light-mode-image
Learn
API ReferenceWallet attestation signers

Create a wallet attestation signer

Roles

adminholder

Analytics Events

CREDENTIAL_HOLDER_WALLET_ATTESTATION_SIGNER_CERTIFICATE_CREATE_STARTCREDENTIAL_HOLDER_WALLET_ATTESTATION_SIGNER_CERTIFICATE_CREATE_SUCCESSCREDENTIAL_HOLDER_WALLET_ATTESTATION_SIGNER_CERTIFICATE_CREATE_FAIL
POST/v1/holder/certificates/wallet-attestation-signers

Creates a wallet attestation signer for an unmanaged root CA and returns its Certificate Signing Request (CSR).

This endpoint is only available for unmanaged roots — managed root signers are auto-provisioned on demand during the first wallet attestation request and never need to be created explicitly.

The returned signer is created with active: false; use the CSR to obtain a signed certificate externally and upload it via PUT /v1/holder/certificates/wallet-attestation-signers/{certificateId} to activate the signer.

A maximum of five wallet attestation signers can be created per root.

Analytic events

  • CREDENTIAL_HOLDER_WALLET_ATTESTATION_SIGNER_CERTIFICATE_CREATE_START
  • CREDENTIAL_HOLDER_WALLET_ATTESTATION_SIGNER_CERTIFICATE_CREATE_SUCCESS
  • CREDENTIAL_HOLDER_WALLET_ATTESTATION_SIGNER_CERTIFICATE_CREATE_FAIL

Authorization

bearerAuth
AuthorizationBearer <token>

In: header

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

application/json

application/json

application/json

curl -X POST "https://example.vii.au01.mattr.global/v1/holder/certificates/wallet-attestation-signers" \  -H "Content-Type: application/json" \  -d '{    "caId": "281d20b3-42a3-40dd-b29a-115ff32b02b7"  }'
{
  "id": "782f1885-c7c2-4459-8426-b6d7c111b0b1",
  "caId": "281d20b3-42a3-40dd-b29a-115ff32b02b7",
  "csrPem": "-----BEGIN CERTIFICATE REQUEST-----\nMIIC5zCCAc8CAQAwgaExC...\n-----END CERTIFICATE REQUEST-----",
  "active": false
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}
Empty

How would you rate this page?

Retrieve a holder root CA certificate revocation list GET

Retrieves the Certificate Revocation List (CRL) for a managed holder root CA certificate, as a DER-encoded binary document. This endpoint is only available for managed roots — for unmanaged roots it returns `404 NoCertificateRevocationList`.

Retrieve all wallet attestation signers GET

Retrieves all wallet attestation signers for the tenant across all roots. The response may contain a mix of: - CSR-pending signers (unmanaged, certificate not yet uploaded) - Active signers (managed or unmanaged with an uploaded certificate) ### **Analytic events** * CREDENTIAL_HOLDER_WALLET_ATTESTATION_SIGNER_CERTIFICATE_RETRIEVE_LIST_START * CREDENTIAL_HOLDER_WALLET_ATTESTATION_SIGNER_CERTIFICATE_RETRIEVE_LIST_SUCCESS * CREDENTIAL_HOLDER_WALLET_ATTESTATION_SIGNER_CERTIFICATE_RETRIEVE_LIST_FAIL