light-mode-image
Learn
API ReferenceMessaging

Sign a message

Roles

adminissuermanaged-issuer

Analytics Events

MESSAGING_SIGN_STARTMESSAGING_SIGN_SUCCESSMESSAGING_SIGN_FAIL
POST/v1/messaging/sign

Accepts a message payload and signs it with a JWS (JSON Web Signature) using the a specific key from the DID (Decentralized Identifier) provided in the request.

Analytic events

  • MESSAGING_SIGN_START
  • MESSAGING_SIGN_SUCCESS
  • MESSAGING_SIGN_FAIL

Authorization

bearerAuth
AuthorizationBearer <token>

In: header

Request Body

application/json

Sign message request

Response Body

application/json

application/json

curl -X POST "https://example.vii.au01.mattr.global/v1/messaging/sign" \  -H "Content-Type: application/json" \  -d '{    "didUrl": "did:web:organization.com#2vcj3MjR4d",    "payload": {      "msg": "this is a message"    }  }'
"eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa21mazNtMldIQlVxVm94SlZ3R1NQejVrYmFKNnpBMXRwN1JRWUJiUUdtczNoI3o2TWttZmszbTJXSEJVcVZveEpWd0dTUHo1a2JhSjZ6QTF0cDdSUVlCYlFHbXMzaCJ9.eyJtc2ciOiJUaGlzIGlzIGEgcGF5bG9hZCJ9.5E9qEmmSOMHLABAr4A9VzuNKFaO4EDo2GSCMoxQm9zsE7eCmEEuaAxtNhOUdd-Wvj64vqBBVl84XB1Yg7X9wBg"
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

How would you rate this page?

Create credential report POST

Creates a report of credential lifecycle operations (issuance and status changes). Only CWT and mDoc credentials are included in the report.

Verify a message POST

Verifies the signature of a provided JWS (JSON Web Signature), validating that the payload has not been tampered with and verifying that the kid in the JWS header is the same as the `iss` value in the Request Object. One use case for verifying a JWS with a DID is when the Mobile Wallet App sends a Request Object to an OpenID Provider as part of the Authorization Code Flow (as per https://openid.net/specs/openid-connect-core-1_0-final.html#RequestObject). The Request Object is wrapped in a JWS with a signature that is generated from the Subject DID on the mobile app. Therefore verifying the JWS proves that the mobile app has access to the private key of the Subject DID. ### **Analytic events** * MESSAGING_VERIFY_START * MESSAGING_VERIFY_SUCCESS * MESSAGING_VERIFY_FAIL