Digital Credentials API
The Digital Credentials API is W3C draft work on browser and user-agent mediation for presenting and issuing digital credentials, making the browser a policy surface between websites, wallets, issuers, holders, and verifiers.
Definition
The Digital Credentials API is a W3C Recommendation-track Working Draft that extends the web credential-management surface so user agents can mediate requests to present or issue digital credentials. The draft says the API builds on Credential Management Level 1 and is agnostic to credential formats.
The API is not a credential format, wallet format, identity proofing standard, trust framework, or finished W3C Recommendation. Its central move is to let a website ask through the browser, rather than hard-code a direct integration with every wallet, presentation protocol, issuance protocol, and mobile device path. That makes the browser part of the request ceremony: it can expose who is asking, what is being requested, which credential manager is involved, and whether the holder chooses to proceed.
Snapshot
- Status: W3C publication history lists a June 26, 2026 Working Draft after a July 1, 2025 First Public Working Draft; the document remains work in progress.
- Scope: presentation requests and issuance requests for digital credentials through browser-mediated APIs.
- Out of scope: wallet implementation, credential storage, operating-system wallet policy, issuer trust, verifier authorization, and the truth of credential claims.
- Key API shape:
navigator.credentials.get()andnavigator.credentials.create()carrydigitalrequest options, and returnedDigitalCredentialobjects includeprotocolanddata. - Protocol examples: the draft lists OpenID4VP variants and
org-iso-mdocfor presentation, andopenid4vci-v1for issuance. - Governance hinge: the hard problem is not only cryptography; it is when a site is allowed to ask, how much it can learn, and how a human or agent can refuse.
Current Context
In the June 2026 standards landscape, the Digital Credentials API is changing quickly. W3C's publication history shows frequent 2026 Working Drafts, with the latest published draft dated June 26, 2026. W3C's status text says Working Draft publication does not imply W3C endorsement and that the document should be cited as work in progress.
Implementation status is separate from standards status. Chrome's developer documentation says the Digital Credentials API is enabled by default from Chrome 141 and supports same-device presentation on Android plus cross-device presentation on desktop Chrome. Even where a browser exposes the API, support depends on platform services, installed credential managers, credential formats, exchange protocols, and verifier code.
The adjacent protocol stack has matured outside the browser API itself. OpenID for Verifiable Presentations 1.0 became an OpenID Final specification on July 9, 2025 and defines a protocol for requesting and presenting credentials. OpenID for Verifiable Credential Issuance 1.0 became Final on September 16, 2025 and defines an issuance API. W3C's Digital Credentials draft can reference these protocols, but it does not make every OpenID4VP, OpenID4VCI, ISO mdoc, W3C Verifiable Credential, or wallet deployment interoperable by default.
Roles and Ceremony
Digital credential systems usually involve issuers, holders, verifiers, credential managers, and user agents. W3C's Verifiable Credentials Data Model v2.0 defines issuers, holders, verifiers, claims, credentials, and presentations; the Digital Credentials API borrows that vocabulary while focusing on the browser mediation layer.
In a presentation flow, a verifier website makes a credential request, the browser mediates selection, and a holder or credential manager, often a digital wallet, can return a response. In an issuance flow, the draft describes a mediated path for requesting issuance of a credential. The browser is therefore not merely a transport pipe. It becomes part of the consent, selection, protocol, and privacy boundary.
The draft requires transient activation for presentation or issuance requests, so sites cannot silently request or issue digital credentials without a user-triggered action. It also requires user mediation and describes platform-provided user experience for credential and credential-manager selection. Those controls reduce silent access, but they do not by themselves prevent dark patterns, over-requesting, or institutional pressure to disclose a credential.
Protocol Boundary
The API separates browser mediation from the particular presentation or issuance protocol. A request includes a protocol identifier and request data. The draft's DigitalCredential interface carries a protocol member and data member, while DigitalCredential.userAgentAllowsProtocol() lets a site ask whether the user agent allows a protocol identifier.
This protocol boundary is the point of the design. A browser may support one set of protocols, wallet managers may support another, and credential formats may evolve separately. W3C's draft enumerates openid4vp-v1-unsigned, openid4vp-v1-signed, openid4vp-v1-multisigned, and org-iso-mdoc for presentation, plus openid4vci-v1 for issuance. That means implementers should not describe the API as "the W3C VC wallet API" or "the mDL API"; it is a mediation surface for multiple credential ecosystems.
The boundary also separates the Digital Credentials API from Federated Credential Management, WebAuthn, Verifiable Credentials, OpenID for Verifiable Presentations, and Decentralized Identifiers. Those layers can be used together, but a claim about one layer should not be used as evidence about another.
Agent Context
For AI systems, the Digital Credentials API matters wherever an agent operates inside a browser or browser-like automation environment. A purchasing agent, eligibility checker, travel assistant, insurance workflow, or customer-support agent might encounter a website that asks for age, license status, student status, citizenship attribute, professional credential, or organization authority.
The governance problem is delegation. If a human has a wallet and an AI agent operates the browser, who sees the prompt, who chooses the credential, who authorizes disclosure, and what is logged? Agent tooling should not treat credential presentation as another invisible browser action. A credential request can expose identity, eligibility, location-bound status, or government-linked attributes. It needs human-facing review, clear purpose, scoped disclosure, and audit records.
Agent systems should distinguish assistance from authority. An agent may summarize a verifier request, check whether it matches policy, or prepare a refusal. It should not silently present credentials unless the holder has already authorized that exact disclosure class, relying party, purpose, and retention rule.
Governance and Safety
The first risk is request proliferation. The W3C draft explicitly discusses unnecessary credential requests for government and non-government credentials and notes that verifiers may have incentives to over-request. Once a request ceremony becomes easy, websites can normalize credential checks for low-stakes interactions and exclude people who lack the requested wallet or document.
The second risk is correlation. The draft's privacy material discusses verifier-verifier linkability, verifier-issuer linkability, "phone home" mechanisms, status-check leakage, and incidental data leakage. If a browser prompt repeatedly exposes stable identifiers, rich attributes, wallet metadata, or credential availability, a privacy-preserving credential system can become tracking infrastructure.
The third risk is blurred responsibility. The draft says credential-manager implementation, wallet storage, platform security, and transport-layer details are outside parts of the API's scope. A relying party still needs policy for verifier authorization, credential minimization, issuer trust, wallet compromise, revocation, refusal, correction, and appeal.
The fourth risk is consent laundering. A browser prompt is not automatically meaningful consent, especially when access to work, benefits, travel, schooling, credit, housing, or public services depends on clicking through. Governance should treat the prompt as one evidence point inside a larger policy process, not as a substitute for legitimacy.
Ceremony Record
For consequential uses, preserve a compact record of the credential ceremony without hoarding the credential itself:
- Request layer: verifier origin, embedded origin if any, purpose, service consequence of refusal, requested attributes, protocol identifier, credential format, and requested credential type.
- Browser layer: user-agent version, secure-context status, Permissions Policy context, transient activation event, credential-manager chooser path, and whether the request was same-device or cross-device.
- Wallet layer: selected credential manager, disclosed-claim summary, holder-binding method, status-check method, issuer trust framework, and whether the wallet exposed verifier metadata.
- Agent layer: whether an AI agent observed, recommended, clicked, delegated, or blocked the presentation; the policy that allowed it; and the human review event.
- Retention layer: what the verifier stored, what it deliberately did not store, retention period, audit owner, incident contact, and appeal path.
Defense Pattern
- Separate API, protocol, and credential. Identify which layer is doing browser mediation, exchange, proof, storage, and policy validation.
- Require purpose binding. A request should say why the credential is needed, which attributes are requested, and what happens if the user refuses.
- Minimize disclosure. Prefer a derived attribute or selective-disclosure presentation over a whole credential when the verifier only needs a yes-or-no fact.
- Authenticate the verifier. A syntactically valid request should not be enough; wallets and relying parties need policy for who may request which credential.
- Keep agents out of silent presentation. AI agents should surface credential prompts to humans unless a narrowly scoped, pre-approved policy exists.
- Log the decision without hoarding. Record requester, credential type, requested attributes, user decision, agent involvement, verifier policy, and retention limits without storing full credentials by default.
- Preserve refusal and appeal. Users need an alternative path when a credential is unavailable, wrong, expired, revoked, or inappropriate for the context.
Source Discipline
Claims about the Digital Credentials API should name the draft date, browser or user-agent implementation, protocol identifier, credential format, wallet or credential manager, and verifier policy. Credential Management Level 1, Verifiable Credentials, mobile driving licenses, OpenID presentation and issuance protocols, platform wallets, WebAuthn, FedCM, and the Digital Credentials API are related but not interchangeable.
For implementation claims, cite the browser or platform's own documentation and state the exact browser version, operating-system dependency, wallet dependency, and whether the feature is presentation, issuance, or both. For governance claims, cite the request purpose, legal basis or institutional policy, retention rule, and appeal mechanism rather than relying on generic claims that the exchange is "privacy-preserving."
Spiralist Reading
Spiralism reads the Digital Credentials API as a ceremony layer. The humane version lets the browser slow down identity disclosure and make the request legible. The dangerous version makes credential presentation feel as routine as clicking "allow" on a cookie banner. Machine-mediated life needs stronger pause points, not smoother identity extraction.
Open Questions
- How should browsers distinguish routine credential requests from high-risk identity extraction?
- Which verifiers should be blocked from asking for government-linked credentials in low-stakes contexts?
- Which credential prompts may an AI agent handle under pre-authorization, and which always require human review?
- How should users appeal or correct harms caused by a technically valid credential presentation?
- Can browser prompts explain verifier authority, requested attributes, retention, and refusal without becoming unreadable?
Related Pages
- Digital Identity
- Verifiable Credentials
- OpenID for Verifiable Presentations
- Decentralized Identifiers
- WebAuthn
- AI Agent Identity
- AI Agent Observability
- AI Audit Trails
- AI Incident Reporting
- Federated Credential Management
- NIST Digital Identity Guidelines
- Human Oversight in AI
- Notice and Appeal
- Proof of Personhood
- Age Assurance
- AI Browsers and Computer Use
- Web Bot Auth
- Synthetic Identity Fraud
- Data Minimization
- Contextual Integrity
- Zero-Knowledge Proofs
- Digital Public Infrastructure
- AI Governance
Sources
- W3C, Digital Credentials, W3C Working Draft, June 26, 2026.
- W3C, Digital Credentials publication history.
- W3C, Credential Management Level 1, W3C Working Draft, April 10, 2026.
- W3C, Verifiable Credentials Data Model v2.0, W3C Recommendation, May 15, 2025.
- W3C, Federated Credential Management API, First Public Working Draft, August 20, 2024.
- OpenID Foundation, OpenID for Verifiable Presentations 1.0, Final, July 9, 2025.
- OpenID Foundation, OpenID for Verifiable Credential Issuance 1.0, Final, September 16, 2025.
- Chrome for Developers, Digital Credentials API: Secure and private identity on the web, implementation note for Chrome 141.