GQTW Core API (1.0.0-draft)

Download OpenAPI specification:

License: MIT

OpenAPI normative surface for GQTW wallet interoperability contracts.

This OpenAPI file is the normative endpoint contract for the GQTW profile.

Semantics:

All request and response payloads are JSON objects.
Presentation and ingest-style operations are asynchronous unless a response explicitly states otherwise.
GQTS host retrieval operations are defined in GQTS Core and are referenced by operation id in GQTW prose.

Versioning strategy:

Breaking wire changes require a new API version and migration text.
Profile-specific constraints are expressed through requirement ids and media types.

profile

Wallet profile metadata and capability publication.

Get wallet profile metadata.

Returns machine-readable metadata for one GQTW profile, including supported proof profiles, supported upstream host-profile operations, and conformance dependencies.

path Parameters

profileId

required

string (Identifier) [ 1 .. 128 ] characters ^[A-Za-z0-9._:-]+$

Responses

Response samples

200
404

Content type

application/gqtw.profile+json

{"profileId": "string",
"profileVersion": "string",
"proofProfiles": ["bbs-profile"
],
"upstreamRequirements": ["string"
],
"gqtsOperations": ["getSchemeDescriptor"
],
"gqscdProfileRefs": ["string"
]
}

presentation

Wallet-RP presentation request and submission flows.

Submit a relying-party presentation request to a wallet endpoint.

Accepts a relying-party request that asks for one or more selectively disclosed claims. Wallet implementations MUST bind all accepted requests to explicit challenge and audience values.

Request Body schema:
application/gqtw.presentation-request+json
required

requestId required	string (Identifier) [ 1 .. 128 ] characters ^[A-Za-z0-9._:-]+$
challenge required	string >= 16 characters
audience required	string non-empty
required	object (RelyingPartyDescriptor)
required	Array of objects (ClaimRequest) non-empty
selectiveDisclosureRequired	boolean Default: true
proofProfile	string Enum: "bbs-profile" "oprf-profile" "sd-profile" "profile-extension"
expiresAt required	string <date-time> (IsoDateTime)

Responses

Request samples

Payload

Content type

application/gqtw.presentation-request+json

{"requestId": "string",
"challenge": "stringstringstri",
"audience": "string",
"relyingParty": {"relyingPartyId": "string",
"registrationCertificate": "string",
"registrationJurisdiction": "string"
},
"requestedClaims": [{"claimId": "string",
"purpose": "string",
"required": true
}
],
"selectiveDisclosureRequired": true,
"proofProfile": "bbs-profile",
"expiresAt": "2019-08-24T14:15:22Z"
}

Response samples

202
400
409

Content type

application/gqtw.presentation-request-receipt+json

{"requestId": "string",
"status": "accepted",
"consentHandle": "string",
"expiresAt": "2019-08-24T14:15:22Z"
}

Submit a wallet presentation for a previously accepted request.

Submits the holder-approved presentation output for one presentation request. The submission payload can contain VC/VP-family artifacts and profile-defined selective disclosure proofs.

path Parameters

requestId

required

string (Identifier) [ 1 .. 128 ] characters ^[A-Za-z0-9._:-]+$

Request Body schema:
application/gqtw.presentation-submission+json
required

requestId required	string (Identifier) [ 1 .. 128 ] characters ^[A-Za-z0-9._:-]+$
holderDid required	string (DidUri) >= 8 characters ^did:[a-z0-9]+:.+$
required	object (ProofArtifactEnvelope) VC/VP-family artifact envelope or profile-equivalent object.
	Array of objects (ClaimDisclosure)
required	object (ConsentReceipt)

Responses

Request samples

Payload

Content type

application/gqtw.presentation-submission+json

{"requestId": "string",
"holderDid": "stringst",
"proofArtifact": {"format": "vc",
"artifact": { },
"proof": { }
},
"disclosedClaims": [{"claimId": "string",
"valueDigest": "string",
"value": null
}
],
"consentReceipt": {"consentHandle": "string",
"approvedAt": "2019-08-24T14:15:22Z",
"userApprovedObjectDigest": "string",
"gqscdEvidenceRef": "string"
}
}

Response samples

200
400
404
422

Content type

application/gqtw.presentation-verification+json

{"requestId": "string",
"mechanicalValidity": "valid",
"recognitionStatus": "out-of-scope",
"checkedAt": "2019-08-24T14:15:22Z",
"failureCodes": ["string"
]
}

gqts

Wallet-side integration hooks for GQTS-derived head-state changes.

Submit a compact head-state hint derived from a GQTS history view.

Accepts a compact head-state hint so wallet implementations can decide if heavier retrieval is needed. This operation does not replace authoritative retrieval from GQTS endpoints.

Request Body schema:
application/gqtw.gqts-head-hint+json
required

logId required	string (Identifier) [ 1 .. 128 ] characters ^[A-Za-z0-9._:-]+$
hostOrigin required	string <uri> (Uri)
headToken required	string (Identifier) [ 1 .. 128 ] characters ^[A-Za-z0-9._:-]+$
headDigest required	string^[A-Za-z0-9_-]{16,}$
observedAt required	string <date-time> (IsoDateTime)

Responses

Request samples

Payload

Content type

application/gqtw.gqts-head-hint+json

{"logId": "string",
"hostOrigin": "http://example.com",
"headToken": "string",
"headDigest": "string",
"observedAt": "2019-08-24T14:15:22Z"
}

Response samples

202
400

Content type

application/gqtw.async-receipt+json

{"receiptId": "string",
"acceptedAt": "2019-08-24T14:15:22Z",
"status": "accepted"
}

gqscd

Wallet-GQSCD invocation hooks for signing, sealing, and attestation.

Invoke a GQSCD-backed signing, sealing, or attestation operation.

Invokes a protected-key operation through a GQSCD-conformant interface. User intent and user-approved object digest binding are required inputs.

Request Body schema:
application/gqtw.gqscd-invocation+json
required

invocationId required	string (Identifier) [ 1 .. 128 ] characters ^[A-Za-z0-9._:-]+$
operationType required	string Enum: "sign" "seal" "attest"
keyReference required	string
userApprovedObjectDigest required	string^[A-Za-z0-9_-]{16,}$
challenge required	string >= 16 characters
audience required	string non-empty

Responses

Request samples

Payload

Content type

application/gqtw.gqscd-invocation+json

{"invocationId": "string",
"operationType": "sign",
"keyReference": "string",
"userApprovedObjectDigest": "string",
"challenge": "stringstringstri",
"audience": "string"
}

Response samples

200
400
403

Content type

application/gqtw.gqscd-invocation-result+json

{"invocationId": "string",
"status": "succeeded",
"signatureObject": { },
"evidenceReferences": ["string"
]
}

portability

Opaque encrypted export and import workflows.

Create an opaque encrypted portability package.

Exports wallet-private material as an encrypted opaque package. The package is designed for controlled migration and backup, not public publication.

Request Body schema:
application/gqtw.portability-export-request+json
required

exportId required	string (Identifier) [ 1 .. 128 ] characters ^[A-Za-z0-9._:-]+$
required	object
includePrivateLog	boolean Default: true
includeArtifacts	boolean Default: true

Responses

Request samples

Payload

Content type

application/gqtw.portability-export-request+json

{"exportId": "string",
"recipientPublicKey": { },
"includePrivateLog": true,
"includeArtifacts": true
}

Response samples

200
400

Content type

application/gqtw.portability-package+json

{"packageId": "string",
"cipherSuite": "string",
"ciphertext": "string",
"digest": "string",
"createdAt": "2019-08-24T14:15:22Z"
}

Import an opaque encrypted portability package.

Imports an opaque encrypted package and performs integrity checks before activation.

Request Body schema:
application/gqtw.portability-import-request+json
required

required	object (WalletExportPackage)
	object

Responses

Request samples

Payload

Content type

application/gqtw.portability-import-request+json

{"package": {"packageId": "string",
"cipherSuite": "string",
"ciphertext": "string",
"digest": "string",
"createdAt": "2019-08-24T14:15:22Z"
},
"decryptionContext": { }
}

Response samples

200
400
409

Content type

application/gqtw.portability-import-result+json

{"status": "imported",
"activatedHeadToken": "string",
"migratedArtifactCount": 0
}

privacy

Erasure and privacy-control interfaces.

Submit a holder-scoped data-erasure request.

Submits an erasure request for data previously disclosed through wallet-mediated presentation flows.

Request Body schema:
application/gqtw.erasure-request+json
required

requestId required	string (Identifier) [ 1 .. 128 ] characters ^[A-Za-z0-9._:-]+$
relyingPartyId required	string (Identifier) [ 1 .. 128 ] characters ^[A-Za-z0-9._:-]+$
legalBasis	string Default: "gdpr-article-17"
proofOfInteraction	string
submittedAt required	string <date-time> (IsoDateTime)

Responses

Request samples

Payload

Content type

application/gqtw.erasure-request+json

{"requestId": "string",
"relyingPartyId": "string",
"legalBasis": "gdpr-article-17",
"proofOfInteraction": "string",
"submittedAt": "2019-08-24T14:15:22Z"
}

Response samples

202
400

Content type

application/gqtw.erasure-receipt+json

{"requestId": "string",
"status": "accepted",
"reference": "string"
}

incident

Signed incident reporting for conflict or abuse evidence.

Submit a signed incident report.

Submits signed evidence about host conflicts, replay attempts, policy abuse, or profile violations.

Request Body schema:
application/gqtw.incident-report+json
required

reportId required	string (Identifier) [ 1 .. 128 ] characters ^[A-Za-z0-9._:-]+$
incidentType required	string Enum: "host-divergence" "fork-detected" "replay-attempt" "policy-abuse" "profile-violation"
affectedHost	string <uri> (Uri)
affectedLogId	string (Identifier) [ 1 .. 128 ] characters ^[A-Za-z0-9._:-]+$
reporterDid	string (DidUri) >= 8 characters ^did:[a-z0-9]+:.+$
reportedAt required	string <date-time> (IsoDateTime)
required	Array of objects (IncidentEvidenceItem) non-empty
	object

Responses

Request samples

Payload

Content type

application/gqtw.incident-report+json

{"reportId": "string",
"incidentType": "host-divergence",
"affectedHost": "http://example.com",
"affectedLogId": "string",
"reporterDid": "stringst",
"reportedAt": "2019-08-24T14:15:22Z",
"evidence": [{"kind": "event-envelope",
"digest": "string",
"uri": "http://example.com"
}
],
"signature": { }
}

Response samples

202
400

Content type

application/gqtw.async-receipt+json

{"receiptId": "string",
"acceptedAt": "2019-08-24T14:15:22Z",
"status": "accepted"
}

GQTW Core API (1.0.0-draft)

profile

Get wallet profile metadata.

path Parameters

Responses

Response samples

presentation

Submit a relying-party presentation request to a wallet endpoint.

Request Body schema: application/gqtw.presentation-request+jsonapplication/jsonapplication/gqtw.presentation-request+jsonrequired

Responses

Request samples

Response samples

Submit a wallet presentation for a previously accepted request.

path Parameters

Request Body schema: application/gqtw.presentation-submission+jsonapplication/jsonapplication/gqtw.presentation-submission+jsonrequired

Responses

Request samples

Response samples

gqts

Submit a compact head-state hint derived from a GQTS history view.

Request Body schema: application/gqtw.gqts-head-hint+jsonapplication/jsonapplication/gqtw.gqts-head-hint+jsonrequired

Responses

Request samples

Response samples

gqscd

Invoke a GQSCD-backed signing, sealing, or attestation operation.

Request Body schema: application/gqtw.gqscd-invocation+jsonapplication/jsonapplication/gqtw.gqscd-invocation+jsonrequired

Responses

Request samples

Response samples

portability

Create an opaque encrypted portability package.

Request Body schema: application/gqtw.portability-export-request+jsonapplication/jsonapplication/gqtw.portability-export-request+jsonrequired

Responses

Request samples

Response samples

Import an opaque encrypted portability package.

Request Body schema: application/gqtw.portability-import-request+jsonapplication/jsonapplication/gqtw.portability-import-request+jsonrequired

Responses

Request samples

Response samples

privacy

Submit a holder-scoped data-erasure request.

Request Body schema: application/gqtw.erasure-request+jsonapplication/jsonapplication/gqtw.erasure-request+jsonrequired

Responses

Request samples

Response samples

incident

Submit a signed incident report.

Request Body schema: application/gqtw.incident-report+jsonapplication/jsonapplication/gqtw.incident-report+jsonrequired

Responses

Request samples

Response samples

Request Body schema:
application/gqtw.presentation-request+json
required

Request Body schema:
application/gqtw.presentation-submission+json
required

Request Body schema:
application/gqtw.gqts-head-hint+json
required

Request Body schema:
application/gqtw.gqscd-invocation+json
required

Request Body schema:
application/gqtw.portability-export-request+json
required

Request Body schema:
application/gqtw.portability-import-request+json
required

Request Body schema:
application/gqtw.erasure-request+json
required

Request Body schema:
application/gqtw.incident-report+json
required