Skip to main content

What is the EUDIW Connector?

Truvity EUDIW Connector is an API-first solution that enables your organization to request and verify digital credentials from EU Digital Identity Wallets (EUDI Wallets). The connector runs in dedicated infrastructure and you integrate it through a REST API. The connector handles the complexity of the OpenID for Verifiable Presentations (OID4VP) protocol, eIDAS 2.0 compliance, and cryptographic operations, so you can focus on your business logic and user experience.

The challenge

Organizations across the EU face increasing pressure to adopt digital identity verification for customer onboarding, authentication, and regulatory compliance. The European Union's eIDAS 2.0 regulation mandates that member states provide EUDI Wallets to citizens by December 2026, creating both an opportunity and a challenge for businesses.

Integrating with EUDI Wallets presents significant technical and regulatory hurdles. You must implement the OID4VP protocol, which requires deep expertise in OAuth 2.0, JWT encryption, and digital signature standards. The Architecture Reference Framework (ARF) defines hundreds of specific requirements that your implementation must satisfy. Managing X.509 access certificates, trust chains, and revocation checking adds operational complexity. Supporting multiple wallet implementations across EU member states requires continuous testing and updates as each country rolls out its infrastructure.

Banks, insurance companies, government services, and other organizations need a solution that shields them from this complexity while maintaining full compliance, security, and interoperability across all EU member states.

The solution

Truvity is a solution provider whose software runs in dedicated infrastructure. The EUDIW Connector provides a complete infrastructure layer that sits between your systems and EUDI Wallets. You are the Relying Party—the connector handles protocol implementation, cryptographic operations, and compliance enforcement on your behalf.

When you integrate the connector, you gain immediate access to the entire EUDI Wallet ecosystem without building the underlying infrastructure yourself. The connector maintains protocol compatibility as standards evolve, validates trust chains against member state registries, and helps your implementation remain aligned with eIDAS 2.0 requirements.

The connector abstracts away complexity through a simple REST API. It handles protocol negotiation, encryption, signature validation, revocation checking, and trust evaluation.

Key capabilities

Same-device and cross-device flows

The connector supports users regardless of how they access your service.

In the same-device flow, a user clicks a link on their phone, and their EUDI Wallet app opens automatically. They approve the request with biometric authentication, and your app immediately receives the verified data. This flow provides the smoothest user experience for mobile users.

In the cross-device flow, a user visits your website on desktop and scans a QR code with their EUDI Wallet. They approve the request on their phone, and your desktop app receives the verified data. This enables credential verification in contexts where the wallet is not installed on the device being used.

Both flows provide the same security guarantees and deliver identical credential data. The connector automatically handles session management, state synchronization, and timeout handling for both patterns.

Selective disclosure

EUDI Wallets enable users to share only the specific information required for a transaction. Instead of presenting an entire credential (like a full passport), users can selectively disclose individual attributes or prove properties without revealing exact values. For details, see Selective disclosure.

Cryptographic verification

Every credential presentation undergoes comprehensive verification before the connector delivers data to your systems.

Signature validation ensures that trusted authorities issued credentials by validating digital signatures against issuer public keys. This confirms credentials have not been tampered with and come from legitimate sources.

Key binding validation confirms that the presenter legitimately possesses the credential through cryptographic proofs. This prevents unauthorized parties from using stolen credentials.

Revocation checking verifies credential status against issuer revocation lists in real time. If a credential has been revoked (due to loss, theft, or validity expiration), the presentation fails verification.

All verification happens automatically. You receive only successfully verified credential data through your callback, with complete audit trails for compliance reporting.

Certificate management

Digital certificates authenticate your organization to EUDI Wallets and establish trust in credential exchanges. You are responsible for obtaining and managing your certificates. The connector uses two types of certificates:

  1. Access certificates contain cryptographic keys for authenticating your Relying Party to wallets and ensure requests have not been tampered with. You obtain these from a Certificate Authority (CA) or member state registrar.
  2. Registration certificates declare what data you can request and for what purposes. These contain registered intended uses (like "identity verification for account opening") and prove your authorization to request specific credentials and attributes.

For development purposes, the connector supports self-signed certificates. You can generate test certificates instantly to develop and test your integration without waiting for registration with member state authorities. These work for development but are not trusted by production wallets.

For more details on certificate types and trust establishment, see the certificates explanation.

Deployment

The connector supports two deployment models. In both, your organization acts as the Relying Party (RP) directly.

Dedicated

Truvity deploys and manages a single-tenant connector instance on your behalf (for example, in a dedicated cloud account). You focus on integration and business logic while Truvity handles infrastructure operations, updates, and scaling.

Self-managed

You deploy and manage the connector in your own infrastructure. This gives you full control over servers, networking, storage, and operational procedures.

What you need

Both deployment models require:

  • X.509 access certificates from a Certificate Authority (CA) or member state registrar
  • A callback endpoint to receive verification results
  • Relying Party registration with your member state authority

For details on certificates and trust establishment, see the certificates explanation. For regulatory requirements, see Compliance and regulations.

Supported credential formats

The connector supports credential formats defined by the Architecture Reference Framework (ARF):

  • SD-JWT (Selective Disclosure JWT): JSON Web Tokens with selective disclosure capabilities. SD-JWT credentials allow holders to selectively disclose individual claims while keeping others private. Issuers sign the entire credential, and holders can prove they possess undisclosed claims without revealing their values.
  • SD-JWT+KB (with Key Binding): SD-JWT credentials enhanced with cryptographic key binding. Key binding proves that the credential presenter legitimately possesses the credential through a cryptographic challenge-response. This prevents stolen credentials from being used, as the presenter must demonstrate possession of a private key associated with the credential.

Benefits

Compliance-ready

eIDAS 2.0 aligned

The connector implements requirements from eIDAS 2.0 regulation (EU 2024/1183) for Relying Party operations. As regulatory updates and Implementing Acts are published, the connector is updated to reflect them.

ARF aligned

The connector follows the Architecture Reference Framework specifications for wallet interoperability. This includes alignment with high-level requirements for Relying Parties across all functional areas.

HAIP-first

The connector implements the High Assurance Interoperability Profile (HAIP) to ensure compatibility with official EUDI Wallets from all EU member states.

Developer-friendly

REST API and SDKs

The connector provides a simple, intuitive REST API and SDKs following modern best practices.

Comprehensive documentation

Detailed guides cover every integration scenario—from KYC verification to passwordless authentication. Code examples, sequence diagrams, and troubleshooting guides accelerate your implementation.

Self-signed certificates

Start developing immediately without waiting for official registration. Generate self-signed access certificates and begin testing credential flows within minutes.

Secure by design

End-to-end encryption

All credential presentations use end-to-end encryption. The connector decrypts presentations only in memory, processes verification, and immediately discards encryption keys.

Ephemeral data model

The connector processes credential data in memory and delivers verified results to your callback. Encryption keys are created per request and deleted after use. This ephemeral approach minimizes the attack surface and reduces data breach risk. See the ephemeral data model explanation for details.

Get access

To get access to a connector instance, test credentials, and onboarding support, contact hello@truvity.com.

Get started

Ready to integrate EUDI Wallet verification into your systems?

  1. Understand the ecosystem: read EUDI Wallet ecosystem context to learn how the connector fits into the broader digital identity landscape and understand the roles of PIDs, attestation providers, wallet holders, and Relying Parties.
  2. Review compliance: explore Compliance and regulations to understand eIDAS 2.0 requirements and your responsibilities as a Relying Party.
  3. Explore use cases: see Use cases for real-world scenarios including bank account opening (KYC) and passwordless authentication.
  4. Start building: follow the Quick start guide to create your first presentation request, implement a callback handler, and test the complete verification flow.

Further reading