# Directory trusted issuers API reference Source: https://docs.settlemint.com/docs/api-reference/reference/directory-trusted-issuers Read the platform-wide directory of trusted claim issuers and the claim topics each one is authorised to verify, through the DALP Platform API. A trusted issuer is an identity allowed to sign verifiable claims, such as a Know Your Customer result or an accredited-investor attestation, that DALP compliance checks then trust during transfers and other gated operations. An auditor or compliance lead needs a single, authoritative view of which issuers the platform trusts and exactly which claim topics each one may attest. These endpoints provide that platform-wide view. The directory trusted issuers registry is the platform-wide (global) tier. Issuers registered here are inherited by the systems beneath them, so a row in this directory can apply across many systems at once. Each issuer record reports `inheritedBySystemsCount`. A reviewer reads that count to see how far an issuer reaches before anyone changes it. This surface is read-only. It lists and inspects issuers and their topics. It does not register, edit, or remove issuers. To configure trusted issuers for one system or one asset, see [Configure trusted issuers](/docs/developers/compliance/configure-trusted-issuers). ## How this differs from system trusted issuers [#how-this-differs-from-system-trusted-issuers] DALP resolves trusted issuers across three tiers: the platform-wide directory, each system, and each asset. These endpoints read the platform-wide directory tier only. | You want to | Use | | ---------------------------------------------------------------- | ---------------------------------------------------------------------------------- | | Audit every issuer the whole platform trusts | These directory endpoints | | Configure the issuers that apply to one system | [Configure trusted issuers](/docs/developers/compliance/configure-trusted-issuers) | | Discover the contracts and registries backing the active network | [System directory API](/docs/api-reference/reference/directory) | ## Required role [#required-role] Reading the platform-wide directory requires the platform `admin` role. These endpoints sit above the per-system permission model, so a system-scoped role cannot call them. Set the standard request headers before calling these endpoints. See [Request headers](/docs/api-reference/reference/request-headers). ## Endpoints [#endpoints] | Endpoint | Use it for | | -------------------------------------------------------------- | ------------------------------------------------------------- | | `GET /api/v2/directory/trusted-issuers` | List every issuer in the platform-wide directory. | | `GET /api/v2/directory/trusted-issuers/{issuerAddress}` | Read one directory issuer by its identity address. | | `GET /api/v2/directory/trusted-issuers/{issuerAddress}/topics` | List the claim topics one directory issuer is authorised for. | List and topics responses use the collection envelope with `data`, `meta`, and pagination `links`. The read response uses the single-resource envelope with `data` and `links.self`. ## Issuer fields [#issuer-fields] The list and read endpoints return the same issuer record. | Field | Type | Description | | ------------------------- | ---------------- | ----------------------------------------------------------------------------------------------------- | | `id` | string | The issuer's on-chain identity address. | | `account` | object or `null` | The issuer's wallet address, as `{ "id": "0x..." }`, when one is recorded. | | `claimTopics` | array | The claim topics this issuer can verify. Each entry carries `id`, `topicId`, `name`, and `signature`. | | `deployedInTransaction` | string | Transaction hash that added this issuer to the registry. | | `inheritedBySystemsCount` | number | How many systems inherit this issuer through the registry chain. | A claim topic carries a human-readable `name`, such as `Know Your Customer`, and a `signature`, the ABI type list that defines the claim's data shape, such as `(string)` or `(uint256,bool)`. The `topicId` is the numeric identifier used on-chain. ## List directory issuers [#list-directory-issuers] `GET /api/v2/directory/trusted-issuers` returns the issuers registered in the platform-wide directory, ordered by issuer address. The list supports pagination and filtering by issuer address with `filter[id]`. It also supports global search with `filter[q]`, which matches against the issuer address. ```bash curl --globoff "https://your-platform.example.com/api/v2/directory/trusted-issuers?filter[id]=0x71C7656EC7ab88b098defB751B7401B5f6d8976F" \ -H "x-api-key: YOUR_API_KEY" ``` ```json { "data": [ { "id": "0x71C7656EC7ab88b098defB751B7401B5f6d8976F", "account": { "id": "0x2546BcD3c84621e976D8185a91A922aE77ECEc30" }, "claimTopics": [ { "id": "topic-001", "topicId": "1", "name": "Know Your Customer", "signature": "(string)" } ], "deployedInTransaction": "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890", "inheritedBySystemsCount": 3 } ], "meta": { "total": 1, "facets": {} }, "links": { "self": "/v2/directory/trusted-issuers?page[offset]=0&page[limit]=50", "first": "/v2/directory/trusted-issuers?page[offset]=0&page[limit]=50", "prev": null, "next": null, "last": "/v2/directory/trusted-issuers?page[offset]=0&page[limit]=50" } } ``` The list returns 50 issuers per page by default, up to 200. Use `page[offset]` and `page[limit]` to page through larger registries. ## Read one issuer [#read-one-issuer] `GET /api/v2/directory/trusted-issuers/{issuerAddress}` returns a single issuer by its identity address. ```bash curl "https://your-platform.example.com/api/v2/directory/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F" \ -H "x-api-key: YOUR_API_KEY" ``` ```json { "data": { "id": "0x71C7656EC7ab88b098defB751B7401B5f6d8976F", "account": { "id": "0x2546BcD3c84621e976D8185a91A922aE77ECEc30" }, "claimTopics": [ { "id": "topic-001", "topicId": "1", "name": "Know Your Customer", "signature": "(string)" } ], "deployedInTransaction": "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890", "inheritedBySystemsCount": 3 }, "links": { "self": "/v2/directory/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F" } } ``` The endpoint returns `DALP-0294` with status 404 when no issuer matches the address in the platform-wide registry. Confirm the address and that the issuer was registered before retrying. ## List an issuer's claim topics [#list-an-issuers-claim-topics] `GET /api/v2/directory/trusted-issuers/{issuerAddress}/topics` returns only the claim topics assigned to one issuer, with its own pagination, filtering, and sorting. Use it when you want to audit an issuer's authorised topics without loading the full issuer record. The topics list supports filtering by `topicId`, `name`, and `signature`, and global search with `filter[q]` across all three. You can sort by `topicId` or `name`. The `signature` field is filterable but not sortable. Default sort is by `name`. ```bash curl --globoff "https://your-platform.example.com/api/v2/directory/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F/topics?filter[name]=Customer&sort=name" \ -H "x-api-key: YOUR_API_KEY" ``` ```json { "data": [ { "id": "topic-001", "topicId": "1", "name": "Know Your Customer", "signature": "(string)" } ], "meta": { "total": 1, "facets": {} }, "links": { "self": "/v2/directory/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F/topics?filter[name]=Customer&sort=name&page[offset]=0&page[limit]=50", "first": "/v2/directory/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F/topics?filter[name]=Customer&sort=name&page[offset]=0&page[limit]=50", "prev": null, "next": null, "last": "/v2/directory/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F/topics?filter[name]=Customer&sort=name&page[offset]=0&page[limit]=50" } } ``` ## When the global registry is unavailable [#when-the-global-registry-is-unavailable] All three endpoints resolve the platform-wide Trusted Issuers Registry and Topic Scheme Registry from the active network's directory before reading. If the directory address is missing for the active network, or the indexer has not yet processed the global registry, they return `DALP-0618` with status 404. Confirm the platform's directory address is configured for the active network and that indexing has caught up, then retry. ## When to use it [#when-to-use-it] Use these endpoints when you need to: * Produce an audit list of every claim issuer the platform trusts. * Confirm which claim topics a given issuer may attest before relying on its claims. * Measure how far an issuer reaches across systems through `inheritedBySystemsCount` before a change. * Reconcile platform-wide trust against the issuers configured for an individual system. For the per-system and per-asset configuration workflow, including how to add or remove issuers and topics, see [Configure trusted issuers](/docs/developers/compliance/configure-trusted-issuers).