> ## Documentation Index
> Fetch the complete documentation index at: https://docs.truthlocks.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Create application
> Create a new issuer application in draft status.
Creates a new issuer application for your organization. The application starts in `DRAFT` status, allowing you to upload evidence before submitting for review.
See the [issuer application guide](/guides/issuer-applications) for a walkthrough of the full application workflow.
### Parameters
Full registered legal name of the organization applying to become an issuer.
Name shown on credentials and proof pages. Defaults to `legal_name` if omitted.
Country or region where the organization is registered (for example, `"United States"` or `"United Kingdom"`).
Company registration or incorporation number.
Trust tier you are applying for. Defaults to `"verified_org"` if omitted. Accepted values: `verified_org`, `government_entity`, `accredited_institution`.
Name of the primary contact for this application.
Email address of the primary contact.
Organization to associate the application with. If omitted, the application is linked to your tenant's default organization.
### Responses
## OpenAPI
````yaml mint-openapi.yaml POST /v1/issuer-applications
openapi: 3.0.3
info:
title: Truthlocks API
description: >
Truthlocks is a universal verification infrastructure for documents,
credentials, and digital assets.
This specification defines the canonical API for interacting with Truthlocks
services.
## Base URLs
- **Production**: `https://api.truthlocks.com`
- **Sandbox**: `https://sandbox-api.truthlocks.com`
## Authentication
- **API Keys**: Use `X-API-Key` header for machine-to-machine operations
- **Bearer Tokens**: Use `Authorization: Bearer ` for user-initiated
operations
## Tenant Identity
In production, tenant identity is derived from the authenticated context
(API key or JWT).
The `X-Tenant-ID` header is ignored in production to prevent spoofing.
version: 1.0.0
contact:
name: Truthlocks Support
url: https://truthlocks.com/support
email: support@truthlocks.com
servers:
- url: https://api.truthlocks.com
description: Production API
- url: https://sandbox-api.truthlocks.com
description: Sandbox Environment
security:
- APIKey: []
tags:
- name: Authentication
description: API key and token management
- name: Issuers
description: Issuer registration and trust management
- name: Keys
description: Cryptographic key management for issuers
- name: Attestations
description: Attestation lifecycle (mint, revoke, supersede)
- name: Verification
description: Attestation verification and proof bundles
- name: Governance
description: Issuer governance workflows (admin only)
- name: Identity
description: Organization, user, and role management
- name: Audit
description: Audit event queries
- name: Platform
description: Platform administration (super admin only)
- name: Platform Review
description: Staff review workflows for issuer applications
- name: Tenant Console
description: Tenant profile and lifecycle endpoints
- name: Health
description: Service health and readiness endpoints
- name: Risk
description: Risk signal ingestion and fraud detection
- name: Risk Enforcement
description: Risk enforcement actions — block, challenge, quarantine, and configuration
- name: Billing
description: Billing, subscription, and addon management
- name: Machine Identity
description: >-
Machine Agent Identity Protocol (MAIP) — agent registration, sessions,
trust, witness, compliance, orchestration, and observability
externalDocs:
description: Transparency read-only API (separate service spec)
url: >-
https://github.com/truthlocks/truthlock/blob/main/docs/transparency/openapi.yaml
paths:
/v1/issuer-applications:
post:
tags:
- Trust Registry
summary: Create issuer application
description: Creates a new issuer application in draft status.
operationId: issuerApplications.create
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- legal_name
properties:
legal_name:
type: string
display_name:
type: string
jurisdiction:
type: string
registration_ref:
type: string
requested_trust_tier:
type: string
enum:
- verified_org
- government_entity
- accredited_institution
contact_name:
type: string
contact_email:
type: string
org_id:
type: string
responses:
'201':
description: Application created
content:
application/json:
schema:
type: object
properties:
id:
type: string
legal_name:
type: string
status:
type: string
created_at:
type: string
'401':
description: Authentication required
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorEnvelope'
security:
- APIKey: []
components:
schemas:
ErrorEnvelope:
type: object
required:
- code
- message
- http_status
properties:
code:
type: string
description: Machine-readable error code
enum:
- AUTH_REQUIRED
- AUTH_INVALID
- PERMISSION_DENIED
- TENANT_IDENTITY_UNVERIFIED
- NOT_FOUND
- VALIDATION_ERROR
- CONFLICT
- PAYLOAD_TOO_LARGE
- RATE_LIMIT_EXCEEDED
- QUOTA_EXCEEDED
- SERVICE_UNAVAILABLE
- INTERNAL_ERROR
message:
type: string
description: Human-readable error message
http_status:
type: integer
description: HTTP status code
retry_after_ms:
type: integer
description: Milliseconds to wait before retrying (for rate limits)
details:
type: object
description: Additional error context
example:
code: AUTH_REQUIRED
message: Authentication required
http_status: 401
securitySchemes:
APIKey:
type: apiKey
in: header
name: X-API-Key
description: API key for machine-to-machine authentication
````