Paradym connector

Content Type: Module
Categories: Connectors

Overview

The Paradym connector allows you to easily and quickly connect with the Paradym API for issuing, verifying and other identity actions in Mendix.

 

With Paradym, you can set up digital identity infrastructure in minutes, so you can focus on integrating it into your application.

Documentation

Demo urlhttps://youtu.be/JwpKYsQ8iXA

Introduction

With Paradym, you can set up digital identity infrastructure in minutes, so you can focus on integrating it into your application. The Paradym connector allows you to easily and quickly connect with the Paradym API for issuing, verifying and other identity actions in Mendix.

This Paradym connector enables the usage of most of the Paradym API resources described in API documentation https://paradym.id/reference?full and is up to date with Changelog February 11, 2025

Development

The connector_paradym module requires at least Mendix version 9.24.18.

Maintenance

This module is maintained in this GitHub repository

Dependencies

Issues

Please report any issues with the Paradym connector on GitHub.

Documentation

This module supports Paradym API v1 which contains the following endpoints Supported API endpoints:

/v1 /projects /members /add /remove /webhooks /profiles/default /templates /credentials /sd-jwt-vc /json-schema /unarchive /anoncreds /json-schema /unarchive /presentations /dids /trusted-entities /issuance /sd-jwt-vc /revocation/batch /openid4vc /issuance /offer /verification /request /didcomm /invitations /receive /create-connection /connections /issuance /offer /verification /request /mediators /connections /messaging /basic/send /custom/send

API and Dashboard: Use Paradym to issue and verify credentials (SD-JWT over OpenID4VC and DIDComm based)

Configuration

Please start with the Paradym documentation to get familiar with concepts of digital wallets, the workflows, actions and executions.

  1. Create an account with Paradym, obtain an API key
  2. Download connector_paradym from the Mendix Marketplace (or import it manually) into Studio Pro
  3. Connect the Administrator (module role) to a User role and add the Paradym Settings snippet on an overview accessible by the user setting up the Paradym connector
  4. Set Constants
  5. Add logic to create/edit/delete APISettings by using theA PISettingsHelper and open the APISettings_Edit (it's up to you to decide how to determine the _IDs)
  6. Add logic to create Projects (optional, can also be done via the Paradym dashboard)
  7. Run the application, sign in and go to the Paradym settings page
  8. Create APISettings, enter your API key and start syncing data from Paradym (at this point there won't be much data, but if you are connection with an existing API key you can retrieve existing projects, mediators, etc.)
  9. Start building with the components of connector_paradym

To further test and work with Paradym API actions it is recommended to use a gateway that can forward the webhook events to your local development machine (e.g. hookdeck, ngrok).

Security

This module tries to follow the principle of least privilege, in which a user is given the minimum levels of access needed.

  • Module roles: Administrator role for configuring the Paradym connector and debugging information. No other users should have access to logic or data from this module.
  • Encryption: always store sensitive and personal information encrypted (e.g. ApiKey, proof-presentations, messages).

References

  • Farmworker Wallet OS ecosystem. Although connector_paradym is not part of the Farmworker Wallet OS it is used in the reference projects to demonstrate how a Cloud Agent implementation with Mendix could be developed
  • Paradym default workflows. The Paradym documentation contains some example workflows, this repository contains the workflows definitions used as starting point for Entidad projects implementing Paradym (archived)

Releases

Version: 3.5.1
Framework Version: 9.24.18
Release Notes: Corrected string length constraints on Certificate._CertificateHash and VerificationSessionApi.authorizationRequestUri attributes * These changes were in support of the OpendID4VC API mdoc verification implementation (https://docs.paradym.id/api-and-dashboard/verify-credentials)
Version: 3.5.0
Framework Version: 9.24.18
Release Notes: - Add "expiresAt" to VerificationSession, IssuanceSession, DidcommInvitation API responses (entities and import mappings) see also https://paradym.id/changelog?page=1#Session%20expiration%20and%20cleanup - Add support for OpenID4VP response encryption; see also https://paradym.id/changelog?page=1#Remote%20verification%20of%20mDOC%20credentials%20based%20on%20ISO%2018013-7 Note this breaks any calls to the Microflow API_OpenID4VC_VerificationRequest_POST_v1 it now expects a VerificationSessionApi object as request input instead of a string parameter containing the presentationTemplateId
Version: 3.4.0
Framework Version: 9.24.18
Release Notes: - Add support for notifyWallet in the batch revociation API; see Paradym changelog https://paradym.id/changelog?page=1#Send%20DIDComm%20revocation%20notification%20to%20wallet Note this breaks any Microflow calls to API_Revocation_POST_v1, the input parameter DataApi needs to be replaced with a RevocationApi object (new)
Version: 3.3.2
Framework Version: 9.24.18
Release Notes: - Add ?include=credentials.trustedIssuers to URL in GET Retrieve presentation template
Version: 3.3.1
Framework Version: 9.24.18
Release Notes: - Fix naming for #13 (renamed AnonCredsSchema to JSONSchemaApi) reused existing JSON documents and mapping
Version: 3.3.0
Framework Version: 9.24.18
Release Notes: [BREAKING CHANGES] - #14 Verify credentials via TrustedIssuers (TrustedEnitites), Issuers on PresentationTemplate.Credentials will be deprecated in March 2025. This is a breaking change, issuers can be migrated by creating a flow that retrieves existing issuers and calls the TrustedEntities API, then update (PUT) the PresentationTemplates with these new TrustedIssuers - Domain model clean up and Naming convention fixes. This might break references to NPE entities used for the Paradym APIs. To avoid broken references you can first make sure that in your Mendix project, in the Connector_Paradym all NPEs (except helper) follow the following conventions (rename if required): end with Api, e.g. CredentialApi and the attributes on these entities are lower `camelCase ` not `PascalCase`.
Version: 3.2.1
Framework Version: 9.24.18
Release Notes: Updated GET issuance session JSON mapping to include `didcommInvitationId` response attribute. This is important to associate with a Credential entity once it has been accepted by a connected party. Reference: https://paradym.id/reference#tag/didcomm-issuance/GET/v1/projects/{projectId}/didcomm/issuance/{didcommIssuanceId}
Version: 3.2.0
Framework Version: 9.24.18
Release Notes: Added "didcommConnectionId" attribute to VerificationRequest mappings. In the scenario where a Verifier wants to direct a verification request over an established DIDComm connection instead of using an OutOfBandInvitation, the verification request API post payload can map the "didcommConnectionId" parameter and skip "didcommInvitationId". Reference: https://paradym.id/reference#tag/didcomm-verification/POST/v1/projects/{projectId}/didcomm/verification/request
Version: 3.1.0
Framework Version: 9.24.18
Release Notes: - Add QR image URL https://paradym.id/changelog?page=1#QR%20image%20url - invitationQrUri for didcomm connection invitations - didcommInvitation.invitationQrUri for DIDComm issuance offers or DIDComm verification requests - offerQrUri for OpenID4VC issuance offers - authorizationRequestQrUri for OpenID4VC verificaton requests
Version: 3.0.0
Framework Version: 9.24.18
Release Notes: - **Workflow Execution support removed** - Clean up of code and unused items