Issue Supplier Credentials to a Business Wallet

The Story

Imagine SecureStaff BV, a staffing company that wants to register on the FlexProcure procurement portal. To complete their registration, they need to provide five documents from five different sources: a KVK registration extract, a tax compliance statement, a VAT registration, bank account details, and an insurance certificate.

In the old world, SecureStaff BV would download PDFs, scan paper certificates, and email files to the broker. The broker would then spend days manually checking each document — calling institutions to verify authenticity and flagging inconsistencies.

But KVK, the Tax Authority, ABN AMRO, and Allianz have integrated verifiable credential issuance powered by the Credenco Business Wallet. SecureStaff BV visits each authority's portal, authenticates, and clicks "Issue credential". The browser redirects to their business wallet, where the credential appears — ready to accept.

The best part? Every authority uses the exact same integration pattern — a single API call. Whether you're a chamber of commerce, a bank, or an insurance company, the process is identical.

This guide shows you how to build that experience.

1

2

3

4

5

6

7

8

SecureStaff BV visits the KVK portal to request a registration extract

---

How It Works

When issuing a supplier credential to a business wallet, the flow involves three parties: the authority's portal (where SecureStaff BV interacts), the authority's backend (which orchestrates the process), and the Credenco Business Wallet (which creates and signs the credential).

Unlike personal wallet issuance (which uses QR codes), business wallet issuance works entirely in the browser. The authority's portal redirects the user to the credential offer URL, where the business wallet displays the credential for acceptance.

Key Concepts

Concept	Description
Business Wallet	A browser-based wallet that stores verifiable credentials for organizations — no mobile app required
Credential Offer URL	The URL returned by the API that the user navigates to in their browser to accept the credential
OpenID4VCI	The open standard protocol used for credential issuance between the business wallet and the Credenco platform
Correlation ID	A business key you provide to track the issuance process and check its status

---

Sequence Diagram

The diagram below shows the complete interaction between all parties — from the moment SecureStaff BV requests a credential to the moment it appears in their business wallet. This flow is identical for every credential type.

---

Step-by-Step Integration

Prerequisites

Before you begin, make sure you have:

• A Credenco Business Wallet account (sign up here)
• An Issuer Template configured — Create Issuer Template
• A Credential Template configured — Create Credential Template
• API access enabled — Set up API authentication

---

Step 1: Start the Credential Issuance

When a supplier requests a credential from your portal, your backend calls the Start issue Credential API.

Example: Issuing a KVK registration extract credential

Request:

curl -X POST https://your-wallet.credenco.com/api/v2/credential/issue \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_API_KEY" \
  -d '{
    "correlation_id": "kvk-securestaff-2026",
    "template_id": "kvk_registration_extract",
    "claims": {
      "kvk_number": "12345678",
      "legal_name": "SecureStaff BV",
      "legal_form": "Besloten Vennootschap",
      "registration_date": "2018-04-15",
      "address": "Herengracht 100, 1015 BS Amsterdam",
      "authorized_signatory": "Jan van der Berg"
    }
  }'

Note: There is no qr_code parameter in the request. When qr_code is omitted, the response returns a request_uri — a URL that the user navigates to in their browser. This is the standard flow for business wallets.

Response:

{
  "correlation_id": "kvk-securestaff-2026",
  "request_uri": "openid-credential-offer://?credential_offer_uri=https://your-wallet.credenco.com/openid4vc/credentialOffer?id=a3b7c9d1-4e5f-6a7b-8c9d-0e1f2a3b4c5d",
  "status_uri": "https://your-wallet.credenco.com/api/v2/issue/kvk-securestaff-2026"
}

Field	Description
correlation_id	Your business key to track this issuance
request_uri	The credential offer URL — redirect the user's browser to this URL
status_uri	Endpoint to poll for status updates

---

Step 2: Redirect the User to the Credential Offer

The request_uri in the response is a URL that opens the credential in the supplier's business wallet. Redirect the user's browser to this URL:

// In your frontend, after receiving the response from your backend:
window.location.href = response.request_uri;

Or render it as a link:

<a href="openid-credential-offer://?credential_offer_uri=...">
  Open in your Business Wallet
</a>

The supplier's browser navigates to their business wallet, which displays the credential details. The supplier reviews and clicks "Accept" to store the credential.

---

Step 3: Check the Issuance Status

After the redirect, your backend can poll the Get issue status API to track progress:

curl https://your-wallet.credenco.com/api/v2/credential/issue/kvk-securestaff-2026 \
  -H "x-api-key: YOUR_API_KEY"

Response (after credential is accepted):

{
  "status": "issue_completed",
  "correlation_id": "kvk-securestaff-2026",
  "last_updated": 1751155200000,
  "revocation_uuid": "7f3a2b1c-9d8e-4f5a-6b7c-8d9e0f1a2b3c"
}

Status	Meaning
issue_request_created	The credential offer has been created, waiting for the wallet to pick it up
credential_offer_retrieved	The business wallet has retrieved the offer
issue_completed	The credential has been successfully issued and accepted
error	Something went wrong during the issuance process

Tip: Save the revocation_uuid from the completed response. You'll need it if you ever want to revoke the credential in the future.

---

Optional: Use Callbacks Instead of Polling

Instead of polling the status endpoint, you can provide a callback URL in the issue request. Credenco will notify your backend automatically when the status changes:

{
  "correlation_id": "kvk-securestaff-2026",
  "template_id": "kvk_registration_extract",
  "claims": { ... },
  "callback": {
    "url": "https://your-backend.com/webhooks/credential-status",
    "status": ["issue_completed", "error"]
  }
}

Your callback endpoint will receive a POST request with the status update whenever the issuance completes or fails.

---

Credential Examples

Each authority issues a different credential type. Below are example claims payloads for each of the five supplier onboarding documents.

KVK Registration Extract

Issued by the Chamber of Commerce (KVK).

{
  "template_id": "kvk_registration_extract",
  "claims": {
    "kvk_number": "12345678",
    "legal_name": "SecureStaff BV",
    "legal_form": "Besloten Vennootschap",
    "registration_date": "2018-04-15",
    "address": "Herengracht 100, 1015 BS Amsterdam",
    "authorized_signatory": "Jan van der Berg"
  }
}

Tax Compliance Statement

Issued by the Tax Authority (Belastingdienst).

{
  "template_id": "tax_compliance_statement",
  "claims": {
    "rsin": "987654321",
    "company_name": "SecureStaff BV",
    "compliance_status": "compliant",
    "valid_from": "2026-01-01",
    "valid_until": "2026-12-31"
  }
}

VAT Registration

Issued by the Tax Authority (Belastingdienst).

{
  "template_id": "vat_registration",
  "claims": {
    "vat_number": "NL123456789B01",
    "company_name": "SecureStaff BV",
    "registration_date": "2018-04-20"
  }
}

Bank Account Details

Issued by the supplier's bank (e.g., ABN AMRO).

{
  "template_id": "bank_account_details",
  "claims": {
    "bank_name": "ABN AMRO",
    "iban": "NL91ABNA0417164300",
    "account_holder": "SecureStaff BV",
    "bic": "ABNANL2A"
  }
}

Insurance Certificate

Issued by the insurer (e.g., Allianz).

{
  "template_id": "insurance_certificate",
  "claims": {
    "insurer": "Allianz",
    "policy_number": "AVB-2026-00412",
    "coverage_type": "Professional Liability",
    "insured_party": "SecureStaff BV",
    "valid_from": "2026-01-01",
    "valid_until": "2027-01-01",
    "coverage_amount": "2.500.000"
  }
}

---

Complete Flow at a Glance

1

Authority Backend
Calls the Issue API with the credential details — no QR code parameter

2

Redirect Browser
The portal redirects the supplier's browser to the credential offer URL

3

Supplier Accepts
The business wallet shows the credential — the supplier clicks Accept

4

Credential Stored
The credential is stored in the business wallet via OpenID4VCI

---

API Reference

API	Method	Endpoint	Description
Start issue Credential	POST	/api/v2/credential/issue	Start the credential issuance and get a credential offer URL
Get issue status	GET	/api/v2/credential/issue/{correlationId}	Check the status of an issuance process
Revoke Credential	POST	/api/v2/credential/revoke	Revoke a previously issued credential

---

What's Next?

Now that you understand how to issue supplier credentials to a business wallet, you might want to explore:

• Verify Supplier Credentials — See how the broker verifies all five credentials at once
• Create Credential Templates — Design the credential types your organization issues
• API Authentication — Set up OAuth2 or API key authentication
• Verify Credentials — Request and verify credentials from holders