light-mode-image
Learn
API ReferenceHolder root CA certificates

Update a holder root CA certificate

Roles

adminholder

Analytics Events

CREDENTIAL_HOLDER_CA_CERTIFICATE_UPDATE_STARTCREDENTIAL_HOLDER_CA_CERTIFICATE_UPDATE_SUCCESSCREDENTIAL_HOLDER_CA_CERTIFICATE_UPDATE_FAIL
PUT/v1/holder/certificates/ca/{certificateId}

Updates a holder root CA certificate. The only mutable field is active.

Setting active: true deactivates all other roots for the tenant (single-active constraint).

Analytic events

  • CREDENTIAL_HOLDER_CA_CERTIFICATE_UPDATE_START
  • CREDENTIAL_HOLDER_CA_CERTIFICATE_UPDATE_SUCCESS
  • CREDENTIAL_HOLDER_CA_CERTIFICATE_UPDATE_FAIL

Authorization

bearerAuth
AuthorizationBearer <token>

In: header

Path Parameters

certificateId*string

Unique identifier of the holder root CA certificate.

Formatuuid

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

active*boolean

Whether the holder root CA certificate is active. Setting true deactivates all other roots for the tenant (single-active constraint).

Response Body

application/json

application/json

application/json

curl -X PUT "https://example.vii.au01.mattr.global/v1/holder/certificates/ca/281d20b3-42a3-40dd-b29a-115ff32b02b7" \  -H "Content-Type: application/json" \  -d '{    "active": true  }'
{
  "id": "281d20b3-42a3-40dd-b29a-115ff32b02b7",
  "active": true,
  "certificatePem": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAL5...\n-----END CERTIFICATE-----",
  "certificateFingerprint": "a3b2c1d4e5f67890a1b2c3d4e5f67890a1b2c3d4e5f67890a1b2c3d4e5f67890",
  "certificateData": {
    "commonName": "Example Tenant Wallet Attestation Root",
    "country": "NZ",
    "notBefore": "2026-04-06T00:00:00.000Z",
    "notAfter": "2036-04-06T00:00:00.000Z"
  },
  "isManaged": true
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

How would you rate this page?

Retrieve a holder root CA certificate GET

Retrieves a holder root CA certificate by ID. ### **Analytic events** * CREDENTIAL_HOLDER_CA_CERTIFICATE_RETRIEVE_START * CREDENTIAL_HOLDER_CA_CERTIFICATE_RETRIEVE_SUCCESS * CREDENTIAL_HOLDER_CA_CERTIFICATE_RETRIEVE_FAIL

Delete a holder root CA certificate DELETE

Deletes a holder root CA certificate and cascade-deletes all associated signer certificates. For managed roots and signers, MATTR VII also removes the private key material it was holding on the customer's behalf. Deletion does not invalidate any wallet attestation JWTs that were issued under this root. Those JWTs remain cryptographically valid until their natural expiry — verifiers that have already cached the signer's public key may continue to accept them. CRL-based revocation of issued attestations is not supported in this release. ### **Analytic events** * CREDENTIAL_HOLDER_CA_CERTIFICATE_DELETE_START * CREDENTIAL_HOLDER_CA_CERTIFICATE_DELETE_SUCCESS * CREDENTIAL_HOLDER_CA_CERTIFICATE_DELETE_FAIL