Verifier root CA certificates

Specifies paths and operations for managing Verifier root CA certificates for mDocs verification.

Create a verifier root CA certificate

Creates a verifier root CA certificate to be used as part of mDocs online verification workflows.

  • A maximum of three Verifier root CA certificates can be created per tenant.

Analytic events

  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_CREATE_START
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_CREATE_SUCCESS
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_CREATE_FAIL
Roles: ["admin","verifier"]
SecuritybearerAuth
Request
Request Body schema: application/json
required

Verifier root CA certificate payload

commonName
string
Default: "{tenantDomain} Verifier"

Used to define the common name of the created verifier root CA certificate. Wallets that are implementing certificate-based trust should be paying extra attention to this value as it would be used by the user to establish trust with the verifier.

country
string

Used to define the ISO 31661 alpha-2 country code of the created verifier root CA certificate.

active
boolean
Default: true

Boolean determining whether or not the verifier root CA certificate is active and should be used during online verification flows. This can be used to support certificate rotation. As best practice it is not recommended to have multiple active verifier root CA certificates at the same time. If multiple active certificates do exist, the oldest one is used by default.

Responses
200

Verifier root CA certificate created

400

Bad Request. The request was malformed or missing required parameters.

409

Maximum number of verifier root certificates reached. Please delete an existing certificate before creating a new one.

post/v2/presentations/certificates/ca
Request samples
application/json
{
  • "commonName": "{tenantDomain} Verifier",
  • "country": "string",
  • "active": true
}
Response samples
application/json
{
  • "id": "string",
  • "certificatePem": "string",
  • "certificateFingerprint": "string",
  • "certificateData": {
    },
  • "active": true
}

Retrieve all verifier root CA certificates

Retrieves all existing verifier root CA certificates.

Analytic events

  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_LIST_START
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_LIST_SUCCESS
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_LIST_FAIL
Roles: ["admin","verifier"]
SecuritybearerAuth
Responses
200

Verifier root CA certificates retrieved

get/v2/presentations/certificates/ca
Request samples
Response samples
application/json
{
  • "data": [
    ],
  • "nextCursor": "string"
}

Update a verifier root CA certificate

Updates an existing verifier root CA certificate.

Analytic events

  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_UPDATE_START
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_UPDATE_SUCCESS
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_UPDATE_FAIL
Roles: ["admin","verifier"]
SecuritybearerAuth
Request
path Parameters
certificateId
required
string <uuid>

Unique identifier for the verifier root CA certificate.

Example: 281d20b3-42a3-40dd-b29a-115ff32b02b7
Request Body schema: application/json
required

Verifier root CA certificate payload

active
boolean
Default: true

Boolean determining whether or not the verifier root CA certificate is active and should be used during online verification flows. This can be used to support certificate rotation. As best practice it is not recommended to have multiple active verifier root CA certificates at the same time. If multiple active certificates do exist, the oldest one is used by default.

Responses
200

Verifier root CA certificate updated

400

Bad Request. The request was malformed or missing required parameters.

404

Not Found. The specified resource was not found.

put/v2/presentations/certificates/ca/{certificateId}
Request samples
application/json
{
  • "active": true
}
Response samples
application/json
{
  • "id": "string",
  • "certificatePem": "string",
  • "certificateFingerprint": "string",
  • "certificateData": {
    },
  • "active": true
}

Retrieve a verifier root CA certificate

Retrieves an existing verifier root CA certificate.

Analytic events

  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_START
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_SUCCESS
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_FAIL
Roles: ["admin","verifier"]
SecuritybearerAuth
Request
path Parameters
certificateId
required
string <uuid>

Unique identifier for the verifier root CA certificate.

Example: 281d20b3-42a3-40dd-b29a-115ff32b02b7
Responses
200

Verifier root CA certificate retrieved

404

Not Found. The specified resource was not found.

get/v2/presentations/certificates/ca/{certificateId}
Request samples
Response samples
application/json
{
  • "id": "string",
  • "certificatePem": "string",
  • "certificateFingerprint": "string",
  • "certificateData": {
    },
  • "active": true
}

Delete a verifier root CA certificate

Deletes an existing verifier root CA certificate.

Analytic events

  • PRESENTATION_VERIFIER_CA_CERTIFICATE_DELETE_START
  • PRESENTATION_VERIFIER_CA_CERTIFICATE_DELETE_SUCCESS
  • PRESENTATION_VERIFIER_CA_CERTIFICATE_DELETE_FAIL
Roles: ["admin","verifier"]
SecuritybearerAuth
Request
path Parameters
certificateId
required
string <uuid>

Unique identifier for the verifier root CA certificate.

Example: 281d20b3-42a3-40dd-b29a-115ff32b02b7
Responses
204

Verifier root CA certificate deleted

404

Not Found. The specified resource was not found.

delete/v2/presentations/certificates/ca/{certificateId}
Request samples
Response samples
application/json
{
  • "code": "string",
  • "message": "string",
  • "details": [
    ]
}