@passkeybridge/vc-wallet-sdk

v0.4.2

Published

18 days ago

Official PasskeyBridge SDK for issuing and verifying W3C Verifiable Credentials (JWT-VC + SD-JWT-VC) against the PasskeyBridge identity attestation platform.

0High
0Medium
0Low

passkeybridgellc

passkeybridge verifiable-credentials vc sd-jwt-vc w3c-vc identity attestation eidas

@passkeybridge/vc-wallet-sdk

Official TypeScript SDK for the PasskeyBridge Verifiable Credentials platform. Issue and verify W3C JWT-VC and SD-JWT-VC credentials, check revocation status, and manage credential lifecycle from any Node.js, Deno, browser, or edge runtime that supports the fetch API.

This is the initial public release (v0.1.0). It ships the network-bound surface against the production PasskeyBridge edge functions. Local wallet storage, holder binding (KB-JWT), and OID4VCI flows ship in v0.2.0 and later, per the CHANGELOG.

Installation

npm install @passkeybridge/vc-wallet-sdk
# or
pnpm add @passkeybridge/vc-wallet-sdk
# or
bun add @passkeybridge/vc-wallet-sdk

Requires Node.js 18+ (or any runtime with global fetch).

Quick start

import { PBWallet } from "@passkeybridge/vc-wallet-sdk";

const wallet = new PBWallet({
  apiKey: process.env.PB_API_KEY!,        // pb_live_... from the dashboard Keys tab
  tenantId: process.env.PB_TENANT_ID!,    // your tenant UUID
});

// Issue a standard JWT-VC
const issued = await wallet.issue({
  subjectDid: "did:web:example.com:users:alice",
  credentialType: "IdentityAttestation",
  claims: { verificationLevel: "enhanced" },
  expirationDays: 90,
});

console.log(issued.credential.credential_id);
console.log(issued.credential.jwt);

API

`new PBWallet(options)`

| Option | Type | Default | Description | | ----------- | -------------------------- | -------------------------------------- | -------------------------------------------- | | apiKey | string | required | Tenant API key (pb_live_... / pb_test_...). | | tenantId | string | required | Your PasskeyBridge tenant UUID. | | baseUrl | string | https://api.passkeybridge.io/v1 | Override only for staging / self-host. | | fetch | typeof fetch | global fetch | Inject a custom fetch (Undici, polyfill). | | timeoutMs | number | 15000 | Per-request timeout. |

`wallet.issue(params)`

Issue a JWT-VC (default) or SD-JWT-VC (when disclosureFrame is supplied).

const cred = await wallet.issue({
  subjectDid: "did:web:example.com:users:alice",
  credentialType: "IdentityAttestation",
  claims: { verifiedAt: "2026-05-25T00:00:00Z", verificationLevel: "enhanced" },
  expirationDays: 90,
  // Optional: enables SD-JWT-VC
  disclosureFrame: { verifiedAt: true },
  // Optional: pass a holder JWK to embed `cnf.jwk` for KB-JWT binding
  holderPublicJwk: { kty: "EC", crv: "P-256", x: "...", y: "..." },
});

`wallet.verifyPresentation(params)` and `wallet.verify(params)`

const result = await wallet.verifyPresentation({
  vpToken: "eyJ...",
  credentialTypeHint: "IdentityAttestation",
});

if (result.verified) {
  console.log("cross-reference id", result.crossReferenceId);
}

`wallet.checkStatus(credentialId)`

Single credential status lookup. Returns one of active | suspended | revoked | expired | unknown.

`wallet.batchCheckStatus(credentialIds)`

Up to 100 ids per call.

const { credentials, checkedAt } = await wallet.batchCheckStatus([
  "urn:uuid:...",
  "urn:uuid:...",
]);

`wallet.revoke / suspend / reinstate(credentialId, reason?)`

await wallet.revoke("urn:uuid:...", "key_compromise");

`wallet.refreshStatusList(issuerDid?)`

Force a StatusList2021 rebuild. Returns { etag, totalCredentials, revokedCount, generatedAt }.

Static helpers

import { decodeCredential, hashPhone, PBWalletError } from "@passkeybridge/vc-wallet-sdk";

const { header, payload } = decodeCredential(issued.credential.jwt);
const phoneHash = await hashPhone("+15551234567"); // SHA-256 hex

Errors

All network failures throw PBWalletError:

try {
  await wallet.issue(...);
} catch (err) {
  if (err instanceof PBWalletError) {
    console.error(err.code, err.httpStatus, err.message, err.requestId);
  }
}

Required API key scopes

| Scope | Used by | | ------------ | ------------------------------------------------------------------ | | vc_issue | issue | | vc_verify | verifyPresentation, verify | | vc_status | revoke, suspend, reinstate, refreshStatusList |

checkStatus and batchCheckStatus are public (no scope required) so verifiers can resolve revocation without an API key.

Versioning and stability

The SDK follows semver. The 0.x line may introduce breaking changes between minor versions as the surface fills out. Pin to a minor (^0.1) until 1.0.0.

Published

Vulnerabilities

Links

Maintainers

Keywords

Readme

@passkeybridge/vc-wallet-sdk

Installation

Quick start

API

new PBWallet(options)

wallet.issue(params)

wallet.verifyPresentation(params) and wallet.verify(params)

wallet.checkStatus(credentialId)

wallet.batchCheckStatus(credentialIds)

wallet.revoke / suspend / reinstate(credentialId, reason?)

wallet.refreshStatusList(issuerDid?)

Static helpers

Errors

Required API key scopes

Versioning and stability

License

`new PBWallet(options)`

`wallet.issue(params)`

`wallet.verifyPresentation(params)` and `wallet.verify(params)`

`wallet.checkStatus(credentialId)`

`wallet.batchCheckStatus(credentialIds)`

`wallet.revoke / suspend / reinstate(credentialId, reason?)`

`wallet.refreshStatusList(issuerDid?)`