light-mode-image
Learn

MATTR Portal

Overview

The MATTR Portal is built on top of MATTR VII Platform and Management APIs and provides an easy-to-use interface to effectively manage and oversee tenant management and configuration.

Not all features available via the MATTR VII Platform and Management APIs are currently supported in the Portal. Refer to the Capabilities section below for a list of supported functionalities.

Getting Started

Creating a tenant

Every action in the Portal happens within the context of a specific tenant. Tenants represent distinct instances of MATTR VII, each with its own configuration, credentials, and governance. When you sign in to the Portal, you can easily switch between all the tenants you have access to, enabling streamlined oversight without compromising clarity or security.

  1. Log into the MATTR Portal.
  2. Select the Create/switch tenant button on the top-right side of the screen.
    The All tenants panel is displayed, listing any existing tenants.
  3. Select the Create new button.
    The New tenant form is displayed.
  4. Use the Region dropdown list to select the region your tenant will be hosted in.
  5. Use the Tenant subdomain text box to insert a subdomain for your tenant (e.g. my-first-tenant).
  6. Use the Tenant name text box to insert a meaningful and friendly name for your tenant (e.g. My first tenant).
  7. Select the Create button to create the new tenant.
  8. Copy the displayed tenant information (audience, auth_url, tenant_url, client_id and client_secret) which is required for the next step.

The client_secret is only displayed immediately after the client is created. Once you navigate away from this screen, the client secret will be masked and cannot be retrieved again. Ensure you save it securely at this point.

Interacting with the tenant

You can interact with your tenant and use MATTR VII capabilities either using the MATTR Portal or via direct API calls. The Portal provides a user-friendly interface for managing your tenant, while the APIs allow for programmatic access to MATTR VII capabilities.

You can use the Portal's various features and functionalities to interact with your tenant and use MATTR VII capabilities:

  • Every action in the portal is within the context of a specific tenant. This means that all configurations, settings and data you manage are associated with the selected tenant.
  • Use the drop-down list in the top-left corner to switch between tenants.
  • Use the navigation panel on the left-hand side to access different functionalities.

Capabilities

The Portal currently supports the following functionalities:

  • Platform management: Manage your MATTR VII tenants:
  • Digital Trust Service: Manage your DTS:
  • Credential issuance: Manage OID4VCI workflow components and configuration:
    • Authentication provider: Configure and edit an authentication provider to be used during credential issuance flows. Available options are similar to those described for configuring an Authentication provider using an API request.
    • Interaction hook: Configure an interaction hook to redirect a user to a custom component during the credential issuance journey. Available options are similar to those described for configuring an Interaction hook using an API request.
    • Claims sources: Configure and edit claims sources to fetch claims from an external endpoint and use them when issuing credentials. Available options are similar to those described for configuring a Claims source using an API request.
    • Credential configurations: Create mDocs, CWT, Semantic CWT and JSON credentials configurations. Available options are similar to those described for creating a Credential configuration using an API request.
    • Credential offer: Create a credential offer by specifying credential configurations and request parameters. This capability is based on creating a Credential offer using an API request, with some additional capabilities to share the offer with the intended holder.
  • Credential verification: Configure mDocs online verification workflows:
    • Trusted issuers: Configure and manage mDocs issuers that can be trusted when verifying mDocs presented online. Available options are similar to those described for creating a trusted issuer using an API request.
    • Supported wallets: Configure and manage digital wallet applications that can present mDocs online for verification, and how to interact with these wallets. Available options are similar to those described for creating a wallet provider using an API request.
    • Applications: Configure and manage applications that can create mDocs online verification sessions, and how to interact with these applications. Available options are similar to those described for creating a verifier application using an API request.

Roles and permissions

The Portal is designed to be used by different roles within an organization. The MATTR Portal UI is aligned with the user's role and the permissions assigned to them. This means that users will only see the features and functionalities that are relevant to their role.

  • When you create a tenant, you are automatically assigned an admin role for that tenant. This role grants you full access to manage all aspects of the tenant.

  • If you are invited to manage a tenant created by someone else, your assigned role may differ. This means you might have access to a limited set of features based on your permissions.

For more details on on available roles and associated permissions, refer to the Access Control documentation.

Perform the following steps to interact with your MATTR VII tenant via APIs:

Choose an endpoint

Select a MATTR VII endpoint to make a request to. The following resources might be helpful:

  • The API Reference offers an exhaustive list of all available endpoints and their request structures in different languages.
  • Different tutorials and guides can be used to learn what endpoints are required for specific capabilities and workflows.
  • Refer to the Access control section to learn more about what endpoints your client will be able to access.

We recommend using the MATTR VII Postman collection to make requests to your MATTR VII tenant. While this isn't an explicit prerequisite it can really speed things up.

Obtain an access token

Most of the MATTR VII endpoints are protected and require providing a bearer access token when making a request. If you are making a request to an unprotected endpoint (as detailed in the API Reference), you do not need to obtain an access token and can continue to the next step.

Use your access credentials and make a request of the following structure to obtain an access token:

Request
POST https://{auth_server}/oauth/token
  • auth_server : Replace with the auth_url value obtained when you created your tenant.
Request Body
{
  "client_id": "F5qaeLDdbvnU9zhA0j4eHUGCHwC1bKtt",
  "client_secret": "Wzc8J**********************************************************",
  "audience": "learn.vii.au01.mattr.global",
  "grant_type": "client_credentials"
}
  • client_id : Replace with the client_id value obtained when you created your tenant.
  • client_secret : Replace with the client_secret value obtained when you created your tenant.
  • audience : Replace with the audience value obtained when you created your tenant.
  • grant_type : Always use client_credentials as a static value, regardless of your specific login credentials.

Response

Response body
{
  "access_token": "eyJhb********************************************************************", 
  "expires_in": 14400,
  "token_type": "Bearer"
}
  • The returned access_token will enable access to endpoints as per the role assigned to the client. Refer to Access control for more Information.
  • You will need to obtain a new access token whenever it expires. Our Postman collection includes a pre-request script that obtains an access token when it is missing or has expired.

Construct the request

Construct an API request using the selected endpoint path and the tenant_url value obtained when you created your tenant:

Request template
{method} https://{tenant_url}/{path}

For example, a request to retrieve all IACAs from a tenant whose tenant_url is learn.vii.au01.mattr.global should be constructed as follows:

Request example
GET https://learn.vii.au01.mattr.global/v2/credentials/mobile/iacas

If the operation has a request body you should structure it too, based on the details provided in the API Reference or relevant tutorial.

Whatever tool or language your are using to make the request, make sure you include the access_token in the request header when making requests to protected endpoints. Refer to the API Reference for request samples.

Handle the response

The endpoint would respond with a standard HTTP status code and a response body. These differ between endpoints and are detailed in the API Reference.

You can now adjust your implementation to handle these responses to achieve the desired outcome.

Inviting users

To support collaboration, you can invite other users to access the MATTR Portal and manage tenants that you administer.

When you invite a user to manage a tenant, you select the role they will hold within that tenant. This role defines what they can view, modify, or manage—ensuring fine-grained access control that aligns with your trust and governance requirements.

Perform the following steps to invite a user to interact with a tenant you administer in the MATTR Portal:

  1. Open Platform Management in the left navigation panel and select Tenant.
    The tenant management screen appears.
  2. Click Create/Switch tenant at the top-right.
    The All Tenants window opens.
  3. Click Switch next to the desired tenant.
  4. Under Platform Management, select Users, clients & roles.
  5. Go to the Users tab and click Invite.
  6. Enter the user's email in the Email field.
  7. Select roles for the user using the checkboxes in the Tenant access section.
  8. Click Invite to send the invitation.
    • If the invited user already has access to the Portal, they will immediately see the new tenant in their list of accessible tenants. When they select this tenant, their Portal UI would be updated to reflect the permissions associated with their role in that tenant.
    • If the invited user does not have access to the Portal yet, they’ll receive an email to accept the invite and log into the Portal. Invites expire after 5 days.

Being invited to a tenant

Another user with sufficient privileges can invite you to manage a tenant they control. In this case:

  • You are assigned a specific role as part of the invitation.
  • Your permissions in that tenant are determined by the role you’re given—limiting or enabling specific actions according to that scope.
  • You can work across multiple tenants, each with different roles depending on how you've been invited.

What's next?

We recommend starting with one of the following resources based on your needs:

How would you rate this page?