The WACI (Wallet and Credential Interactions) Protocol is an open specification that defines a secure, interoperable method for a verifier (a website or app) to request and receive Verifiable Credentials (VCs) from a user's digital wallet. It standardizes the message flow for credential presentations, ensuring that users maintain control over their data through a consent-driven, user-centric model. The protocol is designed to work across different wallet implementations and credential formats, facilitating DID (Decentralized Identifier)-based interactions without vendor lock-in.
LABS
Glossary
WACI Protocol
The WACI (Wallet And Credential Interactions) protocol is a specification that defines how wallets and web pages interact for requesting and presenting verifiable credentials, typically via QR codes.
Chainscore © 2026
definition
DECENTRALIZED IDENTITY
What is WACI Protocol?
A specification for exchanging Verifiable Credentials between wallets and relying parties, enabling secure, user-centric interactions.
At its core, WACI Protocol operates through a series of defined interaction patterns, most commonly a QR code or deep link initiation. A verifier generates a presentation request, which is encoded into a QR code. The user scans this code with their wallet app, which then displays the specific data being requested. The user consents to share the required credentials, which are cryptographically signed and returned to the verifier. This process enables use cases like age verification without revealing a birthdate or proof of membership without disclosing an entire credential.
The protocol is a crucial component of the broader SSI (Self-Sovereign Identity) stack, often used in conjunction with the DIDComm messaging layer for secure, peer-to-peer communication. It was originally developed within the DIF (Decentralized Identity Foundation) and is now a key part of the CHAPI (Credential Handler API) ecosystem. By providing a standardized handshake for credential exchange, WACI reduces fragmentation and allows developers to build applications that can interact with any compliant wallet, from mobile apps to browser extensions.
Practical implementations of WACI Protocol are emerging in sectors requiring high-trust, privacy-preserving interactions. Examples include event ticketing (proving ticket ownership without transferring a full NFT), decentralized finance (DeFi) KYC (sharing certified identity attributes), and secure access to gated online communities or physical locations. Its design emphasizes selective disclosure, allowing users to share minimal, cryptographically verifiable proofs—such as proving they are over 21—instead of handing over entire documents.
etymology
WACI PROTOCOL
Etymology & Origin
The WACI Protocol's name is a direct acronym that reveals its core purpose: to bridge the worlds of digital identity and decentralized applications.
The WACI Protocol is a technical specification whose name is an acronym for Wallet And Credential Interactions. It was developed to standardize the flow of requesting and presenting Verifiable Credentials (VCs) between a holder's digital wallet and a verifier's application, such as a website or service. The protocol's creation was driven by the need for a common, interoperable method to execute the Decentralized Identity (DID) use case known as Credential Issuance, where a user proves control of an identifier and receives a credential, and Credential Presentation, where the user shares that credential to access a service.
Its origins are deeply rooted in the work of the Decentralized Identity Foundation (DIF) and the W3C Verifiable Credentials Data Model. The protocol was formally proposed to create a QR code and deep-link-based interaction pattern that is both user-friendly and secure, avoiding the complexity of manual did: URL exchanges. A key conceptual precursor is the CHAPI (Credential Handler API) model, with WACI refining and productizing these ideas into a specific, implementable sequence of messages passed between parties.
The "Wallet" component of the name signifies the user-centric agent, typically a mobile application, that stores private keys and credentials. "And Credential Interactions" precisely defines the protocol's scope: it does not define how credentials are issued or verified internally, but specifically the messages and steps for the wallet and the relying party to interact. This focus on the interaction layer makes it complementary to, not a replacement for, underlying standards like DIDComm or OpenID for Verifiable Credentials (OIDC4VC).
In practice, WACI is most commonly encountered in its WACI-PEX iteration, where PEX stands for Presentation Exchange. This version leverages the DIF Presentation Exchange specification to enable a verifier to make detailed, machine-readable requests for specific credentials and their claims. The protocol's design emphasizes user agency and selective disclosure, ensuring the holder always consents to what is being shared. Its etymology, therefore, serves as a permanent reminder of its foundational goal: to structure the critical handshake between a user's wallet and the digital world's demand for verifiable data.
how-it-works
DECENTRALIZED IDENTITY
How the WACI Protocol Works
An overview of the technical flow and core components that enable the WACI protocol to facilitate secure, user-controlled credential exchanges.
The WACI (Wallet And Credential Interactions) Protocol is a standardized method for a Verifier to request and receive a Verifiable Credential (VC) from a Holder's digital wallet. The protocol defines a specific sequence of messages exchanged over DIDComm or other secure channels, beginning with a Presentation Request and culminating in a Verifiable Presentation. This structured flow ensures interoperability between different wallet and issuer implementations, allowing users to prove specific claims—like age or membership—without revealing their entire identity or credential.
The protocol operates through a QR code or deep link initiation. A Verifier, such as a website or service, generates a QR code containing a signed Presentation Request. When the Holder scans this code with their compatible wallet, the wallet decodes the request, which specifies the exact type of credential needed and the claims to be disclosed. The wallet then presents this request to the user, who can review and select which credentials from their wallet satisfy the requirements, maintaining user consent as a central tenet.
Following user approval, the Holder's wallet constructs a Verifiable Presentation. This is a cryptographically signed package containing the relevant credentials or derived proofs, often using Selective Disclosure techniques like BBS+ signatures to minimize data exposure. The presentation is sent back to the Verifier, who cryptographically verifies the signatures against the Decentralized Identifiers (DIDs) of both the Holder and the original Issuer. This process establishes trust without needing to contact the Issuer directly, enabling peer-to-peer verification.
Key to WACI's design is its interoperability layer, which sits atop existing SSI (Self-Sovereign Identity) standards like W3C Verifiable Credentials and DIDComm. It does not define new credential formats but specifies how to use them in a predictable, secure exchange. The protocol also supports Challenge-Response mechanisms to prevent replay attacks, where the Verifier includes a unique nonce in the initial request that must be signed in the final presentation.
key-features
WALLET AND CREDENTIAL INTERACTION
Key Features of WACI
The WACI (Wallet and Credential Interaction) protocol is a set of specifications for secure, interoperable exchanges of Verifiable Credentials between wallets, enabling selective disclosure and user-centric data control.
01
Interoperable Credential Exchange
WACI defines a standardized message flow for credential issuance and presentation across different wallet implementations. It uses DIDComm v2 for secure, encrypted peer-to-peer messaging, ensuring wallets from different vendors can communicate. This enables a user to receive a credential from one issuer and present it to a verifier using a completely different wallet application.
02
Selective Disclosure
A core privacy feature allowing users to reveal only specific claims from a credential, not the entire document. For example, a user could prove they are over 21 from a driver's license credential without revealing their exact birth date, address, or license number. This is achieved through cryptographic proofs like BBS+ signatures.
03
Challenge-Response Flow
WACI presentations are non-replayable through a challenge-response mechanism. The verifier sends a unique, time-bound challenge (nonce). The wallet must sign this challenge along with the disclosed data, creating a verifiable presentation. This prevents presentation tokens from being copied and reused maliciously.
04
User-Centric Consent
The protocol mandates explicit user approval for every interaction. The wallet acts as the user's agent, presenting a clear request (e.g., "Issuer X wants to offer you a credential") and awaiting user consent before proceeding. This puts the user in control of all credential inflows and outflows.
05
QR Code & Deep Link Initiation
Interactions are commonly initiated via QR codes or deep links. A verifier's website displays a QR code encoding a presentation request. The user scans it with their wallet to start the WACI flow. Deep links allow mobile apps to trigger the wallet directly, creating a seamless user experience.
examples
WACI PROTOCOL
Real-World Use Cases & Examples
The WACI (Wallet and Credential Interactions) Protocol enables secure, cross-platform exchange of Verifiable Credentials, primarily for identity verification. These examples illustrate its practical applications.
ecosystem-usage
DECENTRALIZED IDENTITY
Ecosystem & Adoption
The WACI (Wallet and Credential Interactions) Protocol is a specification for secure, interoperable exchanges of Verifiable Credentials (VCs) between wallets and other digital agents, enabling user-centric digital identity on the web.
01
Core Purpose & Standardization
The WACI Protocol standardizes the message flow for requesting and presenting Verifiable Credentials (VCs). It defines a specific set of DIDComm messages that allow a Verifier (e.g., a website) to request proof from a Holder's wallet (e.g., "Prove you are over 18") and for the Holder to respond with a cryptographically signed VC. This creates a common language for decentralized identity interactions across different platforms.
02
Request-Presentation Flow
The protocol orchestrates a clear, multi-step interaction:
- Presentation Request: A Verifier sends a request specifying the required credentials and constraints.
- Wallet Processing: The user's wallet receives the request, matches it against held VCs, and seeks user consent.
- Presentation Submission: Upon approval, the wallet constructs and sends a Verifiable Presentation containing the requested proofs.
- Verification: The Verifier cryptographically validates the presentation's signatures and checks it satisfies the request.
03
Interoperability & DIDComm
WACI is built on DIDComm (Decentralized Identifier Communication), a secure, peer-to-peer messaging protocol for systems using DIDs. This foundation ensures:
- Transport Agnosticism: Messages can be delivered via QR codes, deep links, or direct agent-to-agent channels.
- Privacy-Preserving: Communications are encrypted to the recipient's DID.
- Vendor Neutrality: Any wallet or service implementing the WACI/DIDComm stack can interoperate, avoiding walled gardens.
04
Use Case: Selective Disclosure
A key feature enabled by WACI is selective disclosure. Instead of showing a full driver's license VC, a user can prove a specific claim (like age > 21) without revealing their name, address, or license number. The protocol's request format allows Verifiers to ask for cryptographic proofs of predicates (e.g., birthdate > 21 years ago), and wallets can generate a zero-knowledge proof or a derived proof to satisfy it, minimizing data exposure.
06
Adoption & Real-World Implementation
WACI is seeing adoption in digital identity wallets, KYC/AML processes, and access control systems. For example:
- EU Digital Identity Wallet (EUDIW): Leverages WACI-like protocols for cross-border credential exchange.
- SSI Wallets: Projects like Trinsic, Bloom, and Serto implement WACI for credential interactions.
- Event Ticketing: Used to request and present cryptographically verifiable proof of ticket ownership for entry.
PROTOCOL COMPARISON
WACI vs. Other Credential Exchange Methods
A technical comparison of the WACI protocol against other common methods for exchanging verifiable credentials.
| Feature / Mechanism | WACI (Wallet and Credential Interactions) | CHAPI (Credential Handler API) | Direct DIDComm Messaging | Static QR / Deep Link |
|---|---|---|---|---|
Primary Use Case | User-mediated credential issuance/presentation via mobile wallet | Browser-based credential storage and exchange | Peer-to-peer agent communication | One-time credential offer or request |
Communication Flow | Pull-based (wallet fetches from issuer/verifier) | Push-based (relying party pushes to handler) | Bidirectional, asynchronous messaging | Unidirectional, single-use initiation |
User Agent | Native mobile wallet application | Browser extension or PWA credential handler | Decentralized identity agent (cloud/mobile) | Generic QR code scanner or web browser |
Transport Protocol | HTTP(S) with Deeplinking (RFC 8877) | HTTP(S) postMessage API | DIDComm v2 encrypted envelopes | HTTP(S) GET request |
Interoperability Focus | Cross-wallet, cross-platform credential flows | Browser-native credential management | Agent-to-agent interoperability | Simple web-to-wallet connection |
State Management | Explicit state machine defined in presentation exchange | Implicit, handler-managed state | Protocol-level threading and state | Stateless, single interaction |
Credential Format Support | W3C Verifiable Credentials, SD-JWT VC | W3C Verifiable Credentials | Any format (W3C VC, AnonCreds, etc.) | Any format, but no negotiation |
Requires Persistent Connection |
security-considerations
WACI PROTOCOL
Security & Privacy Considerations
The Wallet and Credential Interactions (WACI) protocol is a specification for secure, privacy-preserving exchanges of Verifiable Credentials (VCs) between a holder's wallet and a verifier. This section details its core security mechanisms.
02
Selective Disclosure & Data Minimization
WACI enables Selective Disclosure, allowing a holder to share only specific claims from a credential without revealing the entire document. This is achieved through:
- BBS+ Signatures or similar zero-knowledge-friendly cryptosystems.
- The ability to prove a statement (e.g., 'age > 21') without revealing the exact birth date.
- Minimizing the data surface exposed to verifiers, a core tenet of privacy-by-design.
03
Challenge-Response Nonce Protection
To prevent replay attacks, every presentation request from a verifier includes a unique, time-bound nonce (a cryptographic challenge). The holder's wallet must sign this nonce as part of the credential presentation proof. This ensures that:
- A captured presentation cannot be replayed later.
- Each interaction is fresh and bound to a specific session.
04
Holder-Centric Data Flow
WACI enforces a holder-in-the-middle architecture. Credentials are issued to the holder's wallet, which acts as a secure agent. The verifier never communicates directly with the issuer during a presentation, which:
- Prevents correlation of user activity across different verifiers by the issuer.
- Gives the holder full agency over when and where their data is shared.
- Aligns with GDPR principles of data control and consent.
06
Presentation Request Validation
The holder's wallet must validate the verifier's Presentation Request before responding. This critical check includes:
- Verifying the verifier's DID and signature.
- Ensuring requested credentials and predicates are understood and can be satisfied.
- Checking the legitimacy of the requested callback URL to prevent phishing.
- This validation step is the holder's primary defense against malicious verifiers.
WACI PROTOCOL
Common Misconceptions
The WACI (Wallet and Credential Interactions) Protocol is a standard for secure credential exchange, but its scope and purpose are often misunderstood. This section clarifies its core mechanisms and corrects frequent points of confusion.
WACI is a presentation protocol, not a credential format. It defines the secure flow of messages between a holder (user's wallet) and a verifier (relying party) for requesting and presenting Verifiable Credentials (VCs). The protocol handles the negotiation, challenge-response, and secure delivery, but the credentials themselves are formatted according to standards like W3C Verifiable Credentials or AnonCreds. WACI provides the "how" of the exchange, while other specifications define the "what" is being exchanged.
WACI PROTOCOL
Frequently Asked Questions (FAQ)
The Wallet and Credential Interactions (WACI) protocol is a standard for exchanging Verifiable Credentials (VCs) between wallets. These questions address its core purpose, mechanics, and role in the decentralized identity ecosystem.
The Wallet and Credential Interactions (WACI) protocol is a standardized method for a holder to request and receive a Verifiable Credential (VC) from an issuer via a presentation request from a verifier. It works by defining a specific sequence of messages passed between the parties' Decentralized Identity (DID)-compatible wallets. The typical flow is: 1) A verifier sends a QR code containing a presentation request to a holder. 2) The holder's wallet processes this and initiates a request to the specified issuer. 3) The issuer creates and signs the VC, sending it back to the holder's wallet. 4) The holder can then present the VC to the verifier to satisfy the original request. This creates an interoperable, user-centric flow for credential exchange.
further-reading
WACI PROTOCOL
Further Reading & Specifications
The WACI (Wallet and Credential Interactions) Protocol is a suite of specifications for secure, interoperable credential exchange between digital wallets. These resources provide the technical foundation for its implementation.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall