Learn

Verifier root CA certificates

Specifies paths and operations for managing Verifier root CA certificates for mDocs verification.

Create a verifier root CA certificate

Creates a verifier root CA certificate to be used as part of mDocs online verification workflows.

  • A maximum of three Verifier root CA certificates can be created per tenant.

Analytic events

  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_CREATE_START
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_CREATE_SUCCESS
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_CREATE_FAIL
Roles: ["admin","verifier"]
SecuritybearerAuth
Request
Request Body schema: application/json
required

Verifier root CA certificate payload

commonName
string
Default: "{tenantDomain} Verifier"

Used to define the common name of the created verifier root CA certificate. Wallets that are implementing certificate-based trust should be paying extra attention to this value as it would be used by the user to establish trust with the verifier.

country
string

Used to define the ISO 31661 alpha-2 country code of the created verifier root CA certificate.

active
boolean
Default: true

Boolean determining whether or not the verifier root CA certificate is active and should be used during online verification flows. This can be used to support certificate rotation. As best practice it is not recommended to have multiple active verifier root CA certificates at the same time. If multiple active certificates do exist, the oldest one is used by default.

Responses
200

Verifier root CA certificate created

400

Bad Request. The request was malformed or missing required parameters.

409

Maximum number of verifier root certificates reached. Please delete an existing certificate before creating a new one.

post/v2/presentations/certificates/ca
Request samples
application/json
{
  • "commonName": "{tenantDomain} Verifier",
  • "country": "string",
  • "active": true
}
Response samples
application/json
{
  • "id": "string",
  • "certificatePem": "string",
  • "certificateFingerprint": "string",
  • "certificateData": {
    },
  • "active": true
}

Retrieve all verifier root CA certificates

Retrieves all existing verifier root CA certificates.

Analytic events

  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_LIST_START
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_LIST_SUCCESS
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_LIST_FAIL
Roles: ["admin","verifier"]
SecuritybearerAuth
Responses
200

Verifier root CA certificates retrieved

get/v2/presentations/certificates/ca
Request samples 
Response samples 
application/json
{
  • "data": [
    ],
  • "nextCursor": "string"
}
Update a verifier root CA certificate
Updates an existing verifier root CA certificate.


Analytic events


    

  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_UPDATE_START
    • 

  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_UPDATE_SUCCESS
    • 

  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_UPDATE_FAIL
    • 



Roles:  ["admin","verifier"]
SecuritybearerAuth 
Request 
path Parameters
certificateId
required
string <uuid> 
Unique identifier for the verifier root CA certificate.


 
 Example:  281d20b3-42a3-40dd-b29a-115ff32b02b7
Request Body schema: application/json
required
Verifier root CA certificate payload


active
boolean
 Default:  true
Boolean determining whether or not the verifier root CA certificate is active and should be used during online verification flows. This can be used to support certificate rotation. As best practice it is not recommended to have multiple active verifier root CA certificates at the same time. If multiple active certificates do exist, the oldest one is used by default.


 
Responses 
200
Verifier root CA certificate updated


400
Bad Request. The request was malformed or missing required parameters.


404
Not Found. The specified resource was not found.


put/v2/presentations/certificates/ca/{certificateId}
Request samples 
application/json
{
  • "active": true
}
Response samples 
application/json
{
  • "id": "string",
  • "certificatePem": "string",
  • "certificateFingerprint": "string",
  • "certificateData": {
    },
  • "active": true
}
Retrieve a verifier root CA certificate
Retrieves an existing verifier root CA certificate.


Analytic events


    

  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_START
    • 

  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_SUCCESS
    • 

  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_FAIL
    • 



Roles:  ["admin","verifier"]
SecuritybearerAuth 
Request 
path Parameters
certificateId
required
string <uuid> 
Unique identifier for the verifier root CA certificate.


 
 Example:  281d20b3-42a3-40dd-b29a-115ff32b02b7
Responses 
200
Verifier root CA certificate retrieved


404
Not Found. The specified resource was not found.


get/v2/presentations/certificates/ca/{certificateId}
Request samples 
Response samples 
application/json
{
  • "id": "string",
  • "certificatePem": "string",
  • "certificateFingerprint": "string",
  • "certificateData": {
    },
  • "active": true
}
Delete a verifier root CA certificate
Deletes an existing verifier root CA certificate.


Analytic events


    

  • PRESENTATION_VERIFIER_CA_CERTIFICATE_DELETE_START
    • 

  • PRESENTATION_VERIFIER_CA_CERTIFICATE_DELETE_SUCCESS
    • 

  • PRESENTATION_VERIFIER_CA_CERTIFICATE_DELETE_FAIL
    • 



Roles:  ["admin","verifier"]
SecuritybearerAuth 
Request 
path Parameters
certificateId
required
string <uuid> 
Unique identifier for the verifier root CA certificate.


 
 Example:  281d20b3-42a3-40dd-b29a-115ff32b02b7
Responses 
204
Verifier root CA certificate deleted


404
Not Found. The specified resource was not found.


delete/v2/presentations/certificates/ca/{certificateId}
Request samples 
Response samples 
application/json
{
  • "code": "string",
  • "message": "string",
  • "details": [
    ]
}
➔ Next to Apple Identity Access certificates