When creating a template, you can specify a storage parameter to determine where the credential payload will be stored. The possible values for this parameter are:
  • crossmint
  • crossmint-private
  • delegated
  • decentralized-ipfs

Crossmint

With this option, credentials are stored on the Crossmint database. This is the most flexible solution and is compatible with all other features.
There is not access control on credential retrieval, credential data is public and can be retrieved by anyone, use encrypted credentials if you need to protect the data.

Crossmint Private

This option is designed for integrated systems in which the issuer is also the verifier. Credentials are stored by Crossmint, but only the issuer can retrieve the credential payload. Because the credential issuer is also the credential verifier, there is no need to encrypt the credentials.

Decentralized Storage

This option is the most open and transparent solution as it will store the credential to a decentralized storage (IPFS). All retrieval API endpoints will still be available and will proxy the request to ipfs. Encrypting the payload is suggested to avoid private credential data being exposed to be public.
Credential issuance will be slower than other storage options.

Delegated Storage

This option is designed for the enterprise, giving the issuer full control over the credentials. With delegated storage, no reference to the data is stored on Crossmint databases. The credential is returned to the issuer via the webhook and the issuer is responsible for storing it. All Crossmint retrieval endpoints will consequently be disabled. A delegatedStorageEndpoint parameter must be added when creating the credential template that specifies the endpoint where the credential can be retrieved (can be set to a dummy value like “unknown” if not desired). This endpoint will be saved in the contract metadata and can be used by users to retrieve the credential associated with their NFT. Issuers can protect content privacy by encrypting the payload.
For delegated storage, if the credential is not catched by the webhook, it will be lost. Read more about webhooks here.