How to revoke a CWT credential

This guide can be used to perform the following common revocation operations:

Prerequisites

  • The id obtained from the response when you created the credential. Note that this credential must have revocable set to true.

Revoke a credential

Request

Make a request of the following structure to revoke a CWT credential:

HTTP
POST /v2/credentials/compact/{id}/revocation-status
  • id : Replace with the id of the credential you wish to revoke.

You can make a similar request to a different endpoint to revoke a Semantic CWT credential:

HTTP
POST /v2/credentials/compact-semantic/{id}/revocation-status
  • id : Replace with the id of the credential you wish to revoke.

Request body

JSON
{
    "isRevoked": true
}

You can make a similar request with isRevoked set to false to validate a revoked credential.

Response

JSON
{
    "id": "M2Cbq-3GRgu3aXR9YmMHcA",
    "isRevoked": true
}
  • id : Unique identifier of the credential that was update.
  • isRevoked : Indicates revocation status for the credential. When true the credential will not be verified as valid.

Revocation lists are cached for a certain amount of time. Updating a revocation status might take some time to reflect in verification workflows.

Retrieve a credential’s revocation status

Request

Make a request of the following structure to retrieve the revocation status of a CWT credential:

HTTP
GET /v2/credentials/compact/{id}/revocation-status
  • id : Replace with the id of the credential you wish to retrieve the revocation status for.

You can make a similar request to a different endpoint to retrieve the revocation status of a Semantic CWT redential:

HTTP
POST /v2/credentials/compact-semantic/{id}/revocation-status
  • id : Replace with the id of the credential you wish to retrieve the revocation status for.

Response

JSON
{
    "id": "M2Cbq-3GRgu3aXR9YmMHcA",
    "isRevoked": true
}
  • id : Unique credential identifier.
  • isRevoked : Indicates revocation status for the credential. When true the credential will not be verified as valid.