short, lowercase, hyphen-separated, and meaningful on its own (`degree-certificate`, not `cred1`).

### Write the description for someone scanning a list

`templateName` and `templateDescription` are what issuers see when browsing the catalogue. Be specific in the description. "Basic identity credential carrying first name and last name" is far more useful than "Identity credential".

### Use `alwaysDisclosed: true` sparingly

For SD-JWT credentials, the holder normally controls what's shared on a per-presentation basis. `alwaysDisclosed: true` removes that choice for a given attribute.

Set it `true` only for fields whose presence is meaningful in itself, typically trust signals like a `verified` flag, where the credential carries no useful meaning without it. For ordinary personal data (name, date of birth, etc.), leave it `false` and let the holder decide.

### Pick `issuerConfig.signer` deliberately

`did:web` is the typical default — credentials are signed using the tenant's `did:web` DID, and verifiers fetch the DID document to validate. Choose `certificate` only when you need x509-based signing (rarer for SD-JWT; common in regulated environments). The certificate option also caps the validity window at 365 days.

## Updating and removing presets

The API supports creating and reading presets; it does **not** expose update or delete endpoints. Presets are immutable.
