MATTR Learn

Authorization

bearerAuth

AuthorizationBearer <token>

In: header

Request Body

application/json

Create a User

claims?object

User claims to be persisted. No claims are persisted by default. Consider PII implications before persisting any claims.

authenticationProvider?

Authentication Provider information for the user. This enables linking the user to an external identity provider. If implemented insecurely, this process can be exploited by malicious actors to gain unauthorized access to legitimate user accounts.

To mitigate this risk, require authentication for both accounts involved in the link, whether the link is created manually or automatically. Always prompt the user to enter credentials to verify ownership before establishing the link.

Response Body

`application/json`

curl -X POST "https://example.vii.au01.mattr.global/v1/users" \  -H "Content-Type: application/json" \  -d '{}'

{
  "id": "0c3fad74-a8df-4a2d-8e75-f2d356b413ba",
  "claims": {
    "externalUserId": "0c3fad74-a8df-4a2d-8e75-f2d356b413ba"
  },
  "authenticationProvider": {
    "providerId": "41458e5a-9092-40b7-9a26-d4eb43c5792f",
    "url": "https://example-university.au.auth0.com",
    "subjectId": "example-university-oauth2|123456789"
  }
}

{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Retrieve all Users

GET/v1/users

Authorization

bearerAuth

AuthorizationBearer <token>

In: header

Query Parameters

limit?number

Range size of returned list.

Default100

Range1 <= value <= 1000

cursor?string

Starting point for the list of entries.

Response Body

`application/json`

curl -X GET "https://example.vii.au01.mattr.global/v1/users"

{
  "nextCursor": "Y3JlYXRlZEF0PTIwMjAtMDgtMjVUMDY6NDY6MDkuNTEwWiZpZD1hNjZmZmVhNS04NDhlLTQzOWQtODBhNC1kZGE1NWY1M2UzNmM",
  "data": [
    {
      "id": "0c3fad74-a8df-4a2d-8e75-f2d356b413ba",
      "claims": {
        "externalUserId": "0c3fad74-a8df-4a2d-8e75-f2d356b413ba"
      },
      "authenticationProvider": {
        "providerId": "41458e5a-9092-40b7-9a26-d4eb43c5792f",
        "url": "https://example-university.au.auth0.com",
        "subjectId": "example-university-oauth2|123456789"
      }
    }
  ]
}

{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Retrieve a User

GET/v1/users/{id}

Authorization

bearerAuth

AuthorizationBearer <token>

In: header

Path Parameters

id*string

User ID

Formatuuid

Response Body

`application/json`

curl -X GET "https://example.vii.au01.mattr.global/v1/users/8241400f-de3b-42c5-ad7c-8a380039e796"

{
  "id": "0c3fad74-a8df-4a2d-8e75-f2d356b413ba",
  "claims": {
    "externalUserId": "0c3fad74-a8df-4a2d-8e75-f2d356b413ba"
  },
  "authenticationProvider": {
    "providerId": "41458e5a-9092-40b7-9a26-d4eb43c5792f",
    "url": "https://example-university.au.auth0.com",
    "subjectId": "example-university-oauth2|123456789"
  }
}

{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Update a User

PUT/v1/users/{id}

Authorization

bearerAuth

AuthorizationBearer <token>

In: header

Path Parameters

id*string

User ID

Formatuuid

Request Body

application/json

Update a User

claims?object

User claims to be persisted. No claims are persisted by default. Consider PII implications before persisting any claims.

authenticationProvider?

Response Body

`application/json`

curl -X PUT "https://example.vii.au01.mattr.global/v1/users/8241400f-de3b-42c5-ad7c-8a380039e796" \  -H "Content-Type: application/json" \  -d '{}'

{
  "id": "0c3fad74-a8df-4a2d-8e75-f2d356b413ba",
  "claims": {
    "externalUserId": "0c3fad74-a8df-4a2d-8e75-f2d356b413ba"
  },
  "authenticationProvider": {
    "providerId": "41458e5a-9092-40b7-9a26-d4eb43c5792f",
    "url": "https://example-university.au.auth0.com",
    "subjectId": "example-university-oauth2|123456789"
  }
}

{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Delete a User

DELETE/v1/users/{id}

Authorization

bearerAuth

AuthorizationBearer <token>

In: header

Path Parameters

id*string

User ID

Formatuuid

Response Body

`application/json`

curl -X DELETE "https://example.vii.au01.mattr.global/v1/users/8241400f-de3b-42c5-ad7c-8a380039e796"

Empty

{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Search Users

POST/v1/users/search

Authorization

bearerAuth

AuthorizationBearer <token>

In: header

Request Body

application/json

The search criteria

claims?object

Filter users by claims. Nested objects are supported. Text values must be an exact match.

authenticationProvider?

Filter users by their unique identifier in the configured Authentication Provider.

limit?number

Range size of returned entries, default 100

Range1 <= value <= 1000

cursor?string

Starting point for the range of entries

Response Body

`application/json`

curl -X POST "https://example.vii.au01.mattr.global/v1/users/search" \  -H "Content-Type: application/json" \  -d '{}'

{
  "nextCursor": "Y3JlYXRlZEF0PTIwMjAtMDgtMjVUMDY6NDY6MDkuNTEwWiZpZD1hNjZmZmVhNS04NDhlLTQzOWQtODBhNC1kZGE1NWY1M2UzNmM",
  "data": [
    {
      "id": "0c3fad74-a8df-4a2d-8e75-f2d356b413ba",
      "claims": {
        "externalUserId": "0c3fad74-a8df-4a2d-8e75-f2d356b413ba"
      },
      "authenticationProvider": {
        "providerId": "41458e5a-9092-40b7-9a26-d4eb43c5792f",
        "url": "https://example-university.au.auth0.com",
        "subjectId": "example-university-oauth2|123456789"
      }
    }
  ]
}

{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Retrieve User credentials Data

GET/v1/users/{userId}/credentials

Authorization

bearerAuth

AuthorizationBearer <token>

In: header

Path Parameters

userId*string

User ID

Formatuuid

Query Parameters

limit?number

Range size of returned list.

Default100

Range1 <= value <= 1000

cursor?string

Starting point for the list of entries.

Response Body

`application/json`

curl -X GET "https://example.vii.au01.mattr.global/v1/users/41458e5a-9092-40b7-9a26-d4eb43c5792f/credentials"

{
  "data": [
    {
      "id": "552b35fe-a3ed-4c33-8c3c-64810c712323",
      "type": "org.iso.18013.5.1.mDL",
      "profile": "mobile",
      "offerId": "b0877ef9-deaf-4c88-8765-2b5aad2913d9",
      "sessionId": "4da5bce7-39d0-482e-8972-c674c688e01a",
      "credentialConfigurationId": "3948c40e-6e19-4ffc-933c-91f643f24264",
      "devicePublicKey": {
        "kty": "EC",
        "crv": "P-256",
        "x": "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo"
      },
      "namespaces": {
        "org.iso.18013.5.1": {
          "given_name": {
            "digestID": 0,
            "digest": "8GWbUyIRA2xATs5ILEa0fVZF1QQt4JL5gG2aCtVsazU"
          },
          "family_name": {
            "digestID": 1,
            "digest": "R4jk/m0wX9KhENp7DVPr9AM7Hz+CJoEJNKJRQo92FCI"
          }
        }
      },
      "msoHash": "OsPO++ARsvvJYswmuzN8E3rxN+jAkbWbxhqVIOfM1Go",
      "issuedDate": "2025-06-28T12:34:56.000Z",
      "validFrom": "2025-06-30T12:00:00.000Z",
      "validUntil": "2025-07-30T12:00:00.000Z",
      "status": "valid"
    }
  ],
  "nextCursor": "Y3JlYXRlZEF0PTIwMjAtMDgtMjVUMDY6NDY6MDkuNTEwWiZpZD1hNjZmZmVhNS04NDhlLTQzOWQtODBhNC1kZGE1NWY1M2UzNmM"
}

{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

API Reference

201application/json

400application/json

200application/json

400application/json

200application/json

400application/json

404application/json

200application/json

400application/json

404application/json

204

400application/json

404application/json

200application/json

400application/json

200application/json

400application/json

On this page

`application/json`

`application/json`

`application/json`

`application/json`

`application/json`

`application/json`

`application/json`

`application/json`

`application/json`

`application/json`

`application/json`

`application/json`

`application/json`

`application/json`

`application/json`

`application/json`