Revoke a Compact Credential

To configure a credential as revocable, you need to set their revocable property to true when you create a Compact or Semantic Compact Credential. Credentials which are configured as revocable include the following status object:

1"status": { 
2      "index": 4, 
3      "url": "https://learn.vii.au01.mattr.global/core/v2/credentials/compact/revocation-lists/f91bbef3-6898-4930-bca3-cf0d4b63e939"
4}

• index: This indicates the index of this specific credential within the revocation list.

• url: Every revocable credential will reference a Revocation List that is automatically created and held on the issuer's tenant. This list can be used by external verifiers to validate the credential status. The status.url property references the Revocation List which holds the revocation status for this specific credential.

All Credentials issued via the OpenID4VCI issuance workflow are not revocable by default.

All credentials issued via the OIDC Bridge issuance workflow are revocable by default.

This guide will walk you through the following operations:

• Revoke a credential: This will be used by the issuer to revoke (or unrevoke) any existing credentials.

• Retrieve a credential revocation status: This will be used by MATTR VII to retrieve the credential revocation status of a credential as part of a verification workflow.

• Retrieve a revocation list: This will be used by public verifiers to check the credential status of a credential as part of a verification workflow.

Compact Credentials are automatically revoked when their metadata is deleted from the Credential Registry.

Prerequisites

• Access to MATTR VII APIs. If you’re experiencing any difficulties, contact us.

• You will need the id of a Compact or Semantic Compact Credential, obtained from the response when you created the credential. Note that this credential must have revocable set to true.

Revoke a credential

Request

Make a request of the following structure to revoke a Compact Credential:

1POST https://YOUR_TENANT_URL/core/v2/credentials/compact/{id}/revocation-status

• Replace {id} with the id of the Compact Credential you wish to revoke.

1{
2    "isRevoked": true
3}

You can make a similar request to a different endpoint to revoke a Semantic Compact Credential:

1POST https://YOUR_TENANT_URL/core/v2/credentials/compact-semantic/{id}/revocation-status

You can make a similar request with isRevoked set to false to unrevoke a credential.

Response

1{
2    "id": "M2Cbq-3GRgu3aXR9YmMHcA",
3    "isRevoked": true
4}

This example shows that the Compact Credential with an id of M2Cbq-3GRgu3aXR9YmMHcA had its isRevoked property changed to true, which means it has been revoked. Revoked credentials will not be verified as valid.

The revocation list is cached for a certain amount of time. When verifying a credential with a newly updated revocation status, please allow time for the update to take effect.

Retrieve a credential revocation status

Request

Make a request of the following structure to retrieve the revocation status of a Compact Credential:

1GET https://YOUR_TENANT_URL/core/v2/credentials/compact/{id}/revocation-status

• Replace {id} with the id of the Compact Credential you wish to retrieve the recovation status for.

You can make a similar request to a different endpoint to retrieve the status of a Semantic Compact Credential:

1GET https://YOUR_TENANT_URL/core/v2/credentials/compact-semantic/{id}/revocation-status

• Replace {id} with the id of the Semantic Compact Credential you wish to retrieve the recovation status for.

Response 

1{
2    "id": "M2Cbq-3GRgu3aXR9YmMHcA",
3    "isRevoked": true
4}

Retrieve a Revocation List

There are two ways to retrieve a Revocation List:

• Make a direct request to the status.url property of the credential you wish to check the status for.

• Retrieve all Reovcation Lists from the Issuer's tenant, retrieve the specific Revocation List id from the response and use it to make a request to retrieve it.

Retrieve all Reovcation Lists

Request

Make the following request to retrieve all Compact Credential Recovcation Lists from a tenant:

1GET https://YOUR_TENANT_URL/core/v2/credentials/compact/revocation-lists

You can make a similar request to a different endpoint to retrieve all Semantic Compact Credential Revocation Lists from a tenant:

1GET https://YOUR_TENANT_URL/core/v2/credentials/compact-semantic/revocation-lists

Response

1{
2    "data": [
3        {
4            "id": "eea87efd-1fc1-4cc3-85c0-2fd490cf54a6",
5            "issuer": "did:web:example.nz",
6            "url": "https://YOUR_TENANT_URL/v2/credentials/compactc/revocation-lists/eea87efd-1fc1-4cc3-85c0-2fd490cf54a6"
7        }
8    ],
9    "nextCursor": "Y3JlYXRlZEF0PTIwMjItMDUtMTJUMDIlM0EyNiUzQTMzLjk5MlomaWQ9ZWVhODdlZmQtMWZjMS00Y2MzLTg1YzAtMmZkNDkwY2Y1NGE2"
10}

• data: This array includes all Compact Credential Revocation Lists available on this tenant.

  • id: This is the unique identifier for this Revocation List. You will need it to retrieve this specific list.

  • issuer: This is the issuer DID for this tenant.

  • url: This is the public URL where this Revocation List is available.

Retrieve a specific Revocation List

Request

Once you have the id of the desired Reovcation List, make a request of the following structure to retrieve a specific Compact Credential Revocation List (this is the same URL you will find in the credential status.url property):

1GET https://YOUR_TENANT_URL/core/v2/credentials/compact/revocation-lists/{id}

• Replace {id} with the id of the Revocation List you wish to retrieve.

You can make a similar request to a different endpoint to retrieve a specific Semantic Compact Credential Revocation List:

1GET https://YOUR_TENANT_URL/core/v2/credentials/compact-semantic/revocation-lists/{id}

• Replace {id} with the id of the Revocation List you wish to retrieve.

Response 

The response includes a binary file of the COSE Revocation List. You can now inspect it for the revocation status of a specific credential using its status.index property.