MATTR Portal
Overview
The MATTR Portal is built on top of MATTR VII Platform and Management APIs and provides an easy-to-use interface to effectively manage and oversee tenant management and configuration.
Not all features available via the MATTR VII Platform and Management APIs are currently supported in the Portal. Refer to the Capabilities section below for a list of supported functionalities.
Getting Started
Creating a tenant
Every action in the Portal happens within the context of a specific tenant. Tenants represent distinct instances of MATTR VII, each with its own configuration, credentials, and governance. When you sign in to the Portal, you can easily switch between all the tenants you have access to, enabling streamlined oversight without compromising clarity or security.
- Log into the MATTR Portal.
- Select the Create/switch tenant button on the top-right side of the screen.
The All tenants panel is displayed, listing any existing tenants. - Select the Create new button.
The New tenant form is displayed. - Use the Region dropdown list to select the region your tenant will be hosted in.
- Use the Tenant subdomain text box to insert a subdomain for your tenant (e.g.
my-first-tenant
). - Use the Tenant name text box to insert a meaningful and friendly name for your tenant (e.g. My first tenant).
- Select the Create button to create the new tenant.
- Copy the displayed tenant information (
audience
,auth_url
,tenant_url
,client_id
andclient_secret
) which is required for the next step.
The client_secret
is only displayed immediately after the client is created.
Once you navigate away from this screen, the client secret will be masked and
cannot be retrieved again. Ensure you save it securely at this point.
Interacting with the tenant
You can interact with your tenant and use MATTR VII capabilities either using the MATTR Portal or via direct API calls. The Portal provides a user-friendly interface for managing your tenant, while the APIs allow for programmatic access to MATTR VII capabilities.
You can use the Portal's various features and functionalities to interact with your tenant and use MATTR VII capabilities:
- Every action in the portal is within the context of a specific tenant. This means that all configurations, settings and data you manage are associated with the selected tenant.
- Use the drop-down list in the top-left corner to switch between tenants.
- Use the navigation panel on the left-hand side to access different functionalities.
Capabilities
The Portal currently supports the following functionalities:
- Platform management: Manage your MATTR VII tenants:
- Tenant management: Create, view and delete tenants. This capability is based on the Management APIs.
- Users, clients & roles: Manage users and clients for your tenants. These capabilities are based on the Clients and Members endpoints in the Management API.
- Custom domain: Configure a Custom domain for the selected tenant. This capability is based on configuring a Custom domain using an API request and verifying the Custom domain using an API request.
- Monitoring: Query and inspect analytic events in your environment. This capability is based on the Analytic APIs.
- Webhooks: Create a Webhook to subscribe to events. Available options are similar to those described for creating a Webhook using an API request.
- DIDs: View Decentralized Identifiers (DIDs) available on your tenant. This includes any did:key and/or did:web available on your tenant. Note that you cannot use the SSP to create DIDs.
- Certificates: Manage IACAs, DTS CA and Verifier root CA certificates on your tenant.
- Digital Trust Service: Manage your DTS:
- Create and manage participants.
- Create and manage credential types.
- Publish the DTS' policy and control auto-publishing capabilities.
- Credential issuance: Manage OID4VCI workflow components and
configuration:
- Authentication provider: Configure and edit an authentication provider to be used during credential issuance flows. Available options are similar to those described for configuring an Authentication provider using an API request.
- Interaction hook: Configure an interaction hook to redirect a user to a custom component during the credential issuance journey. Available options are similar to those described for configuring an Interaction hook using an API request.
- Claims sources: Configure and edit claims sources to fetch claims from an external endpoint and use them when issuing credentials. Available options are similar to those described for configuring a Claims source using an API request.
- Credential configurations: Create mDocs, CWT, Semantic CWT and JSON credentials configurations. Available options are similar to those described for creating a Credential configuration using an API request.
- Credential offer: Create a credential offer by specifying credential configurations and request parameters. This capability is based on creating a Credential offer using an API request, with some additional capabilities to share the offer with the intended holder.
- Credential verification: Configure
mDocs online verification workflows:
- Trusted issuers: Configure and manage mDocs issuers that can be trusted when verifying mDocs presented online. Available options are similar to those described for creating a trusted issuer using an API request.
- Supported wallets: Configure and manage digital wallet applications that can present mDocs online for verification, and how to interact with these wallets. Available options are similar to those described for creating a wallet provider using an API request.
- Applications: Configure and manage applications that can create mDocs online verification sessions, and how to interact with these applications. Available options are similar to those described for creating a verifier application using an API request.
Roles and permissions
The Portal is designed to be used by different roles within an organization. The MATTR Portal UI is aligned with the user's role and the permissions assigned to them. This means that users will only see the features and functionalities that are relevant to their role.
-
When you create a tenant, you are automatically assigned an
admin
role for that tenant. This role grants you full access to manage all aspects of the tenant. -
If you are invited to manage a tenant created by someone else, your assigned role may differ. This means you might have access to a limited set of features based on your permissions.
For more details on on available roles and associated permissions, refer to the Access Control documentation.
Perform the following steps to interact with your MATTR VII tenant via APIs:
Choose an endpoint
Select a MATTR VII endpoint to make a request to. The following resources might be helpful:
- The API Reference offers an exhaustive list of all available endpoints and their request structures in different languages.
- Different tutorials and guides can be used to learn what endpoints are required for specific capabilities and workflows.
- Refer to the Access control section to learn more about what endpoints your client will be able to access.
We recommend using the MATTR VII Postman collection to make requests to your MATTR VII tenant. While this isn't an explicit prerequisite it can really speed things up.
Obtain an access token
Most of the MATTR VII endpoints are protected and require providing a bearer access token when making a request. If you are making a request to an unprotected endpoint (as detailed in the API Reference), you do not need to obtain an access token and can continue to the next step.
Use your access credentials and make a request of the following structure to obtain an access token:
POST https://{auth_server}/oauth/token
auth_server
: Replace with theauth_url
value obtained when you created your tenant.
{
"client_id": "F5qaeLDdbvnU9zhA0j4eHUGCHwC1bKtt",
"client_secret": "Wzc8J**********************************************************",
"audience": "learn.vii.au01.mattr.global",
"grant_type": "client_credentials"
}
client_id
: Replace with theclient_id
value obtained when you created your tenant.client_secret
: Replace with theclient_secret
value obtained when you created your tenant.audience
: Replace with theaudience
value obtained when you created your tenant.grant_type
: Always useclient_credentials
as a static value, regardless of your specific login credentials.
Response
{
"access_token": "eyJhb********************************************************************",
"expires_in": 14400,
"token_type": "Bearer"
}
- The returned
access_token
will enable access to endpoints as per the role assigned to the client. Refer to Access control for more Information. - You will need to obtain a new access token whenever it expires. Our Postman collection includes a pre-request script that obtains an access token when it is missing or has expired.
Construct the request
Construct an API request using the selected endpoint path and the tenant_url
value obtained when you created your tenant:
{method} https://{tenant_url}/{path}
For example, a request to
retrieve all IACAs from a
tenant whose tenant_url
is learn.vii.au01.mattr.global
should be constructed as follows:
GET https://learn.vii.au01.mattr.global/v2/credentials/mobile/iacas
If the operation has a request body you should structure it too, based on the details provided in the API Reference or relevant tutorial.
Whatever tool or language your are using to make the request, make sure you
include the access_token
in the request header when making requests to
protected endpoints. Refer to the API Reference for
request samples.
Handle the response
The endpoint would respond with a standard HTTP status code and a response body. These differ between endpoints and are detailed in the API Reference.
You can now adjust your implementation to handle these responses to achieve the desired outcome.
Inviting users
To support collaboration, you can invite other users to access the MATTR Portal and manage tenants that you administer.
When you invite a user to manage a tenant, you select the role they will hold within that tenant. This role defines what they can view, modify, or manage—ensuring fine-grained access control that aligns with your trust and governance requirements.
Perform the following steps to invite a user to interact with a tenant you administer in the MATTR Portal:
- Open Platform Management in the left navigation panel and select Tenant.
The tenant management screen appears. - Click Create/Switch tenant at the top-right.
The All Tenants window opens. - Click Switch next to the desired tenant.
- Under Platform Management, select Users, clients & roles.
- Go to the Users tab and click Invite.
- Enter the user's email in the Email field.
- Select roles for the user using the checkboxes in the Tenant access section.
- Click Invite to send the invitation.
- If the invited user already has access to the Portal, they will immediately see the new tenant in their list of accessible tenants. When they select this tenant, their Portal UI would be updated to reflect the permissions associated with their role in that tenant.
- If the invited user does not have access to the Portal yet, they’ll receive an email to accept the invite and log into the Portal. Invites expire after 5 days.
Being invited to a tenant
Another user with sufficient privileges can invite you to manage a tenant they control. In this case:
- You are assigned a specific role as part of the invitation.
- Your permissions in that tenant are determined by the role you’re given—limiting or enabling specific actions according to that scope.
- You can work across multiple tenants, each with different roles depending on how you've been invited.
What's next?
We recommend starting with one of the following resources based on your needs:
- For issuers:
- OID4VCI Authorization Code tutorial: Learn how to configure an OID4VCI Authorization Code flow.
- OID4VCI Pre-authorized Code tutorial: Learn how to configure an OID4VCI Pre-authorized Code flow.
- Revocation tutorial: Learn how to issue revocable credentials and manage their revocation status.
- For verifiers:
- Remote web verification tutorial: Learn how to build a web application that can verify mDocs remotely.
- Remote mobile verification tutorial: Learn how to build a mobile application that can verify mDocs remotely.
- General:
- API reference: Explore the API reference documentation to understand the available endpoints, request/response formats, and authentication methods.
- Postman collection: Download the Postman collection to quickly test and interact with the APIs. The collection includes pre-configured requests for common operations, making it easier to get started with API development.
How would you rate this page?