light-mode-image
Learn
Digital trust serviceCertificatesAPI Reference

IACA

Create an IACA

Create an IACA

Creates a new IACA that can be used to sign certificates for Document and Status List signers.

  • IACAs are always created as inactive. You must manually update the IACA to active: true before it can be used to sign mDocs.
  • A maximum of three IACAs can be created per tenant.

Analytic events

  • MOBILE_CREDENTIAL_IACA_CREATE_START
  • MOBILE_CREDENTIAL_IACA_CREATE_SUCCESS
  • MOBILE_CREDENTIAL_IACA_CREATE_FAIL
POST/v2/credentials/mobile/iacas

Authorization

AuthorizationBearer <token>

In: header

Request Body

commonName?string

This optional parameter indicates the common name of the IACA certificate. When specified, the value must be a valid PrintableString and cannot be an empty string. If not provided and a custom domain is configured and verified, the custom domain is used followed by the word IACA. If no custom domain is configured, the tenant subdomain is used instead.

Default"{tenantDomain} IACA"
country?string

This optional parameter indicates the issuer country. If not provided, a country is selected based on the region of the tenant subdomain cloud host. When specified, the value must be a valid Alpha 2 country code as per ISO 3166-1.

notBefore?string

This optional parameter is used to set the date and time when the IACA becomes valid and can be used to sign mDocs. This can be used alongside the active field to support IACA rotation by creating inactive IACAs and distributing them to relying parties in advance. * Must not be in the past. * Must be before notAfter.

notAfter?string

This optional parameter is used to set the date and time when the IACA expires. - If not provided, calculated as notBefore + 10 years. - If not provided and notBefore is not provided, calculated as time of creation + 10 years. - Maximum value is 20 years from creation. - Must be after notBefore, if provided.

stateOrProvinceName?string

This optional parameter indicates the issuer state or province. When specified, the value must be uppercase and a valid state/province code as per ISO 3166-2.

certificatePem?string

IACA certificate in PEM format. The certificate must be valid and not expired.

curl -X POST "https://example.vii.au01.mattr.global/v2/credentials/mobile/iacas" \  -H "Content-Type: application/json" \  -d '{}'
{
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "active": true,
  "certificatePem": "-----BEGIN CERTIFICATE-----\r\nMIICDjCCAbSgAwIBAgIKdeZsA5NPKimuAzAKBggqhkjOPQQDAjAiMSAwCQYDVQQG\r\nEwJOWjATBgNVBAMTDEV4YW1wbGUgSUFDQTAeFw0yMzA5MTEyMzM0MjJaFw0zMzA5\r\nMDgyMzM0MjJaMCIxIDAJBgNVBAYTAk5aMBMGA1UEAxMMRXhhbXBsZSBJQUNBMFkw\r\nEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBbK7JKKFMWuu8kHQK2qaML+MQ0Ykk3Qg\r\n/p3TC6lQKvYJozPSpLXbJQIzMPq9u/dG+j4vq1iX/G/jFIwfiEiKEqOB0TCBzjAS\r\nBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQU9zTh\r\nKsqFxAgRJDDGW1au+ewJK6owHgYDVR0SBBcwFYYTaHR0cHM6Ly9leGFtcGxlLmNv\r\nbTBpBgNVHR8EYjBgMF6gXKBahlhodHRwczovL2V4YW1wbGUuY29tL3YyL2NyZWRl\r\nbnRpYWxzL21vYmlsZS9pYWNhcy8yZTg5YzE1Ni0zMWQ1LTQ3ODMtYmQ1OS05MDU1\r\nYjVmOGU3ZDIvY3JsMAoGCCqGSM49BAMCA0gAMEUCIQDD+eU8iOsYYC0v41L94fhF\r\nZ0brPo4gx2aRxrhE3NLFpwIgIgHCPBXJ+JICJg3K7dEsr153So4SEZzAA1rRn4eF\r\nvkM=\r\n-----END CERTIFICATE-----\r\n",
  "certificateData": {
    "notAfter": "2034-09-26",
    "notBefore": "2023-09-26",
    "country": "US",
    "commonName": "{tenant-subdomain}.vii.mattr.global IACA",
    "stateOrProvinceName": "US-AL"
  },
  "certificateFingerprint": "3c06145a53e6c252091a71540f870d4d521dede9f176a681a74e38ddc47bb311",
  "isManaged": true
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Retrieve all IACAs

Retrieve all IACAs

Retrieves all existing IACAs from the tenant.

Analytic events

  • MOBILE_CREDENTIAL_IACA_RETRIEVE_LIST_START
  • MOBILE_CREDENTIAL_IACA_RETRIEVE_LIST_SUCCESS
  • MOBILE_CREDENTIAL_IACA_RETRIEVE_LIST_FAIL
GET/v2/credentials/mobile/iacas

Authorization

AuthorizationBearer <token>

In: header

curl -X GET "https://example.vii.au01.mattr.global/v2/credentials/mobile/iacas"
{
  "data": [
    {
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "active": true,
      "certificatePem": "-----BEGIN CERTIFICATE-----\r\nMIICDjCCAbSgAwIBAgIKdeZsA5NPKimuAzAKBggqhkjOPQQDAjAiMSAwCQYDVQQG\r\nEwJOWjATBgNVBAMTDEV4YW1wbGUgSUFDQTAeFw0yMzA5MTEyMzM0MjJaFw0zMzA5\r\nMDgyMzM0MjJaMCIxIDAJBgNVBAYTAk5aMBMGA1UEAxMMRXhhbXBsZSBJQUNBMFkw\r\nEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBbK7JKKFMWuu8kHQK2qaML+MQ0Ykk3Qg\r\n/p3TC6lQKvYJozPSpLXbJQIzMPq9u/dG+j4vq1iX/G/jFIwfiEiKEqOB0TCBzjAS\r\nBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQU9zTh\r\nKsqFxAgRJDDGW1au+ewJK6owHgYDVR0SBBcwFYYTaHR0cHM6Ly9leGFtcGxlLmNv\r\nbTBpBgNVHR8EYjBgMF6gXKBahlhodHRwczovL2V4YW1wbGUuY29tL3YyL2NyZWRl\r\nbnRpYWxzL21vYmlsZS9pYWNhcy8yZTg5YzE1Ni0zMWQ1LTQ3ODMtYmQ1OS05MDU1\r\nYjVmOGU3ZDIvY3JsMAoGCCqGSM49BAMCA0gAMEUCIQDD+eU8iOsYYC0v41L94fhF\r\nZ0brPo4gx2aRxrhE3NLFpwIgIgHCPBXJ+JICJg3K7dEsr153So4SEZzAA1rRn4eF\r\nvkM=\r\n-----END CERTIFICATE-----\r\n",
      "certificateData": {
        "notAfter": "2034-09-26",
        "notBefore": "2023-09-26",
        "country": "US",
        "commonName": "{tenant-subdomain}.vii.mattr.global IACA",
        "stateOrProvinceName": "US-AL"
      },
      "certificateFingerprint": "3c06145a53e6c252091a71540f870d4d521dede9f176a681a74e38ddc47bb311",
      "isManaged": true
    }
  ],
  "nextCursor": "string"
}

Retrieve an IACA

Retrieve an IACA

Retrieves an existing IACA by providing its ID.

Analytic events

  • MOBILE_CREDENTIAL_IACA_RETRIEVE_START
  • MOBILE_CREDENTIAL_IACA_RETRIEVE_SUCCESS
  • MOBILE_CREDENTIAL_IACA_RETRIEVE_FAIL
GET/v2/credentials/mobile/iacas/{iacaId}

Authorization

AuthorizationBearer <token>

In: header

Path Parameters

iacaIdstring

IACA ID

Formatuuid
curl -X GET "https://example.vii.au01.mattr.global/v2/credentials/mobile/iacas/497f6eca-6276-4993-bfeb-53cbbbba6f08"
{
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "active": true,
  "certificatePem": "-----BEGIN CERTIFICATE-----\r\nMIICDjCCAbSgAwIBAgIKdeZsA5NPKimuAzAKBggqhkjOPQQDAjAiMSAwCQYDVQQG\r\nEwJOWjATBgNVBAMTDEV4YW1wbGUgSUFDQTAeFw0yMzA5MTEyMzM0MjJaFw0zMzA5\r\nMDgyMzM0MjJaMCIxIDAJBgNVBAYTAk5aMBMGA1UEAxMMRXhhbXBsZSBJQUNBMFkw\r\nEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBbK7JKKFMWuu8kHQK2qaML+MQ0Ykk3Qg\r\n/p3TC6lQKvYJozPSpLXbJQIzMPq9u/dG+j4vq1iX/G/jFIwfiEiKEqOB0TCBzjAS\r\nBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQU9zTh\r\nKsqFxAgRJDDGW1au+ewJK6owHgYDVR0SBBcwFYYTaHR0cHM6Ly9leGFtcGxlLmNv\r\nbTBpBgNVHR8EYjBgMF6gXKBahlhodHRwczovL2V4YW1wbGUuY29tL3YyL2NyZWRl\r\nbnRpYWxzL21vYmlsZS9pYWNhcy8yZTg5YzE1Ni0zMWQ1LTQ3ODMtYmQ1OS05MDU1\r\nYjVmOGU3ZDIvY3JsMAoGCCqGSM49BAMCA0gAMEUCIQDD+eU8iOsYYC0v41L94fhF\r\nZ0brPo4gx2aRxrhE3NLFpwIgIgHCPBXJ+JICJg3K7dEsr153So4SEZzAA1rRn4eF\r\nvkM=\r\n-----END CERTIFICATE-----\r\n",
  "certificateData": {
    "notAfter": "2034-09-26",
    "notBefore": "2023-09-26",
    "country": "US",
    "commonName": "{tenant-subdomain}.vii.mattr.global IACA",
    "stateOrProvinceName": "US-AL"
  },
  "certificateFingerprint": "3c06145a53e6c252091a71540f870d4d521dede9f176a681a74e38ddc47bb311",
  "isManaged": true
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Update an IACA

Update an IACA

Update the status of an IACA. Only active IACAs can be used for signing mDocs.

Creating an IACA with active set to false enables distributing the IACA's PEM to relying parties in advance, before it is being used to sign any mDocs.

Analytic events

  • MOBILE_CREDENTIAL_IACA_UPDATE_START
  • MOBILE_CREDENTIAL_IACA_UPDATE_SUCCESS
  • MOBILE_CREDENTIAL_IACA_UPDATE_FAIL
PUT/v2/credentials/mobile/iacas/{iacaId}

Authorization

AuthorizationBearer <token>

In: header

Path Parameters

iacaIdstring

IACA ID

Formatuuid

Request Body

activeboolean

Indicates whether the IACA is active or not. Only active IACAs can be used to sign mDocs.

curl -X PUT "https://example.vii.au01.mattr.global/v2/credentials/mobile/iacas/497f6eca-6276-4993-bfeb-53cbbbba6f08" \  -H "Content-Type: application/json" \  -d '{    "active": false  }'
{
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "active": true,
  "certificatePem": "-----BEGIN CERTIFICATE-----\r\nMIICDjCCAbSgAwIBAgIKdeZsA5NPKimuAzAKBggqhkjOPQQDAjAiMSAwCQYDVQQG\r\nEwJOWjATBgNVBAMTDEV4YW1wbGUgSUFDQTAeFw0yMzA5MTEyMzM0MjJaFw0zMzA5\r\nMDgyMzM0MjJaMCIxIDAJBgNVBAYTAk5aMBMGA1UEAxMMRXhhbXBsZSBJQUNBMFkw\r\nEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBbK7JKKFMWuu8kHQK2qaML+MQ0Ykk3Qg\r\n/p3TC6lQKvYJozPSpLXbJQIzMPq9u/dG+j4vq1iX/G/jFIwfiEiKEqOB0TCBzjAS\r\nBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQU9zTh\r\nKsqFxAgRJDDGW1au+ewJK6owHgYDVR0SBBcwFYYTaHR0cHM6Ly9leGFtcGxlLmNv\r\nbTBpBgNVHR8EYjBgMF6gXKBahlhodHRwczovL2V4YW1wbGUuY29tL3YyL2NyZWRl\r\nbnRpYWxzL21vYmlsZS9pYWNhcy8yZTg5YzE1Ni0zMWQ1LTQ3ODMtYmQ1OS05MDU1\r\nYjVmOGU3ZDIvY3JsMAoGCCqGSM49BAMCA0gAMEUCIQDD+eU8iOsYYC0v41L94fhF\r\nZ0brPo4gx2aRxrhE3NLFpwIgIgHCPBXJ+JICJg3K7dEsr153So4SEZzAA1rRn4eF\r\nvkM=\r\n-----END CERTIFICATE-----\r\n",
  "certificateData": {
    "notAfter": "2034-09-26",
    "notBefore": "2023-09-26",
    "country": "US",
    "commonName": "{tenant-subdomain}.vii.mattr.global IACA",
    "stateOrProvinceName": "US-AL"
  },
  "certificateFingerprint": "3c06145a53e6c252091a71540f870d4d521dede9f176a681a74e38ddc47bb311",
  "isManaged": true
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Delete an IACA

Delete an IACA

Deletes an existing IACA by providing its ID.

Analytic events

  • MOBILE_CREDENTIAL_IACA_DELETE_START
  • MOBILE_CREDENTIAL_IACA_DELETE_LIST_SUCCESS
  • MOBILE_CREDENTIAL_IACA_DELETE_LIST_FAIL
DELETE/v2/credentials/mobile/iacas/{iacaId}

Authorization

AuthorizationBearer <token>

In: header

Path Parameters

iacaIdstring

IACA ID

Formatuuid
curl -X DELETE "https://example.vii.au01.mattr.global/v2/credentials/mobile/iacas/497f6eca-6276-4993-bfeb-53cbbbba6f08"
Empty
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

How would you rate this page?

On this page

Create an IACARetrieve all IACAsRetrieve an IACAUpdate an IACADelete an IACA