Revoke a Compact Credential
To configure a credential as revocable, you need to set their revocable
property to true
when you create a Compact or Semantic Compact Credential. Credentials which are configured as revocable include the following status
object:
1"status": {
2 "index": 4,
3 "url": "https://learn.vii.au01.mattr.global/core/v2/credentials/compact/revocation-lists/f91bbef3-6898-4930-bca3-cf0d4b63e939"
4}
index
: This indicates the index of this specific credential within the revocation list.url
: Every revocable credential will reference a Revocation List that is automatically created and held on the issuer's tenant. This list can be used by external verifiers to validate the credential status. Thestatus.url
property references the Revocation List which holds the revocation status for this specific credential.
All Credentials issued via the OpenID4VCI issuance workflow are not revocable by default.
All credentials issued via the OIDC Bridge issuance workflow are revocable by default.
This guide will walk you through the following operations:
Revoke a credential: This will be used by the issuer to revoke (or unrevoke) any existing credentials.
Retrieve a credential revocation status: This will be used by MATTR VII to retrieve the credential revocation status of a credential as part of a verification workflow.
Retrieve a revocation list: This will be used by public verifiers to check the credential status of a credential as part of a verification workflow.
Compact Credentials are automatically revoked when their metadata is deleted from the Credential Registry.
Prerequisites
Access to MATTR VII APIs. If you’re experiencing any difficulties, contact us.
You will need the
id
of a Compact or Semantic Compact Credential, obtained from the response when you created the credential. Note that this credential must haverevocable
set totrue
.
Revoke a credential
Request
Make a request of the following structure to revoke a Compact Credential:
1POST https://YOUR_TENANT_URL/core/v2/credentials/compact/{id}/revocation-status
Replace
{id}
with theid
of the Compact Credential you wish to revoke.
1{
2 "isRevoked": true
3}
You can make a similar request to a different endpoint to revoke a Semantic Compact Credential:
1POST https://YOUR_TENANT_URL/core/v2/credentials/compact-semantic/{id}/revocation-status
You can make a similar request with
isRevoked
set tofalse
to unrevoke a credential.
Response
1{
2 "id": "M2Cbq-3GRgu3aXR9YmMHcA",
3 "isRevoked": true
4}
This example shows that the Compact Credential with an id
of M2Cbq-3GRgu3aXR9YmMHcA
had its isRevoked
property changed to true
, which means it has been revoked. Revoked credentials will not be verified as valid.
The revocation list is cached for a certain amount of time. When verifying a credential with a newly updated revocation status, please allow time for the update to take effect.
Retrieve a credential revocation status
Request
Make a request of the following structure to retrieve the revocation status of a Compact Credential:
1GET https://YOUR_TENANT_URL/core/v2/credentials/compact/{id}/revocation-status
Replace
{id}
with theid
of the Compact Credential you wish to retrieve the recovation status for.
You can make a similar request to a different endpoint to retrieve the status of a Semantic Compact Credential:
1GET https://YOUR_TENANT_URL/core/v2/credentials/compact-semantic/{id}/revocation-status
Replace
{id}
with theid
of the Semantic Compact Credential you wish to retrieve the recovation status for.
Response
1{
2 "id": "M2Cbq-3GRgu3aXR9YmMHcA",
3 "isRevoked": true
4}
Retrieve a Revocation List
There are two ways to retrieve a Revocation List:
Make a direct request to the
status.url
property of the credential you wish to check the status for.Retrieve all Reovcation Lists from the Issuer's tenant, retrieve the specific Revocation List
id
from the response and use it to make a request to retrieve it.
Retrieve all Reovcation Lists
Request
Make the following request to retrieve all Compact Credential Recovcation Lists from a tenant:
1GET https://YOUR_TENANT_URL/core/v2/credentials/compact/revocation-lists
You can make a similar request to a different endpoint to retrieve all Semantic Compact Credential Revocation Lists from a tenant:
1GET https://YOUR_TENANT_URL/core/v2/credentials/compact-semantic/revocation-lists
Response
1{
2 "data": [
3 {
4 "id": "eea87efd-1fc1-4cc3-85c0-2fd490cf54a6",
5 "issuer": "did:web:example.nz",
6 "url": "https://YOUR_TENANT_URL/v2/credentials/compactc/revocation-lists/eea87efd-1fc1-4cc3-85c0-2fd490cf54a6"
7 }
8 ],
9 "nextCursor": "Y3JlYXRlZEF0PTIwMjItMDUtMTJUMDIlM0EyNiUzQTMzLjk5MlomaWQ9ZWVhODdlZmQtMWZjMS00Y2MzLTg1YzAtMmZkNDkwY2Y1NGE2"
10}
data
: This array includes all Compact Credential Revocation Lists available on this tenant.id
: This is the unique identifier for this Revocation List. You will need it to retrieve this specific list.issuer
: This is the issuer DID for this tenant.url
: This is the public URL where this Revocation List is available.
Retrieve a specific Revocation List
Request
Once you have the id of the desired Reovcation List, make a request of the following structure to retrieve a specific Compact Credential Revocation List (this is the same URL you will find in the credential status.url
property):
1GET https://YOUR_TENANT_URL/core/v2/credentials/compact/revocation-lists/{id}
Replace
{id}
with theid
of the Revocation List you wish to retrieve.
You can make a similar request to a different endpoint to retrieve a specific Semantic Compact Credential Revocation List:
1GET https://YOUR_TENANT_URL/core/v2/credentials/compact-semantic/revocation-lists/{id}
Replace
{id}
with theid
of the Revocation List you wish to retrieve.
Response
The response includes a binary file of the COSE Revocation List. You can now inspect it for the revocation status of a specific credential using its status.index
property.