# Wallet Service {% hint style="success" %} Added in version 2.3. {% endhint %} {% hint style="warning" %} **Developer Preview** The ESS Wallet Service endpoints are available as part of a Developer Preview program to allow early access to these features. Please be aware that these APIs may change. {% endhint %} The Wallet Service provides a set of endpoints to support the creation of a Data Wallet application that connects to a Solid Pod. With the Wallet Service: * An application can incorporate Wallet capabilities for managing resources in the Wallet (e.g. **`Read`** , **`Write`** , **`Delete`** ). * An application can incorporate Access Requests and Access Grants for managing access to data stored in the Wallet. * An application can add the ability to download data from an external reference for storage in the Wallet. ## ESS Wallet Service Endpoints ESS Wallet Service endpoints run at: ```none https://datawallet.{ESS Domain} ``` The ESS Wallet Service consists of the following endpoints: ### Wallet Endpoint Create, Read, Update and Delete Wallet resources.

HTTP Method	Endpoint	Description
`GET`	`/wallet`	List all resources in the Wallet.
`PUT`	`/wallet`	Create or update a resource in the Wallet.
`GET`	`/wallet/{identifier}`	Get the content of a resource in the Wallet.
`DELETE`	`/wallet/{identifier}`	Delete a resource from the Wallet.

### Inbox Endpoint Manage Access Requests in the Wallet inbox.

HTTP Method	Endpoint	Description
`GET`	`/inbox`	List all Access Requests in the inbox.
`GET`	`/inbox/{uuid}`	Fetch the content of a specific Access Request from the inbox.
`DELETE`	`/inbox/{uuid}`	Delete an Access Request from the inbox.
`GET`	`/inbox/{uuid}/verify`	Verify an Access Request in the inbox.
`PUT`	`/inbox/{uuid}/grantAccess`	Grant access to a resource based on a specific Access Request in the inbox.
`PUT`	`/inbox/{uuid}/denyAccess`	Deny access to a resource based on a specific Access Request in the inbox.

### Access Grant Endpoint Manage Access Grants in a user’s Wallet.

HTTP Method	Endpoint	Description
`GET`	`/accessgrants`	List all Access Grants managed by the user’s Wallet.
`GET`	`/accessgrants/{uuid}`	Fetch an Access Grant managed by the user’s Wallet.
`DELETE`	`/accessgrants/{uuid}`	Delete an Access Grant managed by the user’s Wallet.
`PUT`	`/accessgrants/{uuid}/revoke`	Revoke and delete an Access Grant managed by the user’s Wallet.
`PUT`	`/accessgrants/revoke`	Revoke and delete multiple Access Grants managed by the user’s Wallet.

### Signup Endpoint Initialize a Solid Pod for use with the Wallet.

HTTP Method	Endpoint	Description
`POST`	`/signup`	Initialize a user’s Pod for use with the Wallet.

### Access Prompt Endpoint Initiate and validate Access Request flows with third-party applications.

HTTP Method	Endpoint	Description
`POST`	`/accessprompt`	Endpoint subject to change. Send a prompt to a third party, initiating an Access Request flow.
`GET`	`/accessprompt/resource`	Endpoint subject to change. Validate an Access Request and search the Wallet for data of the requested type.

### Login Endpoint Facilitate login flows for applications.

HTTP Method	Endpoint	Description
`GET`	`/login/userInfo`	Experimental. Provide user properties to a client application.

## Endpoint Access Control The ESS Wallet Service endpoints listed above require the caller to be authenticated. The endpoints support the use of HTTP-only, secure session cookies. ## Wallet Service Configuration As part of the [installation process](https://docs.inrupt.com/ess/2.5/installation), Inrupt provides base Kustomize overlays and associated files that require deployment-specific configuration inputs. The following configuration options are available for the service and may be set as part of [updating the inputs for your deployment](https://docs.inrupt.com/ess/installation#step-1-initialize-the-installation-directory). The Inrupt-provided base Kustomize overlays may be using updated configuration values that differ from the default values. ### Required #### **SPRING\_APPLICATION\_HTTP\_BASE\_URL** Default : **`https://datawallet.`** Specifies the root URL of the wallet service. #### **SPRING\_SECURITY\_OAUTH2\_CLIENT\_REGISTRATION\_WALLET\_APP\_CLIENT\_ID** Default : **`https://datawallet./app/id`** Specifies the URL of the ClientID document for the wallet service. ### Optional Multiple third-party clients can be configured using indexed properties. The indexed property values must be consecutive non-negative integers starting at 0. For example: ```none WALLET_APP_THIRD_PARTY_CLIENTS_0_CLIENT=ffc36f46-45cf-4dbd-853e-7cdc5587e206 WALLET_APP_THIRD_PARTY_CLIENTS_0_NAME=DataWallet Companion App WALLET_APP_THIRD_PARTY_CLIENTS_1_CLIENT=8257876e-ec3f-4b4c-8dda-8a00142351eb WALLET_APP_THIRD_PARTY_CLIENTS_1_NAME=Third-party Wallet Application ``` #### **WALLET\_APP\_THIRD\_PARTY\_CLIENTS\_{index}\_CLIENT** A unique identifier for a third-party client. For example, **`ffc36f46-45cf-4dbd-853e-7cdc5587e206`** . #### **WALLET\_APP\_THIRD\_PARTY\_CLIENTS\_{index}\_NAME** A name for a third-party companion application. For example, “DataWallet Companion App”