> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://docs.adid.dev/llms.txt.
> For full documentation content, see https://docs.adid.dev/llms-full.txt.

# Trusted Issuers Registry

##### When to use

You want to add or remove issuers from your trust list.

##### Steps

1. Navigate to `/verifier/trust/issuers`.
   2\. Click **Add issuer**.
2. Enter the issuer DID, a label, and the schemas you accept from this issuer.
3. Save.

##### API

| Endpoint                                 | Verb   | Auth     | Purpose                   |
| ---------------------------------------- | ------ | -------- | ------------------------- |
| `/api/v1/verifier/trusted-issuers`       | GET    | verifier | List your trusted issuers |
| `/api/v1/verifier/trusted-issuers`       | POST   | verifier | Add issuer                |
| `/api/v1/verifier/trusted-issuers/{did}` | DELETE | verifier | Remove issuer             |

(`verifier.go:188 / 244 / 292`, `router.go:170-175` guarded by `RequireRoles("verifier")`.)

```bash
curl -X POST https://adid.dev/api/v1/verifier/trusted-issuers \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "issuerDid":"did:adi:0xUniv...",
    "label":"Acme University",
    "acceptedSchemas":["schema-uuid-1","schema-uuid-2"]
  }'
```

##### Verify

The issuer appears in `/verifier/trust/issuers`. Future verifications against credentials from this issuer will set `checks.trustedIssuer.ok: true`.

##### Troubleshooting

| Code                         | Cause                  | Fix               |
| ---------------------------- | ---------------------- | ----------------- |
| `403 ROLE_REQUIRED`          | Caller is not verifier | Onboard (§5.1).   |
| `409 ISSUER_ALREADY_TRUSTED` | Already in list        | No action needed. |
| `404 ISSUER_DID_NOT_FOUND`   | DID not resolvable     | Check DID.        |

#### 5.5.2. Schema-to-Issuer Mapping ##### Concept

The mapping says: "I trust X to issue Y". A VC is verified-and-trusted only when issuer + schema match the mapping. Without explicit mapping, the platform falls back to a permissive default ("any trusted issuer for any of their accepted schemas").

##### API (read-only)

```bash
curl https://adid.dev/api/v1/verifier/schema-issuer-mapping \
  -H "Authorization: Bearer $ACCESS_TOKEN"
```

(`verifier.go:476`, `router.go:167`.)

Response:

```json
[
  { "schemaId":"schema-uuid-1", "issuerDid":"did:adi:0xUniv...", "label":"Acme University → UniversityDegree" },
  { "schemaId":"schema-uuid-2", "issuerDid":"did:adi:0xGov...",  "label":"DMV → DriversLicense" }
]
```

##### Editing

Schema-issuer pairs are managed via the same trusted-issuers endpoints (the `acceptedSchemas` array on each row). To add a new pair, either:

1. POST a new trusted issuer with the schema in `acceptedSchemas`, or
2. Update an existing trusted issuer's `acceptedSchemas` (PUT — implementation may vary; see `verifier.go`).

#### 5.5.3. Compliance VCs ##### Concept

A **Compliance VC** is a verifiable credential held by an *issuer*, asserting their compliance with a regulatory regime (e.g., ISO 27001, SOC 2, eIDAS Qualified Trust Service Provider). Verifiers consume these to make policy decisions automatically.

##### API (read-only)

```bash
curl "https://adid.dev/api/v1/verifier/compliance-vcs?did=did:adi:0xUniv..." \
  -H "Authorization: Bearer $ACCESS_TOKEN"
```

(`verifier.go:467`, `router.go:166`.)

Response:

```json
{
  "issuerDid":"did:adi:0xUniv...",
  "complianceVcs":[
    { "type":"ISO27001Compliance",      "issuedBy":"did:adi:0xAuditor1...", "validUntil":"2027-01-01T00:00:00Z" },
    { "type":"GDPRControllerStatement", "issuedBy":"did:adi:0xDPA...",      "validUntil":"2026-12-31T00:00:00Z" }
  ]
}
```

##### Using compliance VCs in policy

Configure your verifier policy to *require* a specific compliance VC type before accepting credentials from an issuer. The portal page `/verifier/trust/compliance` lets you set required compliance per schema.

> 💡 **Tip** — A common pattern: require `eIDAS-QTSP` for any VC type used in EU regulated flows; require `KYC-Provider-Cert` for any KYC credential. The Verification Engine reads these requirements and stamps `checks.complianceMet: true|false` on the result envelope.

##### Troubleshooting

| Symptom                                   | Cause                                     | Fix                                                                 |
| ----------------------------------------- | ----------------------------------------- | ------------------------------------------------------------------- |
| Issuer trusted but `complianceMet: false` | Required compliance VC missing            | Either remove the requirement or wait for the issuer to acquire it. |
| `complianceVcs` empty for a known issuer  | Issuer hasn't received compliance VCs yet | Coordinate with the auditor that issues them.                       |

***