Verify Mortgage Documents
The Story
Thomas has collected all six mortgage documents as verifiable credentials in his personal wallet: his identity document, pension overview, purchase contract, savings statement, loan overview, and student debt statement. Today he is ready to apply for a mortgage at Tulip Trust Bank.
In the past, Thomas would upload six separate PDF files to the bank's portal. The bank's back office would then spend days manually checking each document — calling institutions to verify authenticity, cross-referencing names and amounts, and flagging inconsistencies. Thomas would wait anxiously, only to receive follow-up requests for missing or expired documents.
But Tulip Trust Bank has integrated verifiable credential verification into their mortgage portal, powered by the Credenco Business Wallet. When Thomas starts his application, the portal shows a single QR code. Thomas opens his wallet app, scans the code, and sees the bank is requesting all six credentials. He taps "Share", and within seconds the bank has cryptographically verified every document.
The portal shows: "All required documents received and verified" — and Thomas can view his mortgage offer.
This guide shows you how to build that verification experience.
How It Works
When verifying mortgage credentials from a personal wallet, the flow involves three parties: the bank's mortgage portal (where the verification is initiated), the bank's backend (which orchestrates the process), and the bank's Credenco Business Wallet (which creates the verification request and validates the credentials).
The key difference from single-credential verification: the verifier template requests multiple credential types at once. The applicant shares all required documents in a single interaction.
The credential holder stays in full control — they choose exactly which credentials to share and can deny requests they don't trust.
Key Concepts
| Concept | Description |
|---|---|
| Verifier Template | A configuration in the Credenco Business Wallet that defines which credentials you want to request — for mortgages, this includes all six document types |
| Authorization Request | An OID4VP request that initiates the credential verification flow |
| QR Code | Presented to the user so they can scan it with their wallet app and share credentials |
| OpenID4VP | The open standard protocol used for credential presentation and verification |
| Correlation ID | A business key to track the verification session and retrieve results |
Sequence Diagram
The diagram below shows the complete interaction — from the moment Tulip Trust Bank requests Thomas's mortgage documents to the moment all credentials are verified.
Step-by-Step Integration
Prerequisites
Before you begin, make sure you have:
- A Credenco Business Wallet account (sign up here)
- A Verifier Template configured that requests all six mortgage credential types — Create Verifier Template
- API access enabled — Set up API authentication
Step 1: Create a Verification Request
When a mortgage applicant clicks "Provide required documents", the bank's backend calls the Create authorization request API.
Request:
curl -X POST https://your-wallet.credenco.com/api/v1/oid4vp/backend/auth/requests \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_API_KEY" \
-d '{
"correlation_id": "mortgage-thomas-2026",
"query_id": "verify_mortgage_documents",
"qr_code": {
"size": 400
}
}'
Tip: The query_id must match the Verifier template key configured in the Credenco Business Wallet. This template defines all six credential types and the specific attributes you want to verify for each.
Response:
{
"correlation_id": "mortgage-thomas-2026",
"auth_request_uri": "openid4vp://authorize?request_uri=https://your-wallet.credenco.com/oid4vp/auth/request/xyz789",
"status_uri": "https://your-wallet.credenco.com/api/v1/oid4vp/backend/auth/requests/mortgage-thomas-2026",
"qr_uri": "data:image/png;base64,iVBORw0KGgo..."
}
| Field | Description |
|---|---|
correlation_id | Your business key to track this verification session |
auth_request_uri | The OpenID4VP authorization request URI (encoded in the QR code) |
status_uri | Endpoint to poll for verification status |
qr_uri | Base64-encoded PNG image of the QR code — ready to display |
Step 2: Display the QR Code
Display the qr_uri directly in your frontend. The user needs to scan it with their wallet app:
<div style="text-align: center; padding: 2rem;">
<h2>Share your mortgage documents</h2>
<img src="data:image/png;base64,iVBORw0KGgo..." alt="Mortgage Verification QR Code" />
<p>Open your wallet app and scan the code to share all required documents.</p>
</div>
Note: The QR code is single-use. Each verification session requires a new QR code.
Step 3: The User Shares Their Credentials
From Thomas's perspective:
- Thomas opens his personal wallet app on his phone
- He taps "Scan QR code"
- The wallet app reads the QR code and contacts the bank's Credenco Business Wallet
- The wallet shows which credentials Tulip Trust Bank is requesting — all six mortgage documents
- Thomas reviews the request and taps "Share"
- The wallet sends all six credentials to the bank's Credenco Business Wallet using the OpenID4VP protocol
- The bank's Business Wallet cryptographically verifies the signatures and checks each credential's validity
Thomas stays in full control — he sees exactly what is being requested and can deny the request at any time.
Step 4: Check the Verification Status
After the QR code is displayed, your backend polls the Get authorization session status API to track progress and retrieve results:
curl "https://your-wallet.credenco.com/api/v1/oid4vp/backend/auth/requests/mortgage-thomas-2026?includeData=true" \
-H "x-api-key: YOUR_API_KEY"
Response (after all credentials are verified):
{
"status": "verified",
"correlation_id": "mortgage-thomas-2026",
"last_updated": 1751155200000,
"data": {
"identity_document": {
"full_name": "Thomas van den Berg",
"date_of_birth": "1994-02-18",
"bsn": "123456789",
"document_number": "IDNLD12345",
"valid_until": "2031-02-18"
},
"pension_overview": {
"full_name": "Thomas van den Berg",
"pension_provider": "ABP Pensioenfonds",
"annual_accrual": "2.450",
"total_accrued": "42.150",
"retirement_date": "2059-06-15"
},
"purchase_contract": {
"property_address": "Oudegracht 42, 3511 AR Utrecht",
"purchase_price": "385000",
"buyer_name": "Thomas van den Berg",
"seller_name": "Maria Jansen",
"signing_date": "2026-03-01"
},
"savings_statement": {
"bank_name": "ING",
"account_holder": "Thomas van den Berg",
"balance": "47.250",
"balance_date": "2026-03-15"
},
"loan_overview": {
"full_name": "Thomas van den Berg",
"total_debt": "2.800",
"monthly_obligations": "150",
"number_of_loans": "1",
"registration_date": "2026-03-10"
},
"student_debt_statement": {
"full_name": "Thomas van den Berg",
"original_debt": "28.000",
"remaining_debt": "18.500",
"monthly_payment": "185",
"expected_end_date": "2034-09-01"
}
}
}
| Status | Meaning |
|---|---|
created | The authorization request has been created, waiting for the wallet to respond |
request_retrieved | The wallet app has retrieved the authorization request |
verified | All credentials have been successfully presented and verified |
error | Something went wrong during the verification process |
Tip: Use the includeData=true query parameter to include the actual credential data in the response. Without it, you only get the status.
Step 5: Show the Result
Once all six credentials are verified, show the applicant a success message:
<div style="text-align: center; padding: 2rem;">
<h2>All required documents received and verified</h2>
<p>6 of 6 credentials verified successfully.</p>
<button>Show mortgage offer</button>
</div>
Optional: Use Callbacks Instead of Polling
Instead of polling, provide a callback URL in the verification request:
{
"correlation_id": "mortgage-thomas-2026",
"query_id": "verify_mortgage_documents",
"qr_code": { "size": 400 },
"callback": {
"url": "https://your-backend.com/webhooks/verification-status",
"status": ["verified", "error"]
}
}
Your callback endpoint will receive a POST request when the verification completes or fails.
What the Bank Can Do After Verification
Once all six credentials are verified, the bank's backend has cryptographically confirmed data from six independent sources. This enables automated checks:
| Check | Description |
|---|---|
| Identity consistency | Verify that the name on the identity document matches the name on all other credentials |
| Financial capacity | Calculate affordability based on savings, pension, debts, and student loans |
| Property match | Confirm the purchase contract details match the mortgage application |
| Document freshness | Check that all credentials are still within their validity period |
All of this is automated and based on cryptographically verified data — no manual document review needed.
Complete Flow at a Glance
Calls the Verification API requesting all 6 credential types
Display a single QR code in the mortgage portal
He scans the QR code and shares all 6 credentials at once
The bank's Business Wallet verifies all credentials — mortgage offer is ready
API Reference
| API | Method | Endpoint | Description |
|---|---|---|---|
| Create authorization request | POST | /api/v1/oid4vp/backend/auth/requests | Create a verification request and get a QR code |
| Get authorization session status | GET | /api/v1/oid4vp/backend/auth/requests/{correlationId} | Check verification status and retrieve credential data |
What's Next?
Now that you understand how to verify mortgage credentials from a personal wallet, you might want to explore:
- Collect Mortgage Documents — See how each institution issues credentials to Thomas's wallet
- Create Verifier Templates — Define which credentials your organization wants to verify
- API Authentication — Set up OAuth2 or API key authentication
- Issue Credentials — Issue your own credentials to users