light-mode-image
Learn
CertificatesAPI Reference

Verifier root CA certificates

Create a Verifier root CA certificate

Create a verifier root CA certificate

Creates a verifier root CA certificate to be used as part of mDocs online verification workflows.

  • A maximum of three Verifier root CA certificates can be created per tenant.

Analytic events

  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_CREATE_START
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_CREATE_SUCCESS
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_CREATE_FAIL
POST/v2/presentations/certificates/ca
AuthorizationBearer <token>

In: header

Verifier root CA certificate payload

Request payload for managed verifier root CA certificate

commonName?string

Used to define the common name of the created verifier root CA certificate. Used to establish trust with the verifier by wallets that implement certificate-based trust.

  • When provided, the value must be a valid PrintableString and cannot be an empty string.
  • If not provided and a custom domain is configured and verified, the custom domain is used followed by the word IACA.
  • If no custom domain is configured, the tenant subdomain is used instead.
Default"{tenantDomain} Verifier"
country?string

Indicates the verifier's country. If not provided, a country is selected based on the region of the tenant subdomain cloud host. When specified, the value must be a valid Alpha 2 country code as per ISO 3166-1.

notBefore?string

Used to set the date and time when the Verifier root CA certificate becomes valid and can be used to sign other intermediate certificates.

  • Must not be in the past.
  • Must be before notAfter.
Formatdate-time
notAfter?string

Used to set the date and time when the Verifier root CA certificate expires.

  • If not provided, calculated as notBefore + 20 years.
  • If not provided and notBefore is not provided, calculated as time of creation + 20 years.
  • Maximum value is 20 years from creation.
  • Must be after notBefore, if provided.
Formatdate-time

Request payload for unmanaged verifier root CA certificate

certificatePemstring

Verifier root CA certificate in PEM format. The certificate must be valid and not expired.

curl -X POST "https://example.vii.au01.mattr.global/v2/presentations/certificates/ca" \  -H "Content-Type: application/json" \  -d '{}'
{
  "id": "string",
  "certificatePem": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAL5...\n-----END CERTIFICATE-----",
  "certificateFingerprint": "a3b2c1d4e5f60718293a4b5c6d7e8f90123456789abcdef0123456789abcdef0",
  "certificateData": {
    "commonName": "Example Verifier",
    "country": "US",
    "notAfter": "2024-10-22T00:00:00Z",
    "notBefore": "2023-10-22T00:00:00Z"
  },
  "active": true,
  "isManaged": true
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Retrieve all Verifier root CA certificates

Retrieve all verifier root CA certificates

Retrieves all existing verifier root CA certificates.

Analytic events

  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_LIST_START
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_LIST_SUCCESS
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_LIST_FAIL
GET/v2/presentations/certificates/ca
AuthorizationBearer <token>

In: header

curl -X GET "https://example.vii.au01.mattr.global/v2/presentations/certificates/ca"
{
  "data": [
    {
      "id": "string",
      "certificatePem": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAL5...\n-----END CERTIFICATE-----",
      "certificateFingerprint": "a3b2c1d4e5f60718293a4b5c6d7e8f90123456789abcdef0123456789abcdef0",
      "certificateData": {
        "commonName": "Example Verifier",
        "country": "US",
        "notAfter": "2024-10-22T00:00:00Z",
        "notBefore": "2023-10-22T00:00:00Z"
      },
      "active": true,
      "isManaged": true
    }
  ],
  "nextCursor": "string"
}

Retrieve a Verifier root CA certificate

Retrieve a verifier root CA certificate

Retrieves an existing verifier root CA certificate.

Analytic events

  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_START
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_SUCCESS
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_RETRIEVE_FAIL
GET/v2/presentations/certificates/ca/{certificateId}
AuthorizationBearer <token>

In: header

Path Parameters

certificateIdstring

Unique identifier for the verifier root CA certificate.

Formatuuid
curl -X GET "https://example.vii.au01.mattr.global/v2/presentations/certificates/ca/281d20b3-42a3-40dd-b29a-115ff32b02b7"
{
  "id": "string",
  "certificatePem": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAL5...\n-----END CERTIFICATE-----",
  "certificateFingerprint": "a3b2c1d4e5f60718293a4b5c6d7e8f90123456789abcdef0123456789abcdef0",
  "certificateData": {
    "commonName": "Example Verifier",
    "country": "US",
    "notAfter": "2024-10-22T00:00:00Z",
    "notBefore": "2023-10-22T00:00:00Z"
  },
  "active": true,
  "isManaged": true
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Update a Verifier root CA certificate

Update a verifier root CA certificate

Updates an existing verifier root CA certificate.

Analytic events

  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_UPDATE_START
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_UPDATE_SUCCESS
  • CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_UPDATE_FAIL
PUT/v2/presentations/certificates/ca/{certificateId}
AuthorizationBearer <token>

In: header

Path Parameters

certificateIdstring

Unique identifier for the verifier root CA certificate.

Formatuuid

Verifier root CA certificate payload

activeboolean

Indicates if the Verifier root CA certificate is active. Only active certificates can be used to sign other intermediate certificates.

Defaulttrue
curl -X PUT "https://example.vii.au01.mattr.global/v2/presentations/certificates/ca/281d20b3-42a3-40dd-b29a-115ff32b02b7" \  -H "Content-Type: application/json" \  -d '{    "active": true  }'
{
  "id": "string",
  "certificatePem": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAL5...\n-----END CERTIFICATE-----",
  "certificateFingerprint": "a3b2c1d4e5f60718293a4b5c6d7e8f90123456789abcdef0123456789abcdef0",
  "certificateData": {
    "commonName": "Example Verifier",
    "country": "US",
    "notAfter": "2024-10-22T00:00:00Z",
    "notBefore": "2023-10-22T00:00:00Z"
  },
  "active": true,
  "isManaged": true
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Delete a Verifier root CA certificate

Delete a verifier root CA certificate

Deletes an existing verifier root CA certificate.

Analytic events

  • PRESENTATION_VERIFIER_CA_CERTIFICATE_DELETE_START
  • PRESENTATION_VERIFIER_CA_CERTIFICATE_DELETE_SUCCESS
  • PRESENTATION_VERIFIER_CA_CERTIFICATE_DELETE_FAIL
DELETE/v2/presentations/certificates/ca/{certificateId}
AuthorizationBearer <token>

In: header

Path Parameters

certificateIdstring

Unique identifier for the verifier root CA certificate.

Formatuuid
curl -X DELETE "https://example.vii.au01.mattr.global/v2/presentations/certificates/ca/281d20b3-42a3-40dd-b29a-115ff32b02b7"
Empty
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

How would you rate this page?