User eXperience through SWIYU eWallet¶
New Page: /wallet_integration/¶
SWIYU Wallet Integration¶
Getting the Wallet App¶
The SWIYU Wallet is a reference implementation of the OpenID4VCI/VP protocols. It is currently distributed as public beta. That page references the Apple App Store and Google Play Store links. Download and install it on your phone if you want to test the demos!
Illustration of Swiyu eWallet app
Using the Demo¶
Schema
Credential Offer QR Code
↓
SWIYU Wallet scans
↓
Wallet fetches issuer metadata
↓
User accepts credential
↓
Credential stored in wallet
Verifier Request QR Code
↓
SWIYU Wallet scans
↓
Wallet fetches verifier metadata
↓
User consents to share
↓
Presentation sent to verifier
Illustration
Technical: Public Endpoint Requirements¶
Why Some Endpoints Are Public
The OpenID4VCI and OpenID4VP specifications require certain endpoints to be publicly accessible without authentication:
Issuer Discovery:
GET https://issuer.atarigo.net/.well-known/openid-credential-issuer
Verifier Discovery:
GET https://verifier.atarigo.net/.well-known/openid-configuration
Credential Offers:
GET https://issuer.atarigo.net/credential-offer/{id}
Security Considerations¶
These public endpoints:
- ✅ Contain no user data or credentials (metadata only)
- ✅ Are required by the protocol for wallet interoperability
- ✅ Still protected by Cloudflare edge security:
- HTTPS with valid certificates
- DDoS protection
- Rate limiting
- Geographic filtering
- ✅ Use Cloudflare Bypass policy (intentionally unauthenticated)
Administrative endpoints (/management/*, /actuator/*) remain protected by service token authentication.
For full security architecture, see: Security Enforcement