Issuing Credentials with mwen.io
The mwen.io issuer is a standalone credential issuance server. It lets your organisation issue verifiable credentials directly to users' wallets — without storing identity data on your behalf.
What the issuer does
The issuer implements the OID4VCI (OpenID for Verifiable Credential Issuance) protocol. A user scans a QR code or opens a deep link; their wallet connects to your issuer, authenticates the request, and receives a signed credential. The credential is stored in the wallet and can be presented to any app that accepts mwen.io credentials.
The issuer does not hold credentials after issuance. It holds the signing key and the schema definitions. The wallet is the holder.
Who this is for
| Organisation type | What you issue | Example credential |
|---|---|---|
| Government agency | National identity documents | National ID, Passport, Driver's Licence, Residence Permit |
| Employer / HR department | Employment and access records | Employee Identity, Role Credential, Department Access |
| University / college | Academic records | University Diploma, Academic Transcript |
| Learning platform | Course completions and certifications | Course Completion, Professional Certification |
If you are an operator deploying the issuer server for your organisation, this section of the documentation covers everything from initial setup to production configuration.
Two deployment models
The issuer ships as a Next.js application and supports two distinct operating modes:
Self-hosted — you deploy one instance of the issuer for your organisation. You supply your own signing key. Your instance serves one credential namespace. Suitable for enterprises, universities, or government agencies running their own infrastructure.
SaaS — a single deployment serves multiple organisations (tenants). Each tenant gets a cryptographically isolated signing key derived from a master key. Suitable for platforms that onboard multiple issuing organisations under one deployment.
See Deployment Modes for a full comparison.
Trust levels
Credentials issued by the mwen.io issuer carry a trust_level claim that the wallet and relying party apps use to decide how much weight to give the credential.
| Issuer type | trust_level | How it appears in the wallet |
|---|---|---|
| Government agency | "government" | Blue "Government" badge |
| Employer / HR | "verified-issuer" | Green "Employer Verified" badge |
| University / academic | "verified-issuer" | Green "Accredited Institution" badge |
| Learning platform | "verified-issuer" | Green "Verified Platform" badge |
Government credentials rank highest in the trust hierarchy. When a relying party requests a credential and the wallet holds multiple candidates, it prefers the highest trust level.
In this section
| Page | What it covers |
|---|---|
| Quickstart | Prerequisites, install, first credential issued in under ten minutes |
| Deployment Modes | Self-hosted vs SaaS: when to choose each, what you manage |
| Issuer Verticals | Government, employer, academic, learning platform — what each issues |
| Getting Started | Full setup walkthrough for self-hosted mode |
| Configuration | Environment variables, YAML config, merge priority |
| SaaS Onboarding | Creating a tenant, domain verification, provisioning |
| Credential Schemas | The 11 built-in schema templates and how to select them |
| API Key Management | Creating API keys and integrating with third-party platforms |
| Revocation | Revoking individual credentials and batch revocation |