# System trusted issuers API reference Source: https://docs.settlemint.com/docs/api-reference/reference/system-trusted-issuers Read the trusted claim issuers that apply to one system, and the claim topics each one is authorised to verify, through the DALP Platform API. A trusted issuer is an identity allowed to sign verifiable claims, such as a Know Your Customer result or an accredited-investor attestation, that DALP compliance checks then trust during transfers and other gated operations. When you operate one system, you need to know exactly which issuers that system trusts and which claim topics each may attest, before you rely on their claims. These endpoints give you that per-system view. The read view resolves a chain of trust. It returns the issuers registered directly on the system, plus the issuers the system inherits from the platform-wide directory above it. Each issuer record carries an `isGlobal` flag so you can tell a system-registered issuer from an inherited one at a glance. This surface is read-only. It lists and inspects the issuers and topics that apply to the active system; it does not register, edit, or remove them. To configure trusted issuers for a system or an asset, see [Configure trusted issuers](/docs/developers/compliance/configure-trusted-issuers). ## How this differs from directory trusted issuers [#how-this-differs-from-directory-trusted-issuers] DALP resolves trusted issuers across three tiers: the platform-wide directory, each system, and each asset. These endpoints read the system tier. The directory tier merges in as inherited trust. | You want to | Use | | ----------------------------------------------------------- | ---------------------------------------------------------------------------------------- | | See which issuers apply to one system, inheritance included | These system endpoints | | Audit only the platform-wide directory of issuers | [Directory trusted issuers API](/docs/api-reference/reference/directory-trusted-issuers) | | Configure the issuers that apply to a system | [Configure trusted issuers](/docs/developers/compliance/configure-trusted-issuers) | The active organization and system context bound every read here, as described in [Organization and system scope](/docs/api-reference/reference/organization-system-scope). A platform-tier role is not required; a caller scoped to the system reads its own trusted issuers. Set the standard request headers before calling these endpoints. See [Request headers](/docs/api-reference/reference/request-headers). ## Endpoints [#endpoints] | Endpoint | Use it for | | ----------------------------------------------------------- | --------------------------------------------------------------------- | | `GET /api/v2/system/trusted-issuers` | List the issuers that apply to the active system, inheritance merged. | | `GET /api/v2/system/trusted-issuers/{issuerAddress}` | Read one issuer by its identity address, with directory fallback. | | `GET /api/v2/system/trusted-issuers/{issuerAddress}/topics` | List the claim topics one issuer is authorised for. | The list and topics responses use the collection envelope with `data`, `meta`, and pagination `links`. The single read uses the single-resource envelope with `data` and `links.self`. ## Issuer fields [#issuer-fields] The list and read endpoints return the same issuer record. | Field | Type | Description | | ----------------------- | ---------------- | ----------------------------------------------------------------------------------------------------- | | `id` | string | The issuer's on-chain identity address. | | `account` | object or `null` | The issuer's wallet address, as `{ "id": "0x..." }`, when one is recorded. | | `claimTopics` | array | The claim topics this issuer can verify. Each entry carries `id`, `topicId`, `name`, and `signature`. | | `deployedInTransaction` | string | Transaction hash that added the issuer to the registry. Empty for a single read. | | `isGlobal` | boolean | `true` when the issuer is inherited from the platform directory rather than registered on the system. | A claim topic carries a human-readable `name`, such as `Know Your Customer`, and a `signature`, the ABI type list that defines the claim's data shape, such as `(string)` or `(uint256,bool)`. The `topicId` is the numeric identifier used on-chain. When the same issuer appears on both the system and the directory, the read returns the system-registered record and counts the directory-only issuers as inherited. The same precedence applies to claim topics: a topic defined on the system overrides the same topic inherited from the directory. ## List system issuers [#list-system-issuers] `GET /api/v2/system/trusted-issuers` returns the issuers that apply to the active system as a paginated collection, ordered by issuer address. The result merges the issuers registered on the system with the ones inherited from the platform directory, deduplicated by address with the system record taking precedence. The list filters and sorts by `id`, the issuer address, and supports global search with `filter[q]`. Search matches the issuer address and the names of the claim topics an issuer can attest, so you can find an issuer by what it verifies. ```bash curl --globoff "https://your-platform.example.com/api/v2/system/trusted-issuers?filter[q]=Customer&sort=id" \ -H "x-api-key: YOUR_API_KEY" ``` ```json { "data": [ { "id": "0x71C7656EC7ab88b098defB751B7401B5f6d8976F", "account": { "id": "0x2546BcD3c84621e976D8185a91A922aE77ECEc30" }, "claimTopics": [ { "id": "0x...01", "topicId": "1", "name": "Know Your Customer", "signature": "(string)" } ], "deployedInTransaction": "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890", "isGlobal": false }, { "id": "0x3333333333333333333333333333333333333333", "account": null, "claimTopics": [], "deployedInTransaction": "0x9999999999999999999999999999999999999999999999999999999999999999", "isGlobal": true } ], "meta": { "total": 2, "facets": {} }, "links": { "self": "/v2/system/trusted-issuers?sort=id&page[offset]=0&page[limit]=50", "first": "/v2/system/trusted-issuers?sort=id&page[offset]=0&page[limit]=50", "prev": null, "next": null, "last": "/v2/system/trusted-issuers?sort=id&page[offset]=0&page[limit]=50" } } ``` Read `isGlobal` to separate the two tiers: `false` marks an issuer registered on this system, and `true` marks one inherited from the platform directory. The `meta.facets` object is always empty for this list, because the issuer address is its only filterable field. When the system has no trusted issuers registry configured yet, the list returns an empty page with `meta.total` set to `0`, so an onboarding flow can read it safely before setup completes. ## Read one issuer [#read-one-issuer] `GET /api/v2/system/trusted-issuers/{issuerAddress}` returns a single issuer by its identity address. It looks for the issuer on the system first, then walks the parent registries in the chain of trust, so an issuer inherited from the platform directory still resolves. ```bash curl "https://your-platform.example.com/api/v2/system/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F" \ -H "x-api-key: YOUR_API_KEY" ``` ```json { "data": { "id": "0x71C7656EC7ab88b098defB751B7401B5f6d8976F", "account": { "id": "0x2546BcD3c84621e976D8185a91A922aE77ECEc30" }, "claimTopics": [ { "id": "0x...01", "topicId": "1", "name": "Know Your Customer", "signature": "(string)" } ], "deployedInTransaction": "", "isGlobal": false }, "links": { "self": "/v2/system/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F" } } ``` The endpoint returns `DALP-0294` with status 404 when no issuer matches the address on the system or anywhere in its chain of trust. The error's `fix` field points back to the list endpoint so you can confirm the registered issuers. Verify the address and that the issuer was registered before retrying. ## List an issuer's claim topics [#list-an-issuers-claim-topics] `GET /api/v2/system/trusted-issuers/{issuerAddress}/topics` returns only the claim topics assigned to one issuer, with its own pagination, filtering, and sorting. Use it when you want to audit an issuer's authorised topics without loading the full issuer record. The topics list filters by `topicId`, `name`, and `signature`. You can sort by `topicId` or `name`. The `signature` field is filterable but not sortable. The default sort is by `name`. ```bash curl --globoff "https://your-platform.example.com/api/v2/system/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F/topics?filter[name]=Customer&sort=name" \ -H "x-api-key: YOUR_API_KEY" ``` ```json { "data": [ { "id": "0x...01", "topicId": "1", "name": "Know Your Customer", "signature": "(string)" } ], "meta": { "total": 1, "facets": {} }, "links": { "self": "/v2/system/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F/topics?filter[name]=Customer&sort=name&page[offset]=0&page[limit]=50", "first": "/v2/system/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F/topics?filter[name]=Customer&sort=name&page[offset]=0&page[limit]=50", "prev": null, "next": null, "last": "/v2/system/trusted-issuers/0x71C7656EC7ab88b098defB751B7401B5f6d8976F/topics?filter[name]=Customer&sort=name&page[offset]=0&page[limit]=50" } } ``` This endpoint reads the topics recorded against the issuer on the system's registry. To see an inherited issuer's full topic set across the chain of trust, read the issuer record itself, which merges the topics with system precedence. ## When to use it [#when-to-use-it] Use these endpoints when you need to: * Confirm which claim issuers a single system trusts, with inherited issuers included, before relying on their claims. * Tell a system-registered issuer from one inherited from the platform directory through the `isGlobal` flag. * Audit one issuer's authorised claim topics without loading every issuer on the system. * Reconcile the issuers configured for a system against the platform-wide directory. For the platform-wide view, see [Directory trusted issuers API](/docs/api-reference/reference/directory-trusted-issuers). For the per-system and per-asset configuration workflow, see [Configure trusted issuers](/docs/developers/compliance/configure-trusted-issuers).