MATTR VII Changelog

This release of the MATTR Portal (v1.76.0) introduces the following enhancements:

• Compressed access token support: The Portal was upgraded to handle compressed access tokens used by the Management API v1.30.0.
• Certificate detail section: Added a Certificate detail section to all certificate types, which displays certificate details in a human-readable format.

This release of the MATTR VII Platform API (v12.14.0) is a maintenance release. It includes internal changes to support upcoming features.

This release of the MATTR VII Management API (v1.30.0) introduces the following enhancements:

• Access token compression: Permissions are now compressed when issuing MATTR VII access tokens. This prevents exceeding the HTTP request header payload size limit (16KB), which would otherwise result in an HTTP 431 status code (Request Header Fields Too Large).
• Authorization cache reliability: Enhanced reliability of the internal authorization module cache.

This release of the MATTR Portal (v1.75.0) introduces the following enhancements:

• DC API Verifier Applications: You can now use the MATTR Portal to create Android and Web Verifier Applications that use the Digital Credentials API (DC API) to request and verify credentials remotely.
• Claim sources scope configuration: You can now add a scope field to the OAuth client credentials authorization configuration for claim sources. This supports integration with data servers that require the resource identifier to be passed as a scope rather than an audience parameter. Refer to the claims source API reference for more information.

This release of the MATTR VII platform (v12.13.0) introduces the following enhancement:

• OAuth scope parameter for claim sources: The OAuth client credentials authorization configuration for claim sources now supports an optional scope field. This enables integration with data servers that require the resource identifier to be passed as a scope rather than an audience parameter. Existing claim sources are unaffected by this change. Refer to the claims source API reference for more information on how to use this new parameter.

This release of the MATTR VII Management API (v1.29.3) is a maintenance release. It includes internal changes to enhance performance and stability.

This release of the MATTR Portal (v1.74.0) introduces the following enhancements:

• Credential reports: You can now generate reports of credential lifecycle operations across your tenant, broken down by day, credential profile, and credential type. Reports cover issuance events and status changes (such as revocations) for CWT and mDoc credentials. Refer to Credential reports for more information.
• UX enhancements: Miscellaneous UX and display improvements.

This release of the MATTR VII platform (v12.12.0) introduces the following enhancements and fixes:

• Credential reports: You can now generate reports of credential lifecycle operations across your tenant, broken down by day, credential profile, and credential type. Reports cover issuance events and status changes (such as revocations) for CWT and mDoc credentials. Refer to Credential reports for more information.
• Bug fixes: Miscellaneous bug fixes and stability improvements.

This release of the MATTR VII Management API (v1.29.1) is a maintenance release. It includes internal changes to enhance performance and stability.

This release of the MATTR VII platform (v12.11.0) introduces the following enhancements:

• Configurable analytics event purging: The schedule in which Platform Events that are older than the set retention period are purged can now be configured per tenant. Contact us if you want to change this setting for your tenant.
• Support for Draft 14 of the Status List specification: MATTR VII now supports Draft 14 of the Status List specification for mDocs revocation. This update introduces several key changes to improve alignment with the latest standards:

Currently all MATTR VII tenants continue to use the legacy specification format by default. In the next release, we will enable the Draft 14 specification for all tenants by default. If you wish your tenant to keep using the legacy specification, please contact us to ensure we do not enable the new specification for your tenant.

Refer to mDocs revocation for more information.

This release of the MATTR VII Management API (v1.29.0) introduces the following enhancement:

• Analytics events for GET /v1/events: Consistent with all other Management API endpoints, the analytics service now generates events when GET /v1/events is called.

This release of the MATTR Portal (v1.73.1) introduces the following enhancements and fixes:

• Managed IACA deletion: Managed IACAs can now be deleted by users with admin or issuer roles. This provides greater flexibility in managing your certificate authorities and helps maintain a clean and organized certificate inventory.
• Binary claim file upload fix: Fixed an issue where uploading a file to a Binary claim in Pre-authorized Code flow credential offers included a Data URL prefix (e.g., data:image/jpeg;base64,) before the actual base64 content. This prefix caused credential validation failures when adding credentials to certain wallets. The Portal now correctly handles file uploads to ensure only raw base64 content is used in the claim value.
• Form field HTML tag fix: Fixed an issue where it was possible to add <b>, <p>, <strong>, and <i> HTML tags into form fields, which resulted in them being rendered in some delete confirmation modals.

A new MATTR VII Singapore region is now available, joining the existing regions of New Zealand (Auckland), Australia (Sydney), Europe (Frankfurt), United States (Oregon), and Canada (Montreal). This supports implementations from Singapore that need their infrastructure and data hosted within Singapore boundaries.

Customers can now use the MATTR Portal to create new tenants in the new SG region.

This release of the MATTR VII platform (v12.10.0) introduces the following enhancements and fixes:

• Improved SSO user experience: SSO connection users are no longer prompted to complete MFA enrolment or verification, and are no longer required to verify their email address. This streamlines the sign-in flow for users authenticating via an SSO provider.
• JWT access token from the Token endpoint: The POST /v1/oauth/token endpoint now returns a JWT access token instead of the previously used opaque token. This applies to both the Pre-authorized Code and Authorization Code flows, giving clients richer, self-contained token data.
• Analytics events for GET /v1/events: Consistent with all other tenant endpoints, the analytics service now generates events when GET /v1/events is called.
• Empty credential issuance validation (bug fix): In alignment with OID4VCI, the platform now correctly rejects any attempt to issue a credential that contains no claims. Requests of this kind will fail with an appropriate error response.

This release of the MATTR VII Management API (v1.28.2) is a maintenance release. It includes internal changes to enhance performance and usability.

This release of the MATTR VII Management API (v1.28.1) includes the following fix:

• Email case handling fix (SSO users): Fixed an issue where some SSO users with mixed-case email addresses could encounter errors when accepting tenant invites. Email addresses for SSO users are now handled consistently, preventing errors regardless of casing.

This release of the MATTR Portal (v1.72.0) introduces the following enhancements:

• Managed Issuer visibility of child certificates: Managed Issuers can now only view pending and active Document Signer Certificates (DSC) and Status List Signer Certificates (SLSC). They cannot create, edit, or delete DSCs/SLSCs.
• Updated custom domain asset requirements: Updated the notes on the Custom Domain page to reflect the changes required for the issuer authorization server metadata endpoint.
• Accessibility improvements: Fixed accessibility issues to improve usability and compliance.

This release of the MATTR VII platform (v12.9.0) introduces the following enhancements:

• Client Attestation 'Standard Mode' support: We've enhanced our Client Attestation capability to support an alternative proof-of-possession method called 'Standard Mode', which sits alongside our existing 'Combined Mode' option. Standard Mode is designed for wallets that provide a separate Attestation PoP alongside the Attestation JWT (with or without DPoP), rather than combining the attestation proof with the DPoP proof. This gives wallet developers more flexibility in how they implement client attestation, by offering an option for implementations who prefer not to share the same key for both DPoP and attestation proof.
• Credential Instance ID persistence: If a holder app chooses to pass a Credential Instance ID when performing Client Attestation with a MATTR VII issuer, we now persist and return this data against the issued credential in the credential registry. This allows issuers to have better traceability of which specific app instance a credential was issued to, and use this information for later analysis or troubleshooting.
• Issuer metadata fix: Resolved an issue where issuer metadata was not being properly exposed for tenants with a configured custom domain.

This release of the MATTR VII Management API (v1.28.0) introduces the following change:

• Tenant creation restriction: Users who are invited to existing tenants via the MATTR Portal can no longer create new tenants themselves. This improves governance and ensures tighter control over tenant management.

This release of the MATTR Portal (v1.71.0) introduces the following enhancements:

• Enhanced tenant governance: Users who are invited to existing tenants via the MATTR Portal can no longer create new tenants of their own, improving governance and control over tenant management.
• Terminology updates: Renaming of credential formats and related terms across the Portal, along with updates to all credential configuration forms to include consistent messaging and helpful links.
• Improved error reporting: Sentry has been enabled as an error reporting tool, enhancing data logging and error resolution capabilities.

This release of the MATTR VII platform (v12.8.1) resolves an issue where the OpenIdCredentialIssued webhook event payload included an unexpected change. The payload structure is now consistent with previous releases.

This release of the MATTR VII platform (v12.8.0) introduces the following enhancements:

OID4VCI v1.0 alignment

MATTR VII now aligns with OpenID for Verifiable Credential Issuance (OID4VCI) v1.0. This enhances interoperability and ensures all relevant parties are following the same specification. The following changes have been implemented:

1. Separate OAuth server metadata endpoint: OAuth server metadata, previously exposed via GET {tenant_url}/.well-known/openid-credential-issuer, are now available through a dedicated endpoint. See the authorization server metadata endpoint in the API Reference for more information.

2. Supported credential metadata location change: Supported credential metadata are now exposed under the credential_configurations_supported field (instead of credentials_supported) in the response from GET {tenant_url}/.well-known/openid-credential-issuer. The new structure contains similar information with an updated format. See the issuer metadata endpoint in the API Reference for more information.

3. Credential offer payload change: In a credential offer payload, the credentials field has been replaced with credential_configuration_ids. This field includes a list of credential configuration IDs corresponding to the credentials offered to a wallet client. Wallet clients should use these IDs for looking up credential metadata exposed from the credential issuer metadata endpoint. See the credential offer endpoint in the API Reference for more information.

4. Credential request structure changes:

   • credential_configuration_id is a new parameter that specifies which credential to issue. This corresponds to the credential configuration ID from the credential offer and the issuer metadata. Previously, this information was included in the format, credential_definition, types, and doctype fields (depending on credential format).
   • proofs object provides proof of possession of the cryptographic key material to which the issued credential instances will be bound. This was previously passed in the proof parameter (singular).
     • While the OID4VCI v1.0 structure supports an array of proofs for batch issuances, MATTR VII currently supports a single proof only and will enable batch issuance in the future.
     • No change is required in the structure of the previously provided proof payload.

   See the credential issuance endpoint in the API Reference for more information.

5. Credential response structure change: The response now contains a credentials array of issued credentials (instead of the previous credential and format elements).

   • While the OID4VCI v1.0 structure supports an array of credentials for batch issuances, MATTR VII currently supports single credential issuance only and will enable batch issuance in the future.

   See the credential issuance endpoint in the API Reference for more information.

Client attestation closed beta preview

MATTR VII now offers client attestation as a closed beta preview. Participating customers can:

• Configure their tenants so that they will only issue credentials into a wallet that provides DPoP-based client attestation (by adding a client attestation root certificate against a trust wallet list configuration for that tenant).
• Pass a client instance ID as part of the client attestation. This identifier will be included in the access token returned to the wallet client.
• Use this passed client instance ID as part of a request sent to a configured claims source.

Refer to client attestation for more information.

A new MATTR VII New Zealand region is now available, joining the existing regions of Australia (Sydney), Europe (Frankfurt), United States (Oregon), and Canada (Montreal). This supports implementations from New Zealand that need their infrastructure and data hosted within New Zealand boundaries.

Customers can now use the MATTR Portal to create new tenants in the new NZ region.

This release of the MATTR Portal (v1.70.0) introduces the following enhancements:

• SSO support: Customers can now use their Entra ID/Azure AD identity provider (IdP) to authenticate users accessing the MATTR Portal through single sign-on (SSO). This enables organisations to manage Portal access through their existing identity infrastructure, streamlining user authentication and improving security.
• Android verifier configuration: You can now use the Portal to manage Android Verifier Applications, enabling you to configure and manage Android mobile app verification workflows.
• New Managed Issuer role: The Portal now supports the new managed-issuer role. This role is similar to the issuer role, except it cannot create new IACAs and cannot manage credential configurations. This supports different operational models where issuers are managed by a higher level of admins or issuers who control most of the settings.

This release of the MATTR VII Management APIs (1.27.0) introduces the following enhancements:

• SSO authentication for Portal access: The Management API now enables customers to use their Entra ID/Azure AD identity provider (IdP) to authenticate users accessing the MATTR Portal through single sign-on (SSO). This enables organisations to manage Portal access through their existing identity infrastructure, streamlining user authentication and improving security.
• User invitations for managed-issuer role: Users with the managed-issuer role can now invite other users with the same role to the Portal. This enables delegated user management within the same permission scope.

This release of the MATTR VII platform (v12.7.2) aligns the End-to-End Encryption (E2E Encryption) credential request format with the OID4VCI specification.

This release of the MATTR VII platform (v12.7.1) fixes an issue where the JWKS format for E2E encryption was incorrect in both the credential issuer metadata and credential request format. This fix ensures proper encryption key exchange between issuers and wallets.

This release of the MATTR VII platform (v12.7.0) introduces the following enhancements:

• New Managed Issuer role: The new managed-issuer role is similar to the issuer role, except it cannot create new IACAs and cannot manage credential configurations. This supports different operational models where issuers are managed by a higher level of admins or issuers who control most of the settings.
• End-to-end encryption for credential issuance: End-to-End Encryption (E2E Encryption) provides an additional layer of security for credential issuance workflows where intermediary services are involved between the credential issuer and the wallet application. E2E Encryption ensures that credential data and personally identifiable information (PII) remain confidential and unreadable to intermediary backend servers, even as they facilitate the credential delivery process. The credentials are encrypted end-to-end, from the issuer directly to the specific wallet instance, ensuring that only the intended recipient can decrypt and access the credential data. End-to-End Encryption is currently in technical preview and must be enabled on a per-tenant basis. If you would like to enable this feature for your tenant, please contact us.
• IP address in platform analytics events: Platform analytics events now include the IP address the request came from.

This release of the MATTR VII Management APIs (v1.26.1) is a maintenance release. It includes incremental internal updates to support upcoming features.

This release of the MATTR VII platform (v12.6.0) introduces Credential Refresh as a beta preview feature.

Credential Refresh enables wallets to claim new instances of credentials without requiring the user to authenticate again. This capability supports several use cases, such as validity extension with a streamlined user experience.

This release of the MATTR VII Management APIs (v1.26.0) is a maintenance release. It includes internal changes to enhance performance and usability.

This release of the MATTR Portal (v1.69.0) introduces the following enhancements:

• Participant points of contact: Added hint text to recommend a minimum of two points of contact per participant.

This release also includes bug fixes and maintenance enhancements to improve overall performance and stability.

This release of the MATTR VII platform (v12.5.0) streamlines configuration of document types ecosystems participants are permitted to issue.

When you create or update a participant, you can now define which document types participants are permitted to issue at the IACA level. This enhancement extends the IACA docTypes feature across ecosystem policy and participant specifications, providing more granular control over participant permissions within your ecosystem.

This release of the MATTR VII Management APIs (v1.25.0) is a maintenance release. It includes internal changes to enhance performance and usability.

This release of the MATTR Portal (v1.68.0) introduces the following enhancements:

• Revocable mDocs: Create credential configurations that let you later change mDoc revocation status (valid, invalid, suspended) for stronger lifecycle control.
• Points of contact: Manage up to 10 contact records per ecosystem participant.
• Participant evidence PDFs: Upload, view, replace, and delete PDF evidence linked to an ecosystem participant.
• Simplified ecosystem configuration: Configure document types directly when uploading an IACA certificate to a participant, simplifying the ecosystem configuration process. This change also removes the ecosystem credential types and participant roles tabs from the Portal.
• Inactivity timeout: Users are automatically signed out after a period of inactivity to reduce risk from unattended sessions.

This release also includes bug fixes and maintenance enhancements to improve overall performance and stability.

This release of the MATTR VII platform (v12.4.0) introduces the following enhancements to participants records:

• Adding points of contact: DTS operators can now manage up to 10 records of points of contact for each participant.
• Adding PDF evidence: DTS operators can now upload and manage PDF files associated with specific participants.

This release of the MATTR VII Management APIs (v1.24.0) is a maintenance release. It includes internal changes to enhance performance and usability.

This release of the MATTR Portal (v1.67.1) introduces enhanced event log capabilities.

The Portal now displays the requestor (user ID, client ID, or system) for each event in the event logs, providing better visibility into who initiated each action. You can now filter event logs by requestor to quickly find events associated with specific users, clients, or system processes, making audit trails more transparent and actionable.

This release also includes bug fixes and maintenance enhancements to improve overall performance and stability.

This release of the MATTR Portal (v1.66.0) introduces the following enhancements:

• Pre-authorized credential offers: The Portal now supports creating and testing pre-authorized credential offers, enabling users to configure and validate this issuance flow directly within the Portal. Refer to our tutorial for a hands-on example.
• Updated field names for Ecosystem participants: Changes have been implemented to support the new field names for Digital Trust Service (DTS) participants introduced in the latest platform release, ensuring consistency across the platform and Portal experiences.

This release of the MATTR VII platform (v12.3.0) introduces the following enhancements:

• DSC and SLSC revocation via CRL: Issuers using MATTR-managed IACAs can now revoke their [Document Signer Certificates] (DSCs) and Status List Signer Certificates (SLSCs) via Certificate Revocation List (CRL). This provides greater control over certificate lifecycle management and enhances security by enabling timely revocation of compromised or outdated certificates.
• Updated contact details for DTS participants: The contact details fields for Digital Trust Service (DTS) participants have been updated to clearly indicate they represent high-level organisation contact details. This change prepares for upcoming features that will allow listing individual points of contact separately, providing more granular contact management capabilities.

This release of the MATTR VII Management APIs (v1.23.1) is a maintenance release. It includes internal changes to enhance performance and usability.

This release of the MATTR VII platform (v12.2.0) extends our malware scanning capabilities to include zip folders uploaded for digital pass templates.

When creating templates for Apple and Google digital passes, any zip folders containing assets (such as images, icons, or other resources) are now automatically scanned for malware before processing. This enhancement strengthens security across the digital pass creation workflow while maintaining the same user experience.

This release of the MATTR VII Management APIs (v1.23.0) is a maintenance release. It includes internal changes to enhance performance and usability.

This release of the MATTR VII platform (v12.1.0) is a maintenance release. It introduces internal changes to support future features and improvements.

This release of the MATTR VII Management APIs (v1.22.1) is a maintenance release. It only includes dependency upgrades.

This release of the MATTR VII platform (v12.0.0) introduces new capabilities for customers managing their own trust infrastructure, providing greater flexibility in establishing trust across your network.

You can now integrate with MATTR VII using externally managed certificates from your existing Public Key Infrastructure (PKI):

• Verifier Root CA certificates: MATTR VII can now use these to sign Verification Request Signer Certificates (VRSCs), which are then used to sign verification requests.
• DTS Root CA certificates: MATTR VII can now use these to sign VICAL Signer Certificates (VSCs), which are then used to sign VICALs.

These updates enable closer alignment with your existing PKI while still benefiting from MATTR VII’s Digital Trust Service (DTS) and Credential Verification capabilities.

This release of the MATTR VII Management APIs (v1.22.0) is a maintenance release. It introduces backend changes required to support new features in the MATTR VII platform.

In addition, and in line with our SLA, we are providing an end-of-life (EOL) notification for the legacy Management API domain:

• The previous domain https://manage.mattr.global is now officially deprecated.
• Customers must complete migration to the new domain https://manage.au01.mattr.global before 1 March 2026.
• After this date, the legacy domain will no longer be supported.
• This change only impacts customers using machine clients to access the Management API.

Please update your integrations to ensure continuity of service before the deprecation deadline.

This release of the MATTR Portal (v1.65.0) introduces enhanced certificate management features and greater automation for credential issuance:

• You can now manage a wider range of certificate authorities directly in the Portal, including both externally managed and MATTR-managed:
  • IACAs
  • DTS root CA
  • Verifier root CA
• VICAL Configuration now allows you to automatically generate VICALs on a daily or weekly basis.
• Date display enhancements have been introduced: hovering over a date now reveals a popup showing both local time and relative time, improving clarity for users across time zones.

This release of the MATTR VII platform (v11.3.0) introduces support for wildcard path fragments in redirect URIs within verifier applications.

Verifier apps can now whitelist redirect URIs that include an asterisk in the path component (e.g., https://www.example.com/*/callback), enabling support for dynamic callback paths such as those containing session IDs.

This release of the MATTR VII management APIs (v1.21.0) is a maintenance release. It introduces backend changes required to support new features in the MATTR VII platform.

This release of the MATTR Portal (v1.64.0) is a maintenance release. It introduces changes required to support new backend features that are coming up.

This release of the MATTR VII platform (v11.2.0) introduces the following enhancements:

• Client activity tracing: You can now filter analytic events by client ID, making it easier to trace specific client actions.
• VICAL configuration timestamp: We’ve added visibility into when your VICAL configuration was last set, helping you predict when the next version will be published based on your auto-publish schedule.
• New events endpoint: A new /v1/events endpoint is available as an alternative to /analytics. This change helps avoid issues with browsers that block requests containing the term "analytics". In alignment with our Service Level Agreement (SLA), the existing /v1/analytics/events endpoint has been marked as deprecated/retired and will reach its EOL on February 4th 2026, when it will be removed from the MATTR VII platform.
• IACA activation error handling: If you attempt to activate an unmanaged IACA that does not have any Document Signer Certificates signed by it, you will now receive a clear error message. To resolve this, activate a Document Signer Certificate signed by the unmanaged IACA before activating it.

This release of the MATTR VII management APIs (v1.20.0) is a maintenance release. It introduces backend changes required to support new features in the MATTR VII platform.

This release of the MATTR Portal (v1.63.0) is a maintenance release. It introduces backend changes required to support new features that are coming up.

This release of the MATTR VII platform (v11.1.0) introduces the ability to automatically publish your VICAL according to a pre-set schedule. The VICAL configuration can now be adjusted so that the VICAL is automatically published daily or weekly, ensuring that it is always up-to-date with the latest information without requiring manual intervention.

This release of the MATTR VII management APIs (v1.19.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

This release of the MATTR Portal (v1.62.2) introduces changes to support new capabilities offered by the MATTR VII platform:

• To comply with changes made to support the Verify with Apple Wallet API, when creating an iOS Verifier Application the following changes are now in effect:
  • The Team ID property is required.
  • The OID4VP configuration is optional.
• To comply with changes made to enable external issuer certificates, IACAs are always created as inactive by default, and you must manually set them to active after they are created.

This release of the MATTR VII platform (v11.0.0) introduces several new features and enhancements:

• Hardware Security Module (HSM) support for key management: We’ve introduced support for customers to use a MATTR-managed Hardware Security Module (HSM) for key management. This provides an additional layer of assurance for protecting cryptographic keys, beyond our standard Software Security Module (SSM).
  • Note: HSM usage incurs additional costs and requires a commercial agreement. Please reach out to your account team if you’re interested in enabling this feature.
• External IACA Support: You now have the flexibility to manage your own Issuer Authority Certificate Authority (IACA), Document Signing Certificates (DSCs) and Status List Signer Certificates (SLSCs). This offers flexibility for organizations with specific Public Key Infrastructure (PKI) requirements. It preserves the integrity of the mDoc trust chain while giving issuers full control over their cryptographic materials. Refer to external issuer certificates for more information.
• Support for Verify with Apple Wallet API: We’ve added the necessary configuration to support the Verify with Wallet API in iOS mobile apps, including a required Apple Team ID. This sets the stage for upcoming enhancements in our iOS Verifier SDK that will enable streamlined credential verification flows in mobile applications.
• Enhanced Credential Metadata in API Responses: We’ve enriched the data returned when retrieving users' credentials metadata with new fields such as Issuance Date, Valid From, and Valid Until. These additions provide greater visibility into credential lifecycles.

This release of the MATTR VII management APIs (v1.18.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

This release of the MATTR VII platform (v10.4.0) introduces the ability to create mDocs credential configurations that define explicit:

• Activation date using the validFrom parameter. This allows issuers to create mDocs that are valid from an explicit future date, enabling scenarios where credentials can be issued in advance and activated later.
• Expiration date using the validUntil parameter. This allows issuers to set a specific end date for the validity of mDocs credentials, ensuring that credentials are only valid for a defined period.

This release of the MATTR VII management APIs (v1.17.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

This release of the MATTR Portal (v1.61.1) allows you to paste string data directly into form fields that accept PEM files as identifiers. This update also includes various bug fixes and enhancements to improve the overall user experience.

This release of the MATTR VII platform (v10.3.0) introduces enhanced traceability for OID4VCI flows. This includes adding parameters to relevant analytics events, enabling better tracking and analysis of platform events.

The following analytic events have been updated to include the sessionId parameter:

• Create a Pre-authorized Code offer:
  • OPENID_PRE_AUTHORIZED_OFFER_CREATE_START
  • OPENID_PRE_AUTHORIZED_OFFER_CREATE_SUCCESS
• Delete a Pre-authorized Code offer:
  • OPENID_PRE_AUTHORIZED_OFFER_DELETE_START
  • OPENID_PRE_AUTHORIZED_OFFER_DELETE_SUCCESS
  • If the provided offerId does not exist, the OPENID_PRE_AUTHORIZED_OFFER_DELETE_FAIL will include the offerId.
• Authorization Code flow:
  • OPENID_AUTHORIZE_SUCCESS
  • OPENID_AUTHENTICATION_PROVIDER_AUTHORIZE_SUCCESS
  • OPENID_AUTHENTICATION_PROVIDER_AUTHORIZE_START
  • If the user fails to authenticate with the configured authentication provider, the OPENID_AUTHENTICATION_PROVIDER_AUTHORIZE_FAIL event will also include the sessionId.
  • If the tenant fails to authenticate with a configured claim source, the OPENID_CLAIM_AUTHORIZATION_FAIL event will include the sessionId.

This release of the MATTR VII management APIs (v1.16.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

This release of the MATTR Portal (v1.60.0) enables you to configure and manage mobile app verification workflows in the MATTR Portal. This includes:

• What mobile applications can interact with the MATTR VII tenant.
• What wallet applications can present credentials.
• What issuers can be trusted.

This release of the MATTR VII platform (v10.2.0) introduces new issuance and verification channels:

• MATTR VII now supports issuing credentials using the OID4VCI Pre-authorized Code flow. This flow enables issuers to authenticate and authorize holders in advance, making credential issuance faster and more streamlined for users who have already been verified. To support this, you can now manually create new users and generate credential offers for them.
• By integrating MATTR VII with the MATTR Pi iOS mDocs Verifier SDK, you can build iOS apps that remotely request and verify mDocs presented from another app on the same device. This supports workflows defined by ISO/IEC 18013-7:2025 and OID4VP.

This release of the MATTR VII management APIs (v1.15.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

This release of the MATTR Portal (v1.59.0) makes the portal available to trial users. Trial users can now access the Portal and explore the features of the MATTR VII platform through an intuitive graphical user interface.

Sign-up for a trial here and start exploring the MATTR Portal today!

This release of the MATTR VII platform (v10.1.0) enhances the user retrieval operations to include linked account data in the response. This allows you to view and manage identity connections more easily through a single API call, enabling advanced user interactions.

Additionally, requests to external claim sources have been improved for greater reliability. Outbound requests now explicitly use IPv4, preventing resolution failures that previously occurred when some services defaulted to unsupported IPv6.

This release of the MATTR VII Management API (v1.14.0) introduces enhanced support for trial users. This will enable users to more easily trial MATTR VII and the MATTR Portal.

This release of the MATTR Portal (v1.58.0) introduces user interface enhancements to improve the overall user experience. This includes refinements to the layout, navigation, and styling of various components within the Portal.

Additionally, this release includes backend changes to support exciting new features that are coming up.

This release of the MATTR Portal (v1.57.1) introduces Role Based Access Control (RBAC) capabilities. This enables admins to manage permissions and access within specific MATTR VII tenants, to ensure users can only access the functionalities they need to perform their role. This feature enables you to use the Portal to manage users and clients that can access your tenants.

The Portal UI is aligned with the user's role and the permissions assigned to them. This means that users will only see the features and functionalities that are relevant to their role. This is particularly useful for organizations with multiple users who have different responsibilities and permissions.

Refer to Access control for more information on available roles and associated permissions.

This release of the MATTR VII platform (v10.0.0) introduces the following changes to certificate management in MATTR VII:

• Added safeguards to prevent the use of non-compliant DSCs (originally created for signing non-mDL credentials) for mDL signing, particularly when their validity period exceeds the specification limit. Validation has also been added to the credential configurations endpoint to ensure early failure for such cases (attempting to sign credentials with validity periods longer than 427 days for mDLs or 3620 days for any other mDoc). Refer to certificate selection for more information.
• Updated IACA validation logic to allow the use of user-assigned country codes. You can now successfully create and validate IACAs with these codes.

This release of the MATTR VII management APIs (v1.13.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

This release of the MATTR VII platform (v9.1.0) is a maintenance release. It introduces internal enhancements and bug fixes to improve overall platform performance.

This release of the MATTR VII management APIs (v1.12.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

This release of the MATTR Portal (v1.56.0) introduces the following user experience enhancements:

• Refined fields names and descriptions in the Verifier application form for improved clarity.
• Renamed the Ecosystem navigation item to Digital Trust Service for better alignment with service scope.
• Updated breadcrumb links to correctly direct users when navigating to pages with multiple tabs.
• Various bug fixes and minor enhancements.

This release of the MATTR VII platform (v9.0.0) introduces a change to the maximum validity of issued mDocs to improve the efficiency of signer certificate management.

When issuing mDocs and setting type to org.iso.18013.5.*.mDL (issuing an mDL) the maximum validity is now the shorter of 427 days or the remaining IACA validity period.

For any other type the maximum validity is now the shorter of 10 years minus 30 days or the remaining IACA validity period.

This release of the MATTR VII management APIs (v1.11.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

This release of the MATTR VII platform (v8.0.0) introduces Role Based Access Control (RBAC) capabilities. This enables admins to manage permissions and access within specific MATTR VII tenants, to ensure users can only access the functionalities they need to perform their role. Refer to Access control for more information and to the corresponding tutorial for a hands-on example.

Additionally, following our EOL announcement and in alignment with our Service Level Agreement (SLA), we have removed support for the BBS 2020 signature suite. This means that JSON credentials supporting selective-disclosure can only be:

• Signed using the BBS 2022 signature suite.
• Verified if they were signed using the BBS 2022 signature suite.

This release of the MATTR VII management APIs (v1.10.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

Following our EOL announcement, and in alignment with our Service Level Agreement (SLA), we have removed support for several non-hyphenated endpoints, and replaced them with hyphenated endpoints for better readability:

• /v2/credentials/compact/digital-pass/apple replaced /v2/credentials/compact/digitalpass/apple.
• /v2/credentials/compact/digital-pass/apple/templates replaced /v2/credentials/compact/digitalpass/apple/templates.
• /v2/credentials/compact/digital-pass/google replaced /v2/credentials/compact/digitalpass/google.
• /v2/credentials/compact/digital-pass/google/templates replaced /v2/credentials/compact/digitalpass/google/templates.
• /v2/credentials/compact-semantic/digital-pass/apple replaced /v2/credentials/compact-semantic/digitalpass/apple.
• /v2/credentials/compact-semantic/digital-pass/apple/templates replaced /v2/credentials/compact-semantic/digitalpass/apple/templates.
• /v2/credentials/compact-semantic/digital-pass/google replaced /v2/credentials/compact-semantic/digitalpass/google.
• /v2/credentials/compact-semantic/digital-pass/google/templates replaced /v2/credentials/compact-semantic/digitalpass/google/templates.
• /v1/users/authentication-providers replaced /v1/users/authenticationproviders.
• /v1/claim-sources replaced /v1/claim-sources.
• /v2/credentials/mobile/document-signers replaced /v2/credentials/mobile/document-signers.
• /v2/credentials/web-semantic/linked-data/convert replaced /v2/credentials/web-semantic/linkeddata/convert.

This release of the MATTR VII platform (v7.1.0) expands the support for online presentations signing protocols in MATTR VII. mDocs online presentations can now be signed by presenting devices using Device MAC Authentication. This is in addition to the existing support for signing a presentation using Digital Signatures.

This release of the MATTR VII management APIs (v1.9.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

This release of the MATTR Portal (v1.55.0) introduces the following user experience enhancements:

• The Custom domain configuration screen is now located in a dedicated page. It is accessible from the main navigation panel.
• The Portal authentication domain is now auth.manage.mattr.global.

This release of the MATTR VII platform (v7.0.0) introduces support for future-dated IACAs as part of mDoc online verification workflows configuration.

When setting up a new trusted issuer, you now have the option to add a PEM representing an IACA with a future activation date. This allows issuers to distribute their IACAs' PEM certificates ahead of time and relying parties to seamlessly switch to a new one when required, ensuring continuous operation without downtime.

Breaking changes

We've made changes to the identifiers.mobile element of the request body structure in the create and update participant endpoints. Refer to the provided links for the new structure.

This release of the MATTR VII management APIs (v1.8.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

This release of the MATTR Portal (v1.53.0) introduces the capability to use the portal to configure online mDocs verification workflows on your MATTR VII tenants. This includes configuring and managing:

• What verifier applications can interact with the MATTR VII tenant.
• What wallet applications can present mDocs for online verification.
• What issuers can be trusted when verifying mDocs presented online.

This release of the MATTR VII platform (v6.0.1) fixes up a bug that prevented multiple verifier applications from using different application configurations. This issue has been resolved, and each application can now use a specific application configuration.

This release of the MATTR VII platform (v6.0.0) introduces support for multiple verifier applications interacting with a single MATTR VII tenant to perform online verification of mDocs.

This means that a single MATTR VII tenant can now be configured to handle mDocs online verification requests from different web applications, and handle these requests differently based on the requesting application.

Breaking changes

• A new endpoint is now available to configure a verifier application, replacing the verifier configuration endpoint.
• A new endpoint is now available to create a verifier root CA certificate, replacing the verifier configuration endpoint.
• When performing online verification of mDocs, the credential status is now returned in the status property of the response (previously it was returned in status.type).

This release of the MATTR VII management APIs (v1.7.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

This release of the MATTR VII platform (v5.0.0) introduces the following key enhancements to X.509 certificates capabilities in MATTR VII:

• To support IACA rotation, tenants can now have multiple IACAs. This allows issuers to create new IACAs and distribute them to relying parties in advance to ensure continuous operation of issuance and verification workflows.
• Generation of Document Signer Certificates (DSCs) is now handled automatically by MATTR VII, ensuring issuance workflows don't break due to DSC expiry.
• DSCs now include a Subject Alternative Name field to improve their alignment with the ISO/IEC 18013-5:2021 standard.

Additional features included in this release:

• The online presentation cross-device modal now closes when the user clicks outside of it.

• Deprecation of the following Ecosystem endpoints:

  • Retrieve Issuer's Policy.
  • Retrieve Verifier's Policy.
  • Retrieve Policy.

  These endpoints were replaced by a single endpoint to retrieve a consolidated ecosystem policy.

This release of the MATTR VII management APIs (v1.6.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

The new version of the Self Service Portal (v1.52.0) introduces an enhanced navigation sidebar for improved user experience. Features are now organized by user roles, enabling faster and more intuitive access to portal functionalities.

This release of the MATTR VII platform (v4.4.0) introduces support for mDocs revocation. Issuers can now issue mDoc in a way that enables them to later change their status between valid, suspended and invalid. Relying parties can retrieve this status and use it in their verification workflows. Refer to mDocs revocation for more information.

Additional features included in this release:

• Document Signer Certificates (DSCs) can now be created with validity of up to 10 years.
• When attempting to sign an mDoc which has DocType set to org.iso.18013.5.*.mDL (where * is a positive integer), MATTR VII recognizes that this is attempt to sign an mDL and will validate that the DSC used to sign it isn't valid for more than 457 days to comply with ISO/IEC 18013-5:2021.

This release of the MATTR VII management APIs (v1.5.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

The new version of the Self Service Portal (v1.51.0) is a maintenance release. It includes backend changes required for exciting new features that are coming up.

This release of the MATTR VII platform (v4.3.0) introduces relaxed validation rules when adding external IACAs. The following IACAs were previously rejected by MATTR VII but can now be accepted:

• IACAs without a Certificate Revocation List (CRL) distribution endpoint.
• IACAs without a pathLenConstraint basic constrain.

These IACAs can now be added as the root certificates of:

• Trusted mDoc issuers.
• Ecosystem participants.

This release of the MATTR VII management APIs (v1.4.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

This release of the MATTR VII platform (v4.2.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

This release of the MATTR VII management APIs (v1.3.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

This release of the Self Service Portal (v1.50.0) removes Document Signer Certificate (DSC) functionalities from the website, as these are going to be handled automatically by the MATTR VII tenant.

Additionally, this release includes miscellaneous maintenance changes and bug fixes.

To make it easier to consume our capabilities, we have made some changes to our terminology to describe credentials supported by MATTR platforms by their underlying technology and standards. The following credential formats are supported:

• mDocs: Previously referred to as Mobile credentials.
• CBOR Web Tokens (CWT) credentials: Previously referred to as Compact credentials.
• JSON credentials: Previously referred to as Web credentials.

This release of the MATTR VII platform (v4.1.0) introduces improvements to our certificates and Ecosystem capabilities:

• When retrieving Ecosystem integrations, you can now view the time when the integration was last synced at.
• Improved validation logic now prevents different IACA certificates that only differ by whitespaces and/or line breaks.

This release of the MATTR VII management APIs (v1.2.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

The new version of the Self Service Portal (v1.49.0) introduces new certificate and VICAL management capabilities. You can now use the portal to:

• Create IACA certificates.
• Create and manage VICAL configurations.
• View more details when inspecting VICAL previews.

Additionally, this release includes miscellaneous maintenance changes.

This release of the MATTR VII platform (v4.0.0) introduces new capabilities to support online verification of Mobile Credentials, as per ISO/IEC 18013-7.

You can now use a MATTR VII tenant together with the Verifier Web SDK to verify Mobile Credentials presented online via both same-device and cross-device flows.

Learn more about the online verification flow and its implementation.

This release of the MATTR VII platform (v3.9.1) introduces an improvement to the parsing of X.509 certificates, so that the certificate's issuingAuthority can now be displayed in a human readable format.

The new version of the Self Service Portal (v1.48.0) introduces new Ecosystem and certificates management capabilities. You can now use the Self Service Portal to:

• Create, update and delete an Ecosystem.
• View and download previously generated VICALs.
• View the stateOrProvinceName and country fields for IACAs and DSCs.

This release of the MATTR VII platform (v3.9.0) introduces the following new capabilities:

• Ecosystem operators can now integrate external trusted sources into their own ecosystem policy. These can be either a different Ecosystem or a VICAL. These external sources are then integrated into the ecosystem policy when it is published and consumed by relying parties.
• Various enhancements required for the tech preview of Mobile Credentials online presentation. Contact us if you are interested in this capability.

The new version of the Self Service Portal (v1.47.0) introduces new Ecosystems management capabilities. Ecosystem operators can now use the Self Service Portal to:

• Manage Ecosystem participants.
• Preview and generate a VICAL based on their Ecosystem policy.

This release of the MATTR VII platform (v3.8.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.

This release of the MATTR VII platform (v3.7.0) introduces enhanced Ecosystem participants validation.

With this update, when a participant is created with a country and/or stateOrProvince fields, these must match the corresponding fields in the IACA certificate used as the mobile identifier for this participant.

The new version of the Self Service Portal (v1.46.0) is a maintenance release. It tidies up various UI elements, hint texts and external links, while introducing some backend changes required for exciting new features that are coming up.

This release of the MATTR VII platform (v3.6.0) introduces the following changes to the Mobile Credential org.iso.18013.5.1.driving_privileges claim type:

• Mapping data into either the issue_date or expiry_date items in the org.iso.18013.5.1.driving_privileges claim is now optional.
• You can now map data into a codes array within the org.iso.18013.5.1.driving_privileges claim. This enables including specific driving privileges code information in the Mobile Credential.

This release of the MATTR VII platform (v3.5.0) includes several enhancements and features, which now enable you to:

• Issue Compact Credentials in a revoked state, so that they only become valid once you manually change their revocation status. Refer to the Compact Credentials direct issuance guide for more information.
• Populate new fields when creating Ecosystem participants. These optional fields include the participant's status (active/inactive), country, state/province and contact details.
• Define an issuer's state/province when creating their IACA, as per ISO 18013-5. Refer to the IACA creation guide for more information.

In addition to these new features, in this release we have introduced alternative paths to some of our existing endpoints, where we added hyphens for better readability. This is not a breaking change as the non-hyphenated paths are still supported. However, in accordance with the terms of our Service Level Agreement (SLA), the non-hyphenated paths are now marked as "Retired", and will reach their EOL on February 5th 2025, when they will be removed from the MATTR VII platform. You are advised to adjust your implementation to use the following new paths prior to the EOL date:

• Use /v2/credentials/compact/digital-pass/apple to replace /v2/credentials/compact/digitalpass/apple.
• Use /v2/credentials/compact/digital-pass/apple/templates to replace /v2/credentials/compact/digitalpass/apple/templates.
• Use /v2/credentials/compact/digital-pass/google to replace /v2/credentials/compact/digitalpass/google.
• Use /v2/credentials/compact/digital-pass/google/templates to replace /v2/credentials/compact/digitalpass/google/templates.
• Use /v2/credentials/compact-semantic/digital-pass/apple to replace /v2/credentials/compact-semantic/digitalpass/apple.
• Use /v2/credentials/compact-semantic/digital-pass/apple/templates to replace /v2/credentials/compact-semantic/digitalpass/apple/templates.
• Use /v2/credentials/compact-semantic/digital-pass/google to replace /v2/credentials/compact-semantic/digitalpass/google.
• Use /v2/credentials/compact-semantic/digital-pass/google/templates to replace /v2/credentials/compact-semantic/digitalpass/google/templates.
• Use /v1/users/authentication-providers to replace /v1/users/authenticationproviders.
• Use /v1/claim-sources to replace /v1/claim-sources.
• Use /v2/credentials/mobile/document-signers to replace /v2/credentials/mobile/document-signers.
• Use /v2/credentials/web-semantic/linked-data/convert to replace /v2/credentials/web-semantic/linkeddata/convert.

The new version of the MATTR VII Management API (v1.1.0) introduces new internal capabilities to facilitate tenant off-boarding.

Please contact us if you are interested in these capabilities.

The new version (v1.45.0) of the Self Service Portal is a maintenance release.

This release of the MATTR VII platform (v3.4.0) includes the following enhancements:

• Binary claim types in Mobile Credential configurations are now validated to be in a base64 format. This creates a more robust solution, as binary claim types that are formatted differently would cause credential issuance to fail.
• Deleting IACA certificates now returns an error if any of the DSC child certificate keys were not removed.

The Management API offers a set of actions beyond the scope of a single tenant or environment. This release includes an upgrade of several dependencies to mitigate potential security vulnerabilities.

X.509 certificates are a standardized format for digital certificates. IACAs and DSCs, used to sign and verify Mobile Credentials, are both X.509 certificates. This release of the MATTR VII platform (v.3.3.0) improves validation and usability of X.509 certificates:

• Uploaded PEM certificates are now validated. New IACAs and DSCs cannot be created with invalid PEMs.
• DSC expiry dates (notBefore and notAfter) are now parsed to ensure they match the required Date type.
• By default DSCs can be created with a maximal validity of 457 days. You can now request to adjust this limit on a per-tenant basis.

You can now use the Self Service Portal to view certificates available on your tenant. This includes DSCs and IACAs which are used to issue and verify Mobile Credentials.

This release of the MATTR VII platform (v3.2.0) improves did:web interoperability by supporting usage of a single did:web by multiple issuance systems, all issuing credentials on behalf of a single credential issuer.

This release of the MATTR VII platform (v3.1.0) enhances security of integrating Claims sources by extending the current URL validation to also cover any redirects that are included in a configured Claims source URL.

This release also includes miscellaneous bug fixes and usability enhancements, as well as required modifications to support future functionalities.

Webhook enhancements

The following enhancements to the Webhook capabilities are now available:

The event payload now includes a userClaims object, which contains all the claims persisted on your tenant as part of the issuance workflow. Refer to Webhooks payload for more information.

You can now subscribe to a new OpenIdCredentialIssuedSummary event type. This event is triggered upon the completion of an OID4VCI issuance flow but only provides a summary of the issuance event, leaving out the credential object. Refer to Webhooks for more information.

The endpoint that is used to retrieve public keys MATTR VII uses to sign the Webhook HTTP requests is now publicly available. This makes it easier for relying parties to verify incoming Webhook requests. Refer to Verify a Webhook for more information.

Events registry

The Events registry is a publicly available comprehensive collection of analytic events generated by the MATTR VII platform. Events are grouped by the service that generates them, which corresponds to the event category. The registry details the structure of different event payloads based on the configured logging level. Refer to Events structure for more information.

Semantic versioning

To increase transparency and simplify support and maintenance workflows, this release introduces versioning to MATTR VII, following the Semantic Versioning specification. This current release is tagged as version 3.0.0.

You can now use the MATTR VII Self Service Portal to configure a Webhook for a tenant in your environment.

You can subscribe to specific events that are triggered on set MATTR VII operations to retrieve the required information whenever it is generated.

You can now use the MATTR VII Self Service Portal to configure a Custom domain for a tenant in your environment.

Custom domains represent your known and trusted brand, and can assist in instilling trust with your end-users when they interact with your MATTR VII tenant.

Custom domains don't change how you interact with your tenant for administration functions and don't prevent the existing tenant domain from being accessed.

The MATTR Self Service Portal now supports configuring your OpenID for Verifiable Credentials Issuance (OID4VCI) workflow:

• Creating an Authentication Provider configuration.
• Configuring an Interaction hook.
• Configuring Claims sources.
• Creating Compact, Compact Semantic, Web and Mobile Credential configurations.
• Creating and sharing Credential offers.

We have introduced new capabilities to support more issuance use cases, as well as improve integration capabilities.

Key Features

• You can now add an issuanceDate parameter to a signed Web Credential. This means the issued credential will only become valid once issuanceDate is in the past. This is only available for direct issuance of JSON credentials, and not via the OID4VCI workflow.
• You can now pass objects and arrays as request parameters when configuring a Claims source for your OID4VCI workflow. This means you can simplify integration with your existing data sources.

Ecosystems are part of the MATTR VII platform. They enable service providers to define policies regarding valid issuers, credential types and verifiers.

This release introduces the following MATTR VII ecosystem capabilities:

• Create an ecosystem: Create an ecosystem to act as the overarching entity that would include all the other components.
• Create valid participants: Once an ecosystem is in place, you can create valid participants that can be trusted within it. Participants can be issuers and/or verifiers.
• Configure valid credential types: Configure what credential types are valid in the ecosystem.
• Create a policy: Create policies that define what participants are allowed to issue/verify what credentials in the ecosystem.
• Retrieve a policy: Retrieve the ecosystem policies and use the information within them to apply your own business logic.

Refer to our Docs to learn more about Ecosystems.

We are thrilled to expand our credential profile suite by introducing support for Mobile Credentials. These are digital identity documents that are designed to be stored on the holder’s mobile devices. They offer a range of unique capabilities, making them an ideal choice for use cases which require higher assurance identity credentials, such as driving licenses or national IDs.

Mobile Credentials are a MATTR VII implementation of the ISO 18013-5:2021 specification, created to standardize Mobile Driver Licenses (mDLs). When added to the digital trust ecosystem, Mobile Credentials can be applied to a wider variety of use cases and business problems.

Our APIs offer the following features to support Mobile Credentials:

• Signing Mobile Credentials and issuing them to holders.
• Verifying Mobile Credentials using our Verifier SDKs.
• Managing Issuing Authority Certificate Authorities (IACAs) and Document Signer Certificates (DSCs).

Refer to our Docs to learn more about Mobile Credentials and how they can be embedded into your digital trust ecosystem.

We’ve made a change to our credential deletion process so that any revocable credential will be automatically revoked when it is deleted from the MATTR VII Credential Registry. This creates an easier way to revoke and delete credentials by merging the two API requests into one, and also prevents deleting the credential data and losing Credential ID needed to revoke it later.

Note that this change only applies to issued credentials that were configured to be revocable, and you can still update the revocation status for credentials without deleting them using the existing Revocation endpoints:

• Update Revocation Status for a Web Credential
• Update Revocation Status for a Compact Credential

From 25 October onwards, the did:ion method is no longer supported by the MATTR VII platform. This is the result of 3rd party providers no longer reliably supporting the required blockchain utilized by this method. This method was a trial capability.

We apologize for any inconvenience and we welcome you to reach out to us and discuss alternative supported DID methods such as did:web and did:key.

We are excited to announce a suite of enhancements to Claims sources configuration in MATTR VII. These enhancements enable customers to better fine tune how MATTR VII interacts with their claims source:

• Choose your preferred query method: You can now use both POST and GET when querying the claims source. = Choose your preferred authentication method: You can now authenticate with your claims source using either an API Key or your OAuth client credentials.
• Query what you need: You can now query the claims source using a credential configuration as a query parameter.

Refer to the Docs to learn more about Claims sources.

We are happy to announce several key improvements across our MATTR platforms, highlighted by new self-service capabilities, enhanced APIs, and several MATTR Wallet features:

Self-service Tenant Management

Our new suite of API endpoints support the ability to manage tenants (create, view and delete) and analytics events in your environment. Please contact us for more information and/or access to this new capability.

Preventing Issuance of Expired Credentials

Our MATTR VII credential issuance API endpoints now prevent issuing any expired credentials where the current date has passed the specified expiry date.

MATTR Wallet and MATTR GO Release

Our recent MATTR Wallet release (V2.6.1) introduces support for claiming and storing Compact Credentials issued through the OID4VCI protocol. In addition, it includes several UI enhancements to further improve the wallet user experience.

MATTR GO Wallet customers will receive a new release which includes all new features and enhancements from our latest MATTR Wallet version.

We're excited to announce the following updates and new features across our MATTR platforms:

• You can now issue Compact Credentials using the OpenID Credential Provisioning flow. This includes using all the features that this flow enables, such as integration hooks, claims source integration and multi-credential issuance for Compact Credentials.
• We've enabled the MATTR Pi Wallet Toolkit with the capability to retrieve and hold Compact Credentials.
• We now support multiple key types within a single DID, which means you can issue credentials in multiple Credential Profiles using the same DID.

We've released an enhancement to the way our verification capabilities return the verified credential information. Until now, MATTR VII has applied a layer of convenience for integrations by returning only the claims from the verified credential.

You can now also get the raw credential presentation shared by the holder in the verification response. This brings more information and options to verifiers that enable subsequent flows like:

• Re-verifying a credential using the MATTR VII verify capabilities, to re-check things like the revocation status.
• Obtaining more information about which credential data attributes are coming from which credential when the verifier requested more than one credential.

Check out our Docs for more details on how to enable and use this enhanced capability in your credential verification flows.

The MATTR team has been busy the last few months! We have a raft of exciting new features and updates coming to the MATTR platforms in April 2023.

• Next-generation credential issuance with our new OpenID Credential Provisioning flow, using the OID4VCI standard.
• More flexibility for credential issuance with interaction hooks and claims source integration.
• DID Web hosting on the MATTR VII platform to simplify onboarding.
• Major changes to our MATTR VII API with a version 2 release.
• An update to the MATTR Wallet and Pi Wallet Toolkit to support an improved approach of matching credentials to presentation requests from verifiers.

We're thrilled to unveil the evolution of our credential issuance capabilities with the all-new OpenID Credential Provisioning flow, based on the OpenID for Verifiable Credential Issuance (OID4VCI) protocol.

This protocol is a key draft standard for interoperability among digital wallets and has been included in the eIDAS expert group's draft European Digital Identity Architecture and Reference Framework (EUDI ARF) for digital wallets.

The new flow has evolved from our original OIDC Bridge credential issuance capabilities based on market and community movements and feedback from customers. It simplifies the experience of generating and configuring a credential for the issuer and it enhances the user experience of collecting a credential.

Our [OpenID Credential Provisioning flow](OpenID Credential Provisioning flow) makes issuance easier than ever before and we have built extra features that enable customers to have more flexibility to enact their unique business logic into the flow. These include:

• Interaction hooks: integrate additional steps to the credential claiming journey such as additional biometric checks, identity assurance flows, or informational screens.
• Multi-credential issuance: Issue multiple credentials to a wallet holder within a single user journey.
• Claims source integration: Configure credentials using data from an existing source and supplement with additional data from tenant-managed user claims as well as claims sourced from an authentication provider or IDP.

More tools on the way soon!

For current customers, we will continue to support the OIDC Bridge for issuance through the end of 2023 to allow you to transition to the new protocol and feature set.

To help customers get started with using verifiable credentials quickly and easily, we now support DID Web hosting on the MATTR VII platform.

Continuing our theme of simplicity and ease of use, we will be releasing a new major version of our API, which includes a new set of endpoints that simplifies the ability to utilize MATTR’s Credential Profiles.

Credential Profiles combine data about people, organizations or things with unique digital signatures. We use different types of Credential Profiles depending on the type of information a customer wants to convey and how they want to convey it.

See the [API reference] for more information on these changes.

We have an updated Privacy Policy now in place.

We have added support for Webhooks to MATTR VII.

This new capability allows users to obtain information that is generated during an API operation that isn't otherwise available as part of the request or response payloads.

Users are able to subscribe to specific events that are triggered on set MATTR VII operations.

When an event is triggered, the information relating to that event is published via the webhook through to the URL(s) set up on the configured subscription(s).

Users can now:

• Create a webhook that is triggered on supported event types.
• Verify a webhook to check the integrity and authorship of webhooks generated by the MATTR VII platform.

Interested in learning more about how you might use the MATTR VII Platform? Get in touch with us today.

MATTR introduces enhanced platform ops logging levels on MATTR VII.

As of today, we support configuration of logging at the platform environment level along with manual consumption of platform events in specific customer environments.

In future customers will be able to customize these levels more freely and 'fan-out' events to other operational systems via APIs and webhooks.

New logging levels supported:

• Level 1 - Basic fields
• Level 2 - Metadata + basic fields
• Level 3 - Data (full request and response payloads) + metadata + basic fields

In this release, we added support for including the following configurations when setting up an OIDC Credential Issuer.

• federatedProvider.claimSource is either idToken (default) or userInfo
• federatedProvider.tokenEndpointAuthMethod is either client_secret_post (default), or client_secret_basic
• staticRequestParameters: parameters that should be included in the request to the IDP. i.e. display, prompt, max_age, ui_locales etc.
• forwardedRequestParameters: parameters that can be provided by the client to be forwarded to the IDP. These are optional and can override the staticRequestParameters i.e. login_hint.

We've also updated our MATTR Wallet SDK and MATTR Wallet App to include login_hint as a request parameter when issuing a credential using the OIDC bridge. This will allow pre-population of the username in the Federated Provider's login screen when using MATTR Wallet to claim a credential. Any other request parameters are not supported by MATTR Wallet and SDK at the moment.

MATTR VII is now available in two additional AWS regions:

• Frankfurt, Germany
• Montréal, Canada.

Claims of data can be represented as Compact Credentials, which are both cryptographically proven as authentic and dense enough to fit inside a QR code. This credential format is ideal where high information assurance is required but not high identity assurance about the entity presenting the credential.

You can choose to use either a W3C Verifiable Credential data model to provide more descriptive semantic meaning or a more concise, non-semantic data model. The choices between the data model to use comes down to how compact you need the credential to be versus how openly you intend to share and exchange the created credentials across different domains and jurisdictions.

The following capabilities of Compact Credentials are provided in this MATTR VII platform release:

• Sign and issue a Compact Credential in the semantic model or compact model
• Verify a Compact Credential.
• Revoke a Compact Credential.
• Format the Compact Credential in a way that allows it to be presented in either a digital or paper-based manner.

Compressing semantically verifiable credentials into smaller payload sizes is a useful technique. For example, it allows credentials and presentations to be embedded into QR codes so they can be used when one party is offline.

Try out our latest technical preview on compressed credentials to see how using CBOR-LD can unlock use cases where offline is important.

Convert JSON-LD to CBOR-LD to compress the payload size

Use the latest version of the MATTR Wallet (v1.9.1) to present applicable credentials in a CBOR-LD format

Convert CBOR-LD payloads to JSON-LD to use with existing MATTR VII API

We have introduced a new DCC extension to MATTR VII that is built on top of our core libraries to provide the capability to issue and verify Digital Covid Certificates (DCC).

The standards outlined for the European Union DCC (EUDCC) format, which covers 3 certificate types (vaccination, recovery, and testing) are all covered by the extension which allows your MATTR VII tenant the ability to:

• Maintain the required document signer certificates that facilitate trusted issuance and verification of the EUDCC format.
• Sign and issue a health certificate payload into a EUDCC format
• Verify a EUDCC
• Format the EUDCC in a way that allows it to be presented in either a digital or paper-based manner.

The New Zealand government will start issuing a type of digital health certificate known as a 'My Vaccine Pass' using the New Zealand COVID Pass (NZCP) specification , this credential contains a limited set of personal information and provides a way for the holder to prove they meet certain health policy requirements in regards to COVID-19 such as being vaccinated against the virus.

From today you can now read about the NZCP Verifier API to help you determine how to integrate and verify NZ COVID Passes that have been presented to you, this also accompanies the NZCP Verifier SDK and Verifier white label app offerings.

Get in touch to start onboarding to use the service today, the API will also be available on a trial basis starting soon.

This release adds the ability to use bls12381g2 key types with a Web DID so that ZKP-enabled credentials can be issued. We have also enabled Web DIDs to be created on custom paths that don't rely on a /.well-known location.

• Create a DID with the web method and a bls12381g2 key type.
• A new url parameter in options to specify a domain for the Web DID as well as allowing the use of paths in the form of organization.com/path.

Decentralized Identifiers (DIDs) using the Identity Overlay Network (ION) method can now be created on the platform and used for issuing credentials and other purposes. ION DIDs use the Sidetree protocol to anchor the DID document to a ledger, which provides a high-throughput and efficient method for writing to a blockchain like Bitcoin. ION DIDs can be easily configured on the MATTR VII platform using our API interface, allowing you to leverage the benefits without having to deal with any of the underlying complexities:

• Create & manage ION DIDs on your tenant
• ION DIDs can be used to create credentials, sign and encrypt messages as well as being fully configurable on the OIDC Bridge for issuance and verify
• Supports ed25519 and bls12381g2 key types
• Fully resolve ION DID Documents from the public nodes

Sovrin DID method

Since launching the platform our implementation of did:sov has relied on private Indy nodes whilst the community around DID Sovrin continued to develop new kinds of interoperability in their infrastructure. Recently activity is showing that rather than converging around the Sovrin-specific method that’s been used to date new approaches are being looked at. Until this direction from the community has more clarity around implementation we have decided to deprecate our current private node support.

From this release, we will begin phasing out support for DIDs based on Sovrin by removing references from the documentation and in the next release, we will stop the current did:sov support and remove any Sovrin DIDs from the sandbox platform.

Tenants can now be configured to represent as a verified custom domain:

• Custom domains are a paid feature, setting up a custom domain whilst using a sandbox is possible, however, note this may be disabled and reverted back at MATTR's discretion.
• New endpoints added to create, view, delete and verify a custom domain on your tenant
• Create a custom domain by providing details like your organization name, domain and a logo which will be displayed to end-users interacting with your tenant using a wallet app that supports a web manifest payload.
• The MATTR mobile wallet app has been updated to support the display of custom domains as well as a number of improvements to the UI of MATTR Wallet to be more human-friendly, including support for more complex data types like nested data and embedded images.

New endpoints provided to help you work with verifiable presentations directly on MATTR VII:

• Verify a presentation obtained from any source adhering to the W3C Verifiable Credential Data Model.
• Create verifiable presentations using Credentials where the subject(s) are controlled by the tenant

This is a useful operation for exploring how verifiable presentations are created and can be submitted to the Verify a presentation endpoint.

An optional description parameter has been added when creating credentials:

• The optional description field is enabled on the Create Credential endpoint.
• The field can be configured in the OIDC Bridge Issuer so that any credentials issued will contain the description.

MATTR VII is now live!

Pricing

Pay-as-you-go pricing is now published

• Get a detailed look at how MATTR VII is charged once you elect to upgrade to a paid plan.
• To discuss high-volume discounts, please contact us.

API references

The platform is now known as MATTR VII; URLs and paths updated to reflect this:

• MATTR VII Core is https://tenant.vii.mattr.global/core/v1.
• OIDC Bridge is a MATTR VII extension found at https://tenant.vii.mattr.global/ext/oidc/v1.

Old domains and paths will be discontinued from service within 30 days.

Notification messaging

Customers can use their tenant to construct and send messages to holders based on their subject DID, which will be delivered to the MATTR Wallet app and notified via a push notification.

• Construct action-based messages in a DIDComm2 JWM format:
  • Start a credential issuance using the OIDC Bridge.
  • Notify of a credential revocation status change.
  • Start a verification flow using a callback.
• Encrypt messages intended for the recipient.
  • MATTR VII enforces end-2-end encryption (E2EE), so message contents are never visible to MATTR when held in messaging inboxes.
• Route messages to a dedicated inbox for the wallet user.

The MATTR Wallet app is being updated to support receiving push notification and managing messaging inboxes. Make sure you update to the latest version available on the App Store or Google Play.

Further messaging capabilities are scheduled on the roadmap.

Terms

New customers signing up to MATTR VII will have a new customer agreement, SLA and privacy policy in place.

Further functionality to support the use of privacy-preserving credentials using BBS+ signatures.

Create a JSON-LD Frame Presentation Request

• Use a query extension to the Verifiable Presentation Request Specification format, Query by Frame, to specify required credential claims.
• Trusted Issuers and Credential Types are used to match credentials in the mobile wallet.

Mobile Wallet updates

• The latest version (v0.50.0) of the Mobile Wallet is required to process Query by Frame presentation requests.
• ZKP-enabled credentials using BBS+ signatures can be used to derive selectively disclosed presentations.
• New UI screens to actively show the disclosure of claims.

Maintenance Release

• Update to the Callback URL for all Issuers on the OIDC Bridge to align with future changes.

Ensure that the allowed callback URL for your federated provided is updated with the new path. From ../oidc/v1/issuers/.. To: ../ext/oidc/v1/issuers/...

When we first launched the Platform we pioneered the bridging of existing identity solutions using Open ID Connect (OIDC) to a new world of decentralized identity and verifiable credentials. During this time we listened to customers as well as working within the Community as standards evolve. This latest version of the OIDC Bridge is now easier to set up, more flexible to integrate and conforms with OIDC Credential Provider for issuing credentials to the mobile wallet.

OIDC Bridge

• Multiple OIDC Credential Issuers can be enabled to offer credentials using the OIDC Configuration metadata endpoints
• Custom scopes can be added to Federated Providers to enable more flexibility in obtaining ID token claims
• OIDC Credential Verifiers are easier to set up and associated OIDC Clients can be listed and updated
• Authenticate a DID using OIDC Bridge introduces a new way for OIDC Clients to obtain a Subject identifier that has been verified to come from the holder.
• Claim mappings: OIDC claims > JSON-LD terms and JSON-LD terms > OIDC claims have been revamped to simplify their use and make it clearer on how they are used by the OIDC Bridge

• Unlocks Verifying a Credential using a Callback method to allow non-OIDC verification
• Introduction of a new endpoint to Verify a Credential directly using the API

Maintenance release

In line with the W3C VC Data Model; Subject identifiers are now not required on Create Credential, usually a Subject DID makes up a core part of a Verifiable Credential but in some cases it makes sense without one, such as issuing a ‘bearer’ style credential e.g. a concert ticket or when the credential is to be stored on behalf of a subject and reissued later with subject binding.

Maintenance release

• The format of the response from /.well-known/did-configuration is now in a JSON-LD format. Learn more about the Well Known DID Configuration from the Decentralized Identity Foundation working group.
• This changes means all holders will need to being using the MATTR Mobile Wallet with a minimum version of v0.37.1 to continue to receive and present credentials, earlier versions of the app will present a generic error message.

Credentials issued on the platform are now revocable and searches can be performed on the Credential Registry.

Revocable Credentials

• Create Credential has new optional revocable property to create a Credential as revocable using a revocation list method.
• All Credentials issued using the OIDC Bridge are now revocable by default.
• API endpoints for an Issuer to toggle the revoke status of a Credential.
• Provisioned hosting of revocation lists for Credential Issuers.
• Automatic verification of a presented Credential against its revocation list will result in revoked credentials being returned with an error message in the OIDC/OAuth2 callback response back to Verifiers/relying parties.

Search on Credentials

• Credentials optionally held in the Credential Registry can now be retrieved by tag and type parameters.
• The meta-data of non-persisted Credentials can also be found using these tags.
• All Credentials issued using the OIDC Bridge will only store meta-data.

Updates

Pagination on Retrieve List of DIDs and Retrieve List of Presentation Templates now has pagination using the cursor-based method.

New DID method did:web is available to be created on the Platform.

• Further content on the various DID methods available on the platform is available.

Updates

Enhanced pagination on the List Credentials endpoint, moved from using a page-offset pagination to a much more performant cursor-based pagination.

Support added for issuing privacy-preserving credentials using BBS+ signatures.

Create a DID with BLS Key Type

• Create DID now has options to set a key type (only for did:key method at this time).
• Use the BLS key type bls12381G2 to create Issuer DIDs for issuing ZKP-enabled credentials.
• Response for Resolve a DID has been altered to include a localMetadata parameter which will be used for future DID methods.

Create a ZKP-enabled Credential

Create Credential will automatically issue ZKP-enabled credentials if an issuerDid referencing a bls12381G2 key type is provided.

Updates

New optional parameters are available on Create Credential:

• Providing a value in tag will set this value as metadata so it can be referenced on the platform later.
• Setting the persist boolean to true will store the created credential on your tenant for future retrieval. The default value is not to store credentials.

Maintenance release.

• Mobile Wallet App bug fixes and improvements.
• Improved support for OIDC query parameters on mobile app authorization requests.

Creation of Sov DIDs on the platform is now possible.

• Create DID can be used to create DIDs using the Sovrin DID method. Note during Preview these will not be anchored on the Sovrin MainNet.
• Resolve a DID will resolve Sov DIDs including MATTR issued ones.

Maintenance release

Tidy up of error response messages on Create Presentation Templates and messaging endpoints.

New endpoints available.

• Update operations now possible using Update a Claim Mapping and Update a Provider.

SaaS Platform

• A cloud-hosted, multi-tenanted environment that can be spun-up on-demand using managed containers
• Authentication and access-control provisioning
• Auditing and privacy-preserving logging

Issue Verifiable Credentials using OpenID Connect

• Cryptographically secure issuance of Verifiable Credentials (VC) to authenticated identity holders
• Configuration options to;
  • Bring-your-own OpenID Connect Provider (OP)
  • Or, use our step-by-step tutorial for a reference OP
• Map personal information claims from source to VC terms, using linked-data standards
• Decode a JWT signed using a Decentralized Identifier
• Optionally; store issued credentials on-platform to be retrieved (for non-sensitive use-cases)
• Create a credential Offer as a QR code or deep-link to start the issuance flow with the mobile wallet app
• The static offer is ready to display on a website or physical media e.g. a bus shelter advertisement

Verify Verifiable Credentials using OpenID Connect

• Cryptographically secure verification of VCs from identity holders after their consent
• Uses the latest standards-based messaging protocols (JWM) to transmit information from the holder
• Configure an OpenID Connect Relying Party client to accept holder information via a standard ID token
• Map personal information from Credential claims to a standard ID token
• Create a VC Request and embed using a QR code or deep-link into a journey
• The dynamic request can be used in an information-gathering flow e.g. Customer onboarding

Mobile Wallet App

• Native iOS and Android apps, supporting a range of models and devices
• On-device biometric access enabled
• Familiar chat-like user-interface approach, designed with core pillars of privacy, accessibility and user-experience
• Puts the user in control during issuance and verification of their Credentials
• Keeps user in-context with in-app-browser technology
• Interoperable to published specifications within the Self-Sovereign Identity ecosystem
• Theming options available to prospective customers