light-mode-image
Learn
MATTR VII PlatformIACA

Create an IACA

Creates a new IACA that can be used to sign certificates for Document and Status List signers.

  • IACAs are always created as inactive. You must manually update the IACA to active: true before it can be used to sign mDocs.
  • A maximum of three IACAs can be created per tenant.

Analytics Events

MOBILE_CREDENTIAL_IACA_CREATE_STARTMOBILE_CREDENTIAL_IACA_CREATE_SUCCESSMOBILE_CREDENTIAL_IACA_CREATE_FAIL

Roles

adminissuer
POST/v2/credentials/mobile/iacas
AuthorizationBearer <token>

In: header

commonName?string

This optional parameter indicates the common name of the IACA certificate. When specified, the value must be a valid PrintableString and cannot be an empty string. If not provided and a custom domain is configured and verified, the custom domain is used followed by the word IACA. If no custom domain is configured, the tenant subdomain is used instead.

Default"{tenantDomain} IACA"
country?string

This optional parameter indicates the issuer country. If not provided, a country is selected based on the region of the tenant subdomain cloud host. When specified, the value must be a valid Alpha 2 country code as per ISO 3166-1.

notBefore?string

This optional parameter is used to set the date and time when the IACA becomes valid and can be used to sign mDocs. This can be used alongside the active field to support IACA rotation by creating inactive IACAs and distributing them to relying parties in advance. * Must not be in the past. * Must be before notAfter.

notAfter?string

This optional parameter is used to set the date and time when the IACA expires. - If not provided, calculated as notBefore + 10 years. - If not provided and notBefore is not provided, calculated as time of creation + 10 years. - Maximum value is 20 years from creation. - Must be after notBefore, if provided.

stateOrProvinceName?string

This optional parameter indicates the issuer state or province. When specified, the value must be uppercase and a valid state/province code as per ISO 3166-2.

certificatePem?string

IACA certificate in PEM format. The certificate must be valid and not expired.

Response Body

curl -X POST "https://example.vii.au01.mattr.global/v2/credentials/mobile/iacas" \  -H "Content-Type: application/json" \  -d '{}'
{
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "active": true,
  "certificatePem": "-----BEGIN CERTIFICATE-----\r\nMIICDjCCAbSgAwIBAgIKdeZsA5NPKimuAzAKBggqhkjOPQQDAjAiMSAwCQYDVQQG\r\nEwJOWjATBgNVBAMTDEV4YW1wbGUgSUFDQTAeFw0yMzA5MTEyMzM0MjJaFw0zMzA5\r\nMDgyMzM0MjJaMCIxIDAJBgNVBAYTAk5aMBMGA1UEAxMMRXhhbXBsZSBJQUNBMFkw\r\nEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBbK7JKKFMWuu8kHQK2qaML+MQ0Ykk3Qg\r\n/p3TC6lQKvYJozPSpLXbJQIzMPq9u/dG+j4vq1iX/G/jFIwfiEiKEqOB0TCBzjAS\r\nBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQU9zTh\r\nKsqFxAgRJDDGW1au+ewJK6owHgYDVR0SBBcwFYYTaHR0cHM6Ly9leGFtcGxlLmNv\r\nbTBpBgNVHR8EYjBgMF6gXKBahlhodHRwczovL2V4YW1wbGUuY29tL3YyL2NyZWRl\r\nbnRpYWxzL21vYmlsZS9pYWNhcy8yZTg5YzE1Ni0zMWQ1LTQ3ODMtYmQ1OS05MDU1\r\nYjVmOGU3ZDIvY3JsMAoGCCqGSM49BAMCA0gAMEUCIQDD+eU8iOsYYC0v41L94fhF\r\nZ0brPo4gx2aRxrhE3NLFpwIgIgHCPBXJ+JICJg3K7dEsr153So4SEZzAA1rRn4eF\r\nvkM=\r\n-----END CERTIFICATE-----\r\n",
  "certificateData": {
    "notAfter": "2034-09-26",
    "notBefore": "2023-09-26",
    "country": "US",
    "commonName": "{tenant-subdomain}.vii.mattr.global IACA",
    "stateOrProvinceName": "US-AL"
  },
  "certificateFingerprint": "3c06145a53e6c252091a71540f870d4d521dede9f176a681a74e38ddc47bb311",
  "isManaged": true
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

How would you rate this page?