System trusted issuers API reference
Read the trusted claim issuers that apply to one system, and the claim topics each one is authorised to verify, through the DALP Platform API.
A trusted issuer is an identity allowed to sign verifiable claims, such as a Know Your Customer result or an accredited-investor attestation, that DALP compliance checks then trust during transfers and other gated operations. When you operate one system, you need to know exactly which issuers that system trusts and which claim topics each may attest, before you rely on their claims. These endpoints give you that per-system view.
The read view resolves a chain of trust. It returns the issuers registered directly on the system, plus the issuers the system inherits from the platform-wide directory above it. Each issuer record carries an isGlobal flag so you can tell a system-registered issuer from an inherited one at a glance.
This surface is read-only. It lists and inspects the issuers and topics that apply to the active system; it does not register, edit, or remove them. To configure trusted issuers for a system or an asset, see Configure trusted issuers.
How this differs from directory trusted issuers
DALP resolves trusted issuers across three tiers: the platform-wide directory, each system, and each asset. These endpoints read the system tier. The directory tier merges in as inherited trust.
| You want to | Use |
|---|---|
| See which issuers apply to one system, inheritance included | These system endpoints |
| Audit only the platform-wide directory of issuers | Directory trusted issuers API |
| Configure the issuers that apply to a system | Configure trusted issuers |
The active organization and system context bound every read here, as described in Organization and system scope. A platform-tier role is not required; a caller scoped to the system reads its own trusted issuers.
Set the standard request headers before calling these endpoints. See Request headers.
Endpoints
| Endpoint | Use it for |
|---|---|
GET /api/v2/system/trusted-issuers | List the issuers that apply to the active system, inheritance merged. |
GET /api/v2/system/trusted-issuers/{issuerAddress} | Read one issuer by its identity address, with directory fallback. |
GET /api/v2/system/trusted-issuers/{issuerAddress}/topics | List the claim topics one issuer is authorised for. |
The list and topics responses use the collection envelope with data, meta, and pagination links. The single read uses the single-resource envelope with data and links.self.
Issuer fields
The list and read endpoints return the same issuer record.
| Field | Type | Description |
|---|---|---|
id | string | The issuer's on-chain identity address. |
account | object or null | The issuer's wallet address, as { "id": "0x..." }, when one is recorded. |
claimTopics | array | The claim topics this issuer can verify. Each entry carries id, topicId, name, and signature. |
deployedInTransaction | string | Transaction hash that added the issuer to the registry. Empty for a single read. |
isGlobal | boolean | true when the issuer is inherited from the platform directory rather than registered on the system. |
A claim topic carries a human-readable name, such as Know Your Customer, and a signature, the ABI type list that defines the claim's data shape, such as (string) or (uint256,bool). The topicId is the numeric identifier used on-chain.
When the same issuer appears on both the system and the directory, the read returns the system-registered record and counts the directory-only issuers as inherited. The same precedence applies to claim topics: a topic defined on the system overrides the same topic inherited from the directory.
List system issuers
GET /api/v2/system/trusted-issuers returns the issuers that apply to the active system as a paginated collection, ordered by issuer address. The result merges the issuers registered on the system with the ones inherited from the platform directory, deduplicated by address with the system record taking precedence.
The list filters and sorts by id, the issuer address, and supports global search with filter[q]. Search matches the issuer address and the names of the claim topics an issuer can attest, so you can find an issuer by what it verifies.
curl --globoff "https://your-platform.example.com/api/v2/system/trusted-issuers?filter[q]=Customer&sort=id" \
-H "x-api-key: YOUR_API_KEY"{
"data": [
{
"id": "0x71C7656EC7ab88b098defB751B7401B5f6d8976F",
"account": { "id": "0x2546BcD3c84621e976D8185a91A922aE77ECEc30" },
"claimTopics": [
{
"id": "0x...01",
"topicId": "1",
"name": "Know Your Customer",
"signature": "(string)"
}
],
"deployedInTransaction": "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890",
"isGlobal": false
},
{
"id": "0x3333333333333333333333333333333333333333",
"account": null,
"claimTopics": [],
"deployedInTransaction": "0x9999999999999999999999999999999999999999999999999999999999999999",
"isGlobal": true
}
],
"meta": {
"total": 2,
"facets": {}
},
"links": {
"self": "/v2/system/trusted-issuers?sort=id&page[offset]=0&page[limit]=50",
"first": "/v2/system/trusted-issuers?sort=id&page[offset]=0&page[limit]=50",
"prev": null,
"next": null,
"last": "/v2/system/trusted-issuers?sort=id&page[offset]=0&page[limit]=50"
}
}Read isGlobal to separate the two tiers: false marks an issuer registered on this system, and true marks one inherited from the platform directory. The meta.facets object is always empty for this list, because the issuer address is its only filterable field. When the system has no trusted issuers registry configured yet, the list returns an empty page with meta.total set to 0, so an onboarding flow can read it safely before setup completes.
Read one issuer
GET /api/v2/system/trusted-issuers/{issuerAddress} returns a single issuer by its identity address. It looks for the issuer on the system first, then walks the parent registries in the chain of trust, so an issuer inherited from the platform directory still resolves.
curl "https://your-platform.example.com/api/v2/system/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F" \
-H "x-api-key: YOUR_API_KEY"{
"data": {
"id": "0x71C7656EC7ab88b098defB751B7401B5f6d8976F",
"account": { "id": "0x2546BcD3c84621e976D8185a91A922aE77ECEc30" },
"claimTopics": [
{
"id": "0x...01",
"topicId": "1",
"name": "Know Your Customer",
"signature": "(string)"
}
],
"deployedInTransaction": "",
"isGlobal": false
},
"links": {
"self": "/v2/system/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F"
}
}The endpoint returns DALP-0294 with status 404 when no issuer matches the address on the system or anywhere in its chain of trust. The error's fix field points back to the list endpoint so you can confirm the registered issuers. Verify the address and that the issuer was registered before retrying.
List an issuer's claim topics
GET /api/v2/system/trusted-issuers/{issuerAddress}/topics returns only the claim topics assigned to one issuer, with its own pagination, filtering, and sorting. Use it when you want to audit an issuer's authorised topics without loading the full issuer record.
The topics list filters by topicId, name, and signature. You can sort by topicId or name. The signature field is filterable but not sortable. The default sort is by name.
curl --globoff "https://your-platform.example.com/api/v2/system/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F/topics?filter[name]=Customer&sort=name" \
-H "x-api-key: YOUR_API_KEY"{
"data": [
{
"id": "0x...01",
"topicId": "1",
"name": "Know Your Customer",
"signature": "(string)"
}
],
"meta": {
"total": 1,
"facets": {}
},
"links": {
"self": "/v2/system/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F/topics?filter[name]=Customer&sort=name&page[offset]=0&page[limit]=50",
"first": "/v2/system/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F/topics?filter[name]=Customer&sort=name&page[offset]=0&page[limit]=50",
"prev": null,
"next": null,
"last": "/v2/system/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F/topics?filter[name]=Customer&sort=name&page[offset]=0&page[limit]=50"
}
}This endpoint reads the topics recorded against the issuer on the system's registry. To see an inherited issuer's full topic set across the chain of trust, read the issuer record itself, which merges the topics with system precedence.
When to use it
Use these endpoints when you need to:
- Confirm which claim issuers a single system trusts, with inherited issuers included, before relying on their claims.
- Tell a system-registered issuer from one inherited from the platform directory through the
isGlobalflag. - Audit one issuer's authorised claim topics without loading every issuer on the system.
- Reconcile the issuers configured for a system against the platform-wide directory.
For the platform-wide view, see Directory trusted issuers API. For the per-system and per-asset configuration workflow, see Configure trusted issuers.
Directory trusted issuers API
Read the platform-wide directory of trusted claim issuers and the claim topics each one is authorised to verify, through the DALP Platform API.
Directory topic schemes API
Read the platform-wide directory of claim topic schemes, including the claim data shape each one defines, through the DALP Platform API.