SettleMint
Compliance

Configure trusted issuers

Add, scope, and remove trusted issuer entries in system and token registries so on-chain claim verification resolves the correct identity addresses.

Use this guide to automate issuer and claim topic configuration through the Platform API. You will connect an issuer identity address to approved claim topics and confirm the issuer appears in the resolved system or token issuer list.

For the web interface approach, see the user guide.

Prerequisites

  • Platform URL: https://your-platform.example.com
  • API key from a user with the Claim Policy Manager role. See Getting Started for API key setup.
  • Wallet verification enabled on your account: pincode or 2FA
  • Wallet address of the user you want to make a trusted issuer

About trusted issuers

Trusted issuers are identity addresses authorized in the active system's trusted issuer registry. Assets that use identity verification rules rely on these issuers when checking whether a wallet has a claim for the required topic. For the underlying wallet, OnchainID, claim-topic, and issuer model, see Claims and identity. For the operator workflow around compliance modules, see Compliance overview.

Identity claim model

DALP separates the wallet, the identity contract, the claim topic, and the trusted issuer. The wallet is the account that acts in the platform. The identity contract is the on-chain identity address attached to that wallet. The claim topic defines the kind of compliance statement, such as KYC or AML. The trusted issuer is the identity address authorised to issue claims for one or more topics.

This separation lets a token policy check that a wallet has the required claim without putting the underlying personal data on-chain. For example, a KYC provider can issue a knowYourCustomer claim to an investor identity. A token that requires that topic checks the claim and its trusted issuer during transfer or issuance flows. The source documents and evidence behind the KYC decision stay with the provider or the configured off-chain process.

The API follows the same model:

PrimitiveWhat it representsWhere you use it
Wallet addressThe account that signs or receives token operations.Identity lookup and operational workflows.
Identity addressThe on-chain identity contract linked to a wallet.Trusted issuer configuration and claim issuance.
Claim topicThe named compliance fact and ABI data shape.Claim topic registry and token compliance rules.
Trusted issuerAn identity authorised to issue claims for selected topics.System or token trusted issuer registries.
ClaimThe issued statement attached to an identity for a topic.KYC verification, transfer eligibility, and claim history.

Token claim issuance routes allow either the required token role or a trusted issuer identity for the requested claim topics. System identity claim issuance requires both the platform claim-creation role and trusted issuer status for the requested topics. The trusted issuer check is topic-specific. Being trusted for AML does not automatically authorise the same identity to issue KYC claims.

Choose the right route family

NeedUseWhy
Register a new claim data shape/api/v2/system/claim-topicsClaim topics define the data shape that identity claims use.
Trust an issuer for the active platform context/api/v2/system/trusted-issuersSystem trusted issuers apply across assets that rely on the active system registry.
Trust an issuer for one asset only/api/v2/tokens/{tokenAddress}/trusted-issuersToken trusted issuers apply to the selected asset's token-level registry when that registry exists.
Add or remove one topic without replacing the full issuer topic list/api/v2/system/trusted-issuers/{issuerAddress}/claim-topics/{topicId}Single-topic routes compute the next topic set server-side and avoid overwriting unrelated topics.

Available verification topics

The platform includes preset verification topics for common compliance scenarios. Each topic has a unique topicId and a signature that defines the claim data structure.

Investor verification topics

These topics cover investor identity verification, accreditation status, AML screening, and regulatory eligibility.

Topic NameSignaturePurpose
knowYourCustomerstring claimBasic KYC verification
accreditedInvestorstring claimAccredited investor status
accreditedInvestorVerifiedstring claimVerified accredited investor
qualifiedInstitutionalInvestorstring claimQualified institutional buyer (QIB)
professionalInvestorstring claimProfessional investor status
antiMoneyLaunderingstring claimAML compliance verification
regulationSstring claimRegulation S (non-US investor) compliance

Issuer verification topics

These topics cover issuer licensing, jurisdiction, and reporting obligations. Assign them to issuers that attest compliance state at the issuer or legal entity level.

Topic NameSignaturePurpose
issuerLicensedstring licenseType, string licenseNumber, string jurisdiction, uint256 validUntilIssuer licensing status
issuerJurisdictionstring jurisdictionIssuer jurisdiction
issuerProspectusFiledstring prospectusReferenceProspectus filing
issuerProspectusExemptstring exemptionReferenceProspectus exemption
issuerReportingCompliantbool compliant, uint256 lastUpdatedReporting compliance

Asset verification topics

These topics describe asset classification, geographic location, issuer identity, and collateral details. Assign them to issuers that are authorized to attest token-level or asset-level compliance properties for the instruments they manage.

Topic NameSignaturePurpose
assetClassificationstring class, string categoryAsset classification
assetLocationstring city, string districtCode, string areaIdAsset location
assetIssueraddress issuerAddressAsset issuer identity
basePriceuint256 amount, string currencyCode, uint8 decimalsBase price information
collateraluint256 amount, uint256 expiryTimestampCollateral details
contractIdentityaddress contractAddressContract identity
uniqueIdentifierstring identifierUnique identifier

Managing system claim topics

Use claim topic mutations only when the platform needs a new or changed claim data shape. Existing asset and compliance flows usually rely on the preset topics above.

To create a claim topic, send a human-readable name, a comma-separated ABI type list in signature, and wallet verification:

curl -X POST "https://your-platform.example.com/api/v2/system/claim-topics" \
  -H "X-Api-Key: [REDACTED]" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "assetOrigin",
    "signature": "string,uint256",
    "walletVerification": {
      "secretVerificationCode": "[REDACTED]"
    }
  }'

The API normalizes the signature to the parenthesized ABI form on-chain. Send string,uint256, not (string,uint256).

To change the data shape for an existing topic, use PUT /api/v2/system/claim-topics/{name} with the replacement signature and wallet verification. To remove a topic scheme, use DELETE /api/v2/system/claim-topics/{name} with wallet verification.

Configuring trusted issuers

Get issuer's identity address

First, you need the identity contract address of the user you want to make a trusted issuer. If you have their wallet address, query their identity. The response includes the identity contract address in the id field:

curl -X GET "https://your-platform.example.com/api/system/identity/by-wallet/0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb" \
  -H "X-Api-Key: YOUR_API_KEY"
{
  "id": "0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890",
  "account": {
    "id": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb",
    "contractName": null
  },
  "isContract": false,
  "hasIdentity": true,
  "claims": []
}

Use the id field (identity CONTRACT address), not the account.id (wallet address).

List available verification topics

Query the available verification topics to identify which topics you want this issuer to be trusted for:

curl -X GET "https://your-platform.example.com/api/v2/system/claim-topics" \
  -H "X-Api-Key: YOUR_API_KEY"

Response:

[
  {
    "id": "0x534b8f03c16c92c70d1da1d2fae43b98352bf3d7...",
    "topicId": "26984799302505749158794800959285050858086405868089409909048783980951278841746",
    "name": "knowYourCustomer",
    "signature": "string claim",
    "registry": {
      "id": "0x534b8f03c16c92c70d1da1d2fae43b98352bf3d7"
    }
  },
  {
    "id": "0x534b8f03c16c92c70d1da1d2fae43b98352bf3d7...",
    "topicId": "15733030998618876990024220391915773205162379317494393310546829862321881862123",
    "name": "accreditedInvestor",
    "signature": "string claim",
    "registry": {
      "id": "0x534b8f03c16c92c70d1da1d2fae43b98352bf3d7"
    }
  },
  {
    "id": "0x534b8f03c16c92c70d1da1d2fae43b98352bf3d7...",
    "topicId": "39526553109170329799339511574661256630735485618560740361645615581310848276505",
    "name": "qualifiedInstitutionalInvestor",
    "signature": "string claim",
    "registry": {
      "id": "0x534b8f03c16c92c70d1da1d2fae43b98352bf3d7"
    }
  }
  // ... additional topics available
]

Note the topicId values for the topics you want to assign to this issuer. See Available verification topics above for the complete list.

Trusted issuer configuration in the verification topic registry

Add trusted issuer

Create the trusted issuer by specifying their identity address and the verification topic IDs they can issue:

curl -X POST "https://your-platform.example.com/api/v2/system/trusted-issuers" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "issuerAddress": "0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890",
    "claimTopicIds": [
      "26984799302505749158794800959285050858086405868089409909048783980951278841746",
      "15733030998618876990024220391915773205162379317494393310546829862321881862123"
    ],
    "walletVerification": {
      "secretVerificationCode": "YOUR_PINCODE"
    }
  }'

Response:

{
  "data": {
    "txHash": "0x1234567890abcdef...",
    "issuerAddress": "0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890"
  },
  "meta": {
    "txHashes": ["0x1234567890abcdef..."]
  },
  "links": {
    "self": "/v2/system/trusted-issuers"
  }
}

Verify completion

Filter by identity address to confirm the issuer appears in the registry. A successful response includes the identity address, the linked wallet account, and the assigned claim topics.

curl --globoff -X GET "https://your-platform.example.com/api/v2/system/trusted-issuers?filter[id]=0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890&page[offset]=0&page[limit]=25" \
  -H "X-Api-Key: YOUR_API_KEY"
{
  "data": [
    {
      "id": "0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890",
      "account": {
        "id": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb"
      },
      "claimTopics": [
        {
          "id": "0x534b8f03c16c92c70d1da1d2fae43b98352bf3d7...",
          "topicId": "26984799302505749158794800959285050858086405868089409909048783980951278841746",
          "name": "knowYourCustomer",
          "signature": "string claim"
        },
        {
          "id": "0x534b8f03c16c92c70d1da1d2fae43b98352bf3d7...",
          "topicId": "15733030998618876990024220391915773205162379317494393310546829862321881862123",
          "name": "accreditedInvestor",
          "signature": "string claim"
        }
      ],
      "deployedInTransaction": "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
      "isGlobal": false
    }
  ],
  "meta": {
    "total": 1,
    "facets": {}
  },
  "links": {
    "self": "/v2/system/trusted-issuers?sort=id&filter%5Bid%5D=0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890&page%5Boffset%5D=0&page%5Blimit%5D=25",
    "first": "/v2/system/trusted-issuers?sort=id&filter%5Bid%5D=0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890&page%5Boffset%5D=0&page%5Blimit%5D=25",
    "prev": null,
    "next": null,
    "last": "/v2/system/trusted-issuers?sort=id&filter%5Bid%5D=0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890&page%5Boffset%5D=0&page%5Blimit%5D=25"
  }
}

Check the following fields to verify the issuer record is complete and correctly scoped.

  • data[].id matches the identity address you added.
  • data[].account is the wallet for the issuer, or null when none is known.
  • data[].claimTopics lists the assigned topics (id, topicId, name, signature).
  • data[].isGlobal is true when the issuer comes from a global registry.

The issuer can now issue verifications for the assigned topics.

Token-level trusted issuers

Use token-level trusted issuers when one asset needs a narrower issuer policy than the platform default. The list endpoint returns the full token -> system -> global chain. Each row indicates whether the issuer is token-specific or inherited from a parent registry.

SourceWhat it meansCan this endpoint remove it?
tokenIssuer is registered on this token's Trusted Issuer RegistryYes, with the token delete endpoint
systemIssuer is inherited from the active system registryNo, manage it through the system trusted-issuer endpoints
globalIssuer is inherited from a global registryNo, manage it through the global or platform-level process

List token trusted issuers

curl --globoff -X GET "https://your-platform.example.com/api/v2/tokens/0x1234567890AbCdEf1234567890AbCdEf1234567890/trusted-issuers?filter[source]=token&page[offset]=0&page[limit]=25" \
  -H "X-Api-Key: YOUR_API_KEY"

Use filter[source] to limit results to token, system, or global. Use filter[q] to search by issuer account address. The response is paginated and includes meta.total, meta.facets, and meta.hasTrustedIssuersRegistry.

{
  "data": [
    {
      "id": "0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890",
      "account": { "id": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb" },
      "inheritanceLevel": "token",
      "registry": { "id": "0x4567890AbCdEf1234567890AbCdEf1234567890123" },
      "isInheritedElsewhere": false,
      "claimTopics": [
        {
          "topicId": "26984799302505749158794800959285050858086405868089409909048783980951278841746",
          "name": "knowYourCustomer"
        }
      ]
    }
  ],
  "meta": {
    "total": 1,
    "facets": {},
    "hasTrustedIssuersRegistry": true
  },
  "links": {
    "self": "/v2/tokens/0x1234567890AbCdEf1234567890AbCdEf1234567890/trusted-issuers?filter%5Bsource%5D=token&page%5Boffset%5D=0&page%5Blimit%5D=25",
    "first": "/v2/tokens/0x1234567890AbCdEf1234567890AbCdEf1234567890/trusted-issuers?filter%5Bsource%5D=token&page%5Boffset%5D=0&page%5Blimit%5D=25",
    "prev": null,
    "next": null,
    "last": "/v2/tokens/0x1234567890AbCdEf1234567890AbCdEf1234567890/trusted-issuers?filter%5Bsource%5D=token&page%5Boffset%5D=0&page%5Blimit%5D=25"
  }
}

Add a token trusted issuer

curl -X POST "https://your-platform.example.com/api/v2/tokens/0x1234567890AbCdEf1234567890AbCdEf1234567890/trusted-issuers" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "issuerAddress": "0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890",
    "claimTopicIds": [
      "26984799302505749158794800959285050858086405868089409909048783980951278841746"
    ],
    "walletVerification": {
      "secretVerificationCode": "YOUR_PINCODE"
    }
  }'

issuerAddress is the issuer identity contract address, not the issuer's EOA wallet address. claimTopicIds must contain at least one decimal-string topic ID and can contain at most 50 topic IDs. The response is an asynchronous blockchain mutation response with txHash and issuerAddress; refresh the list after indexer pickup to confirm the row appears with inheritanceLevel: "token".

Remove a token trusted issuer

curl -X DELETE "https://your-platform.example.com/api/v2/tokens/0x1234567890AbCdEf1234567890AbCdEf1234567890/trusted-issuers/0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "walletVerification": {
      "secretVerificationCode": "YOUR_PINCODE"
    }
  }'

The delete endpoint only removes token-level rows. If the issuer is inherited from the system or global registry, the token endpoint returns a not-found error and does not remove the inherited issuer from the effective chain. If isInheritedElsewhere is true on a token row, removing that token row leaves the parent-tier trust visible in the resolved list.

Managing trusted issuers

Add or remove one topic atomically

Use the single-topic endpoints to add or remove one topic at a time. These routes leave the issuer's other topics untouched.

curl -X POST "https://your-platform.example.com/api/v2/system/trusted-issuers/0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890/claim-topics/26984799302505749158794800959285050858086405868089409909048783980951278841746" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "walletVerification": {
      "secretVerificationCode": "YOUR_PINCODE"
    }
  }'

Use DELETE on the same path to remove the topic from that issuer. These endpoints compute the next topic list server-side, so a single-topic add or remove does not overwrite unrelated topics already assigned to the issuer. The response includes issuerAddress, topicId, and txHash. An add that is already present, or a remove that is already absent, is treated as idempotent: the call returns an empty txHash and skips the on-chain update.

Update issuer topics

To replace the full set of verification topics for an issuer, send a PATCH with the complete desired topic list. The platform replaces the existing set atomically.

curl -X PATCH "https://your-platform.example.com/api/v2/system/trusted-issuers/0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "claimTopicIds": [
      "26984799302505749158794800959285050858086405868089409909048783980951278841746",
      "15733030998618876990024220391915773205162379317494393310546829862321881862123",
      "39526553109170329799339511574661256630735485618560740361645615581310848276505"
    ],
    "walletVerification": {
      "secretVerificationCode": "YOUR_PINCODE"
    }
  }'

Response:

{
  "txHash": "0xabcdef1234567890...",
  "issuerAddress": "0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890"
}

Remove trusted issuer

To revoke an issuer's trusted status, send a DELETE request with wallet verification. DALP checks the indexed registry before queueing the on-chain call, so the request fails cleanly if the issuer is not registered.

curl -X DELETE "https://your-platform.example.com/api/v2/system/trusted-issuers/0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "walletVerification": {
      "secretVerificationCode": "YOUR_PINCODE"
    }
  }'

Response:

{
  "txHash": "0x9876543210fedcba...",
  "issuerAddress": "0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890"
}

Before submitting the removal transaction, DALP checks the indexed trusted-issuer registry. If the issuer is not registered for the active system, the API returns SYSTEM_TRUSTED_ISSUER_NOT_FOUND and does not queue the on-chain call.

Get topic details with trusted issuers

This call returns full claim topic metadata plus the list of non-revoked trusted issuers authorized for that topic. Use it to audit which issuers are currently trusted for a given claim type.

curl -X GET "https://your-platform.example.com/api/v2/system/claim-topics/knowYourCustomer" \
  -H "X-Api-Key: YOUR_API_KEY"

Response:

{
  "id": "0x534b8f03c16c92c70d1da1d2fae43b98352bf3d7...",
  "name": "knowYourCustomer",
  "signature": "string claim",
  "topicId": "26984799302505749158794800959285050858086405868089409909048783980951278841746",
  "trustedIssuers": [
    {
      "id": "0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890",
      "addedAt": "2024-01-15T10:30:00Z",
      "revokedAt": "1970-01-01T00:00:00Z",
      "account": {
        "id": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb"
      }
    }
  ]
}

The response includes full topic details along with all non-revoked trusted issuers authorized for that topic.

List claim topics for a trusted issuer

This call returns all claim topics currently assigned to one trusted issuer. Use it to verify the issuer's topic set before adding or removing a single topic.

curl -X GET "https://your-platform.example.com/api/v2/system/trusted-issuers/0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890/topics" \
  -H "X-Api-Key: YOUR_API_KEY"

Response:

{
  "issuerAddress": "0x8e5F72f6E5b3B4D1234567890AbCdEf1234567890",
  "claimTopics": [
    {
      "id": "0x534b8f03c16c92c70d1da1d2fae43b98352bf3d7...",
      "topicId": "26984799302505749158794800959285050858086405868089409909048783980951278841746",
      "name": "knowYourCustomer",
      "signature": "string claim"
    }
  ]
}

Request parameters

The sections below document the input fields for each endpoint. All mutation endpoints require wallet verification. Pagination parameters apply to list endpoints only.

Create claim topic

POST /api/v2/system/claim-topics creates a new claim topic scheme. Provide a human-readable name and a comma-separated ABI type list in signature.

ParameterTypeRequiredDescription
namestringYesTopic scheme name, up to 100 characters
signaturestringYesComma-separated ABI type list, without parentheses
walletVerificationobjectYesYour wallet verification to authorize the transaction

Update claim topic

PUT /api/v2/system/claim-topics/{name} updates the signature for an existing topic. Send the replacement signature without parentheses. Existing claims for that topic remain valid; only the expected data shape changes.

ParameterTypeRequiredDescription
namestringYesTopic name to update (path parameter)
signaturestringYesReplacement comma-separated ABI type list
walletVerificationobjectYesYour wallet verification to authorize the transaction

Delete claim topic

DELETE /api/v2/system/claim-topics/{name} removes the named topic scheme from the registry. Confirm which asset policies and integrations reference the topic before removal, because deleting a topic does not automatically clean up issuer assignments or compliance rules that depend on it.

ParameterTypeRequiredDescription
namestringYesTopic name to remove (path parameter)
walletVerificationobjectYesYour wallet verification to authorize the transaction

List system trusted issuers

GET /api/v2/system/trusted-issuers returns results in identity-address order. Use filter[id] to scope the response to one issuer. Results are paginated with meta.total and links.

ParameterTypeRequiredDescription
page[limit]numberNoNumber of trusted issuers to return
page[offset]numberNoNumber of trusted issuers to skip
filter[id]stringNoFilter by trusted issuer identity address
filter[q]stringNoGlobal search across supported collection fields

Create system trusted issuer

POST /api/v2/system/trusted-issuers registers a trusted issuer. Use the identity contract address in issuerAddress, not the EOA.

ParameterTypeRequiredDescription
issuerAddressstringYesIdentity contract address (0x...)
claimTopicIdsstring[]YesArray of verification topic IDs (min: 1)
walletVerificationobjectYesYour wallet verification to authorize the transaction

Update system trusted issuer

PATCH /api/v2/system/trusted-issuers/{issuerAddress} replaces the issuer's full topic set with claimTopicIds. The call replaces all existing topics atomically. Use the single-topic routes to add or remove one topic without replacing the whole set.

ParameterTypeRequiredDescription
issuerAddressstringYesIdentity address to update (path parameter)
claimTopicIdsstring[]YesNew array of verification topic IDs (min: 1)
walletVerificationobjectYesYour wallet verification to authorize the transaction

Delete system trusted issuer

DELETE /api/v2/system/trusted-issuers/{issuerAddress} removes the issuer from the registry. Claims from the removed issuer are immediately invalidated for compliance checks. Requires the claimPolicyManager role and wallet verification.

ParameterTypeRequiredDescription
issuerAddressstringYesIdentity address to remove (path parameter)
walletVerificationobjectYesYour wallet verification to authorize the transaction

Get topic details (with trusted issuers)

GET /api/v2/system/claim-topics/{name} returns full topic metadata and all non-revoked issuers trusted for that topic. Use this endpoint to audit which issuers are currently authorized for a given claim type. The name parameter is the human-readable topic name, for example knowYourCustomer.

ParameterTypeRequiredDescription
namestringYesClaim topic name (path parameter, e.g., knowYourCustomer)

List claim topics for issuer

GET /api/v2/system/trusted-issuers/{issuerAddress}/topics lists all claim topics for one issuer. Review the current set before adding or removing a topic.

ParameterTypeRequiredDescription
issuerAddressstringYesTrusted issuer identity address (path param)

Add or remove one claim topic

Use these routes when the issuer already exists and you need to add or remove exactly one topic. Both operations leave the issuer's other topics untouched and are idempotent. Use POST to add one topic and DELETE to remove one topic; the path parameter topicId is the numeric topic ID.

  • POST /api/v2/system/trusted-issuers/{issuerAddress}/claim-topics/{topicId} adds one topic to the issuer.
  • DELETE /api/v2/system/trusted-issuers/{issuerAddress}/claim-topics/{topicId} removes one topic from the issuer.

Both routes require walletVerification in the request body and return the same blockchain mutation response shape as other trusted-issuer mutations. Adding a topic that is already present, or removing one that is already absent, is treated as idempotent and may return no transaction hash.

Token trusted issuers

These endpoints manage the token-level Trusted Issuer Registry for one asset. The GET endpoint returns the full resolved chain across all tiers. The POST and DELETE endpoints operate only on token-level rows.

EndpointRequired parametersDescription
GET /api/v2/tokens/{tokenAddress}/trusted-issuerstokenAddress; optional filter[q], filter[source], page[offset], page[limit]Lists the resolved token, system, and global trusted issuer chain for one token
POST /api/v2/tokens/{tokenAddress}/trusted-issuerstokenAddress, issuerAddress, non-empty claimTopicIds, walletVerificationAdds an issuer to the token-level Trusted Issuer Registry
DELETE /api/v2/tokens/{tokenAddress}/trusted-issuers/{issuerAddress}tokenAddress, issuerAddress, walletVerificationRemoves a token-level issuer row

filter[source] accepts token, system, or global. Token create requests accept 1 to 50 claimTopicIds; each ID must be a non-negative decimal string that fits uint256. Create requests can return DALP-4001, DALP-4003, or DALP-4214. Delete requests can return DALP-4001 or DALP-4003. The token trusted issuer list always returns the full resolved chain. Use filter[source]=token to see only the token-specific entries.

Wallet verification object

All mutation endpoints require a walletVerification object in the request body. The default verification type is PINCODE. Supply SECRET_CODES when the user authenticates with backup codes, or OTP for a time-based one-time password authenticator. The secretVerificationCode field carries the six-digit value in all three cases.

FieldTypeDescription
secretVerificationCodestring6-digit pincode or TOTP code
verificationTypestring"PINCODE" (default), "SECRET_CODES", or "OTP"

Response fields

The sections below describe the fields returned by each endpoint family. Mutation endpoints return a transaction envelope; list and detail endpoints return structured objects with pagination metadata.

Trusted issuers list

GET /api/v2/system/trusted-issuers returns a paginated object. Navigate pages with links.next and links.prev. Each page includes meta.total for the total count across all pages.

FieldTypeDescription
dataarrayTrusted issuer records for the requested page
meta.totalnumberTotal matching trusted issuers before pagination
meta.facetsobjectFacet metadata for collection filters
linksobjectPagination links for the current query

Trusted issuer

Each row is one trusted issuer. id is the on-chain identity contract address.

FieldTypeDescription
idstringIssuer identity contract address
accountobjectReserved for linked account details; the paginated list currently returns null
claimTopicsarrayVerification topics this issuer can verify
deployedInTransactionstringTransaction hash where issuer was added
isGlobalbooleanWhether the issuer came from a global registry rather than organization-only

Token trusted issuer row

Each row in the token trusted-issuer list response includes these fields:

FieldTypeDescription
idstringIssuer identity contract address
account.idstringIssuer account address when linked account details are available
inheritanceLevelstringtoken, system, or global source for this row
claimTopicsarrayClaim topics this issuer is trusted for at that source tier
registry.idstringTrusted Issuer Registry contract address that holds this row
isInheritedElsewherebooleanWhether the same issuer also exists in a parent registry in the resolved chain
meta.hasTrustedIssuersRegistrybooleanWhether token-specific add and remove operations are available for this token

Verification topic

In trusted issuer response (claimTopics array):

FieldTypeDescription
idstringTopic scheme identifier
topicIdstringLarge numeric ID unique to the topic
namestringHuman-readable name of the topic
signaturestringClaim data parameter types for verification

In claim topics endpoint (GET /api/v2/system/claim-topics):

Includes all fields above plus:

FieldTypeDescription
registryobjectRegistry information containing registry ID
registry.idstringContract address of the claim topic registry

Each topicId appears once across the resolved system -> parent -> global registry chain. When a topic exists in more than one tier, registry.id reflects the registration closest to the active system. Both meta.total and the source facet count the single deduplicated row.

Operational notes

Issuer selection

Choose issuers with legal or professional authority for the claim topics they will attest. Separate issuer types by compliance domain: a KYC provider and an AML provider should each control only the topics they are qualified to sign. For critical topics, register at least two issuers so a single removal does not block transfers across the token set.

Lifecycle management

Review the trusted issuer registry periodically. Remove stale or superseded issuers using the DELETE endpoint or the single-topic routes.

Removing an issuer immediately invalidates its outstanding claims for compliance checks. Coordinate with affected token policy owners before proceeding. Record the rationale for each change so auditors can reconstruct the trust chain.

Troubleshooting

The table below lists common errors and their resolution steps.

IssueSolution
401 UnauthorizedAPI key is invalid, expired, or disabled
403 USER_NOT_AUTHORIZEDEnsure your account has claimPolicyManager role
Identity not foundUser must be registered first; see Register User
Invalid issuer addressUse the identity CONTRACT address, not the wallet address
Topic not foundVerify the topic ID exists using GET /api/v2/system/claim-topics
409 DALP-0461 retryable conflictAnother topic mutation for this trusted issuer is still running. Refresh the topic list, then retry if needed
Issuer already existsThe issuer is already registered; use PATCH to replace topics, or the single-topic routes for one assignment
Token trusted issuer registry missingThe token can show inherited issuers, but token-specific add and remove operations are unavailable for that token
Inherited issuer cannot be removed from tokenRemove system or global inherited issuers from the registry where they are defined, not from the token endpoint

On this page