Workflow Builder
Credential Templates

Create Credential Templates

Credentials can contain any type of claims that you'd like to issue, verify or present to a person, group or thing. Some examples include: a driving license, a receipt of purchase, a diploma and a ticket of entry. Anything that would need to be (or want to be) shown to prove some information can be issued as a credential.

Before a credential can be issued, first we need to create a credential template. In Paradym, a credential template is made up of two parts:

  • Credential schema: The schema specifies the attributes (e.g. name, date of birth) of the credential. This can be used by multiple parties, for example each university issues a Diploma credential.
  • Credential definition: The credential definition binds the schema to you as an issuer. This allows verifiers to know the credential was issued by you specifically, and not someone else.

When you want to issue a credential you always need to create a credential definition. You do not always have to create a credential schema. For example, If you're part of an ecosystem where another organization has defined a schema, you don't need to create a schema yourself.

The credential schema and credential definition actions only need to be executed once (combined) to register a credential template, which can then be used to issue and/or verify credentials as many times as needed. See how a credential template can be created in the example workflow Create a Credential Template.

Once you have defined a credential template, you can start issuing credentials. See the Issue Credential action and Issue an Employee Badge example workflow for more information.

Where are credential templates hosted?

Credential templates are registered in a publicly resolvable place, usually a blockchain, but a standard web-server is also supported. This allows verifiers to retrieve the credential templates, which contain cryptographic keys for verification.

Currently all credential templates within Paradym can be registered either on the cheqd network (using did:cheqd), or on a web service hosted by Paradym (using did:web).

When you select a network for a template this will influence which identifier is used for issuing a credential.

We recommend starting with the web service (did:web) for creating anoncreds credential templates, unless you have a requirement for using templates and issuers that are anchored on a blockchain. You can always upgrade to using a blockchain based template in the future.


cheqd (opens in a new tab) is a blockchain network, built in the Cosmos ecosystem for Self-Sovereign Identity. Cheqd has a dedicated token, $CHEQ used for identity writes to the network. The fees for the transactions are handled by Paradym and included as part of your subscription, so you don't need to worry about them.

Cheqd has two networks. The main network (mainnet) is for production use cases, and costs money to write to. The test network (testnet) is for testing and development, and is free to write to. You can choose which network to use when creating a credential schema. For testing purposes we always recommend using the test network, to not put any unnecessary load on the main network (as all data written to it is permanent).

Writing to the cheqd mainnet is not available on the free tier. If you want to write to the mainnet, you can upgrade to a paid plan. See the pricing page (opens in a new tab) for more information.

You can read more on AnonCreds with cheqd in cheqd's documentation (opens in a new tab)

Web Service

When you select did:web as the network, all templates are hosted by Paradym on Hosting templates on a web service is the easiest approach as you can just resolve the objects from a server. The identifier of the template is generated based on the template and thus means the objects are immutable.

You can read more on AnonCreds with did:web in the specification (opens in a new tab).

Create Schema

Name: anoncreds/createSchema
Description: Create a credential schema with attributes and register it on the specified network.
Version: v1


The attributes key takes the following input:

namestringThe schema name.
versionstringThe schema version.
attributeNamesstring[]The names of the attributes in the schema.
network"cheqd:mainnet" | "cheqd:testnet" | "did:web"The network to use.


schemaIdstringSchema identifier, to be accessed elsewhere with $.actions.<id>.output.schemaId


  - id: createPartyInviteSchema
    name: anoncreds/createSchema@v1
      name: 'Party Invite'
      version: '1.5'
      network: 'bcovrin:test'
        - firstName
        - lastName
        - dresscode

To understand how to work with actions in more depth, checkout the section on working with actions.

Create Credential Definition

Name: anoncreds/createCredentialDefinition
Description: Create a credential definition and register it on the specified network.
Version: v1


The attributes key takes the following input:

schemaIdstringIdentifier of the schema. The credential definition will be created on the same network as used in the credential schema.
tagstringHuman readable tag of the credential definition, used to differentiate between credential definitions.


credentialDefinitionIdstringCredential definition identifier, to be accessed elsewhere with $.actions.<id>.output.credentialDefinitionId


  - id: createPartyCredentialDef
    name: anoncreds/createCredentialDefinition@v1
      schemaId: 'did:cheqd:mainnet:81d90082-ec23-4efc-94ab-9653bc3f5cb3/127a0507-bea9-43a8-a0bc-e905aafee81b'
      tag: 'Regular guest invites'