Skip to content

๐Ÿ”‘ Restful API for the Credential issuer of the DDDC and IoT pilot projects


Notifications You must be signed in to change notification settings


Folders and files

Last commit message
Last commit date

Latest commit


Repository files navigation

DDDC Credential Issuer API

Restful API for the Credential issuer of the Digital Democracy and Data Commons pilot project
Build Status codecov

Credential issuer API is part of the DDDC. Digital Democracy and Data Commons is a pilot participatory process oriented to test a new technology to improve the digital democracy platform Decidim and to collectively imagine the data politics of the future. This pilot takes place in the context of the European project DECODE (Decentralized Citizen Owned Data Ecosystem) that aims to construct legal, technological, and socioeconomic tools that allow citizens to take back control over their data and technological sovereignty. Our effort is that of improving people's awareness of how their data is processed by algorithms, as well facilitate the work of developers to create along privacy by design principles using algorithms that can be deployed in any situation without any change.

๐Ÿšฉ Table of Contents (click to expand)

๐Ÿš€ Getting started

This requires docker to be installed

git clone --recursive
cd dddc-credential-issuer

This will clone the project and all submodules of the project (--recursive is important) then by lunching the will create a docker container with all the dependencies correctly configured.

Head your browser to:



for the authentication in the SWAGGER UI over the calls, that need the OAuth2 and JWT token please use the following credentials:

username password
demo demo

NB: client_id and client_secret are not mandatory and should be empty

๐Ÿ’พ Install

To locally run you need to run over a the API project over an ASGI server like uvicorn.

Assuming you are already cloned the project as described on Getting started with the submodules and already cd into your project directory dddc-credential-issuer you need the following steps

  1. create a virtualenv
  2. activate the virtualenv
  3. upgrade the pip
  4. install dependencies
  5. install the ASGI serve
  6. run locally the API
python3 -m venv venv
. venv/bin/activate
pip install --upgrade pip
pip install -e .
pip install uvicorn
uvicorn app.main:api --debug

๐ŸŽฎ Usage

This API server is meant for the Credential Issuing of the DDDC Project part of the

This will handle both the credential issuing with Coconut (for the wallet) and the interaction with the DDDC Site as described here

๐Ÿณ Docker

docker build -t dddc-credential-issuer .
docker run --rm -p 80:80 -e APP_MODULE="app.main:api" -e LOG_LEVEL="debug" -it dddc-credential-issuer

All the options are documented on here

๐Ÿ API

All the parameters and format of the input are documented on the swagger, below you'll find a quick description of each endpoint


This returns a valid JWT to be used over OAuth2 covered calls in the Bearer header


Creates an Authorizable Attibute as defined on here it contains an authorizable_attribute_id and a authorizable_attribute_info in form of a list of objects each one with a key and values

This will create the rules to allow people to obtain a credential. Each credential will have it's own keypair (in form of a Credential Issuer Keypair, Coconut flow 03) and the public verification_key will be printed as a result

IoT vs. DDDC the real difference between the two use-cases is to allowing reissue the credentials for the same user. To differenciate this behaviout each Authorizable Attibute has a boolean parameter reissuable that should be passed. IoT want to pass it as true to allow reissuing of the credentials.


This allows to retrieve the Authorizable Attibute by the authorizable_attribute_id

This will contain the ruleset and the verification_key


This will check that the information provided are a correct subset of the information of the Authorizable Attribute and if they are correct it will sign (add a sigma_tilde) and release a credential for the user (coconut flow 05)


Gives back the Credential Issuer ci_unique_id a string that identifies the credential issue instance.

๐Ÿ”ง Configuration

All the configuration should be available under an .ini file. By default the configuration file is config.ini

User defined config.ini

Define a environment variable DDDC_CREDENTIAL_ISSUER_CONFIGFILE with the absolute path of the file like:

export DDDC_CREDENTIAL_ISSUER_CONFIGFILE=/srv/some/secure/place/production.ini

You are encouraged to do this and edit the config file with your real data.


name description values
debug This should be off in production add some verbose logging true or false
uid The ci_unique_id. A string that identifies the credential issue instance string
keypair The secret keypair path of the Credential Issuer, if the file does not exists, it is created the first a request is run file absolute path
contracts_path The path of the Zencode smart contracts for now a submodule of dddc-pilot-contracts directory absolute path
ALGORITHM The algorithm used for the JWT generation available algorithms
ACCESS_TOKEN_EXPIRE_MINUTES Minutes of validity of the JWT tokens int
SQLALCHEMY_DATABASE_URI The url of your relational database (sqlite is tested by now) SQLAlchemy Database URL

๐Ÿ“‹ Testing

python3 test

๐Ÿ› Troubleshooting & debugging

To run the credential-issuer in debug mode, please run it in local and activate --debug when you launch the ASGI uvicorn server.

Set the LOG_LEVEL="debug" ENVIRONMENT VARIABLE that is used by uvicorn and starlette.

Configure your config.ini and set the

debug = true

๐Ÿ˜ Acknowledgements

Copyright ยฉ๏ธ 2019 by foundation, Amsterdam

Designed, written and maintained by Puria Nafisi Azizi

With design contributions by Oleguer 'Ula' Sagarra

Special thanks to Denis 'Jaromil' Roio and Andrea D'Intino for their expert reviews.

Project funded by the European Commission

This project is receiving funding from the European Unionโ€™s Horizon 2020 research and innovation programme under grant agreement nr. 732546 (DECODE).

๐ŸŒ Links

๐Ÿ‘ฅ Contributing

Please first take a look at the - Contributor License Agreement then

  1. ๐Ÿ”€ FORK IT
  2. Create your feature branch git checkout -b feature/branch
  3. Commit your changes git commit -am 'Add some fooBar'
  4. Push to the branch git push origin feature/branch
  5. Create a new Pull Request
  6. ๐Ÿ™ Thank you

๐Ÿ’ผ License

DDDC Credential Issuer API
Copyright (c) 2019 foundation, Amsterdam

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <>.


๐Ÿ”‘ Restful API for the Credential issuer of the DDDC and IoT pilot projects







No releases published


No packages published