DCQL Queries with Selective Disclosure
DCQL (Digital Credentials Query Language) describes what a verifier requests: which credential types, matched how, and which claims. The claim selection is what drives selective disclosure: claims a query does not name are not revealed. Queries are stored on the verifier service (DCQL API reference).
SD-JWT query
Matches the EuPid by vct and requests only three of its claims. The holder's wallet discloses family name, given name, and the age attestation; everything else in the credential stays hidden:
- Overview
- Request
- Response
01 Create EuPid query
Endpoint: POST /api/dcql/v1/queries
Captured response: 201 Created
This captured endpoint is shown from the E2E run; it is not mapped to one of the generated EDK REST API reference pages.
mdoc query
Matches the Mdl by doctype. mdoc claim paths name the namespace first:
- Overview
- Request
- Response
02 Create Mdl query
Endpoint: POST /api/dcql/v1/queries
Captured response: 201 Created
This captured endpoint is shown from the E2E run; it is not mapped to one of the generated EDK REST API reference pages.
Combined query
One query can request multiple credentials in a single presentation, each with its own claim selection:
- Overview
- Request
- Response
03 Create combined query
Endpoint: POST /api/dcql/v1/queries
Captured response: 201 Created
This captured endpoint is shown from the E2E run; it is not mapped to one of the generated EDK REST API reference pages.
Listing and versioning
Stored queries are versioned; earlier versions can be inspected and restored through the version-history endpoints:
- Overview
- Request
- Response
04 List queries
Endpoint: GET /api/dcql/v1/queries
Captured response: 200 OK
This captured endpoint is shown from the E2E run; it is not mapped to one of the generated EDK REST API reference pages.
Next, bind the queries to the verifier and run a verification.