Learn

Revocation status change notification

Whenever a revocation status is updated for a known subject-bound credential, a message can be sent to inform the holder of the status change. This comprises three steps:

  1. Create a revocation message payload.

  2. Encrypt the message payload.

  3. Send the encrypted message.

Create a revocation message payload

Make the following request to create a revocation message payload:

Request

http
Copy to clipboard.
1POST https://YOUR_TENANT_URL/v2/credentials/web-semantic/{id}/revocation-status/notification

  • id: Provide the identifier for the credential whose status has changed. This identifier can be retrieved using the relevant MATTR VII APIs.

json
Copy to clipboard.
1{
2    "from": "did:web:organization.com",
3    "to": [
4        "did:key:z6MkgmEkNM32vyFeMXcQA7AfQDznu47qHCZpy2AYH2Dtdu1d"
5    ]
6}

  • from: The sender's DID URL, obtained from the id field of the first keyAgreement entry of the DID document. Refer to our DID tutorial for more information.

  • to: The recipient DID URL. In production environments you must have a secure way to obtain it:

    • Use DID Auth for any new interactions.

    • Ask the user to share their wallet DID (MATTR Showcase wallet or MATTR GO users can do this by navigating to Settings > Advanced > Public DID).

    • Request an existing credential as part of a verification workflow, and extract the DID from that interaction.

Response

json
Copy to clipboard.
1{
2    "id": "8acd6b31-9225-47a9-8514-896602f3ac08",
3    "type": "https://mattr.global/schemas/verifiable-credential/status/RevocationStatus",
4    "to": [
5        "did:key:z6MkgmEkNM32vyFeMXcQA7AfQDznu47qHCZpy2AYH2Dtdu1d"
6    ],
7    "from": "did:web:organization.com",
8    "created_time": 1616137875353,
9    "body": {
10        "revocationListCredential": "https://YOUR_TENANT_URL/v1/revocation-lists/341db0e7-aeb5-4d88-bee2-41be51795266",
11        "revocationListIndex": "1547",
12        "isRevoked": false
13    }
14}

The result is a message payload constructed using the JWM format. The body of the message indicates that the message concerns the status of a given credential which a digital wallet can consume to relay to the holder.

Encrypt the message payload

Once you have the message payload, make the following request to encrypt it:

Request

http
Copy to clipboard.
1POST https://YOUR_TENANT_URL/v1/messaging/encrypt
json
Copy to clipboard.
1{
2    "senderDidUrl": "did:web:organization.com#CU6dJt9p8t",
3    "recipientDidUrls": [
4      "did:key:z6MkgmEkNM32vyFeMXcQA7AfQDznu47qHCZpy2AYH2Dtdu1d"
5    ],
6    "payload": {
7      "id": "8acd6b31-9225-47a9-8514-896602f3ac08",
8      "type": "https://mattr.global/schemas/verifiable-credential/status/RevocationStatus",
9      "to": [
10          "did:key:z6MkgmEkNM32vyFeMXcQA7AfQDznu47qHCZpy2AYH2Dtdu1d"
11      ],
12      "from": "did:web:organization.com",
13      "created_time": 1616137875353,
14      "body": {
15          "revocationListCredential": "https://YOUR_TENANT_URL/v1/revocation-lists/341db0e7-aeb5-4d88-bee2-41be51795266",
16          "revocationListIndex": "1547",
17          "isRevoked": false
18      }
19    }
20}

  • senderDidUrl: The sender's DID URL, obtained from the id field of the first keyAgreement entry of the DID document. Refer to our DID tutorial for more information.

  • recipientDidUrls: The recipient's DID URL. In production environments, you must have a secure way to obtain the DID that is associated with the intended recipient's digital wallet:

    • Use DID Auth for a new interaction.

    • Ask the user to manually obtain their public DID by opening their MATTR Showcase wallet and navigating to Settings > Advanced > Public DID.

    • Request an existing credential as part of a verification workflow, and extract the recipient's digital wallet DID from that interaction.

  • payload: Use the body of the JWM payload obtained in the previous step.

Response

json
Copy to clipboard.
1{
2  "jwe": {
3    "protected": "eyJhbGciOiJYQzIwUCJ9",
4    "recipients": [
5      {
6        "header": {
7          "alg": "ECDH-1PU+A256KW",
8          "kid": "did:key:z6MkgmEkNM32vyFeMXcQA7AfQDznu47qHCZpy2AYH2Dtdu1d#z6LSsvqSJkBvVEsDC8cxMHuQ3sKoLRMXB1MdtoLrMUq6A8Rg",
9          "epk": {
10            "kty": "OKP",
11            "crv": "X25519",
12            "x": "JOLnYaD7L-Rszz7fczPhn6MkNre25PUsztzB1RHoz14"
13          },
14          "skid": "did:key:z6MkreuqFq6WrwozTeGKuUDz8bniTFRNAg8f3ZB862YdLp7v#z6LScyz3YLToyoKwZE6Tfq65hgZUkZdHrC4ZqohcUH9X6Twx"
15        },
16        "encryption_key": "ag5iKzjJOth9Wa68dCVKJW_vnO_Ga0zSJgQp5rIUg69HCzIjuNYhDg"
17      }
18    ],
19    "ciphertext": "xpW-D6sDPpWc_jk87nEyxPX7JQV8_OZpaQft7ySQ5XmNhoj-lQyDkXDncOCyhB7yMSdZrRBNQjKxlEbpY_WLk1hBoWfsTeszVSAuFbX_VKUSJ7GR6rcnWGVNgDfKS8GsyC_owtswXatkF_65_mzFOygctkUmd2eI5bcpQpWjhw2vqnvnWkb7l2J27aWFF_c9cu52dB559j8lwLYyYC9oSMgV5piB6ppfrWBGo_DigjxvJcAYcjFYqFcT6A1nphPhwVTQ2HNfJodbQoseHub8UQdG4qAOcggq5DI84tbqor1SU9rdPH03jPkLgoO_aeXyJg5meITXoFSiu_tRfvf8QQ6vKq6pkTTXs8zKXcBCGhGIyKBNBG4R4RIY1UffTMnJQQQGBble3P06pGOnsnSop0BtygelB9M0ZEwnAUSAQqN1RR4AQwWcn9nH6hHEu1pMhSvhCuFNAPWS-hg24JGGw8Xe3EEZlLH0PM8qpUAfksPq",
20    "iv": "FJq5zKvuPiUQIdRcMtiChHCJByuY8XK9",
21    "tag": "u8kT0VAAtTswjGXxNpuX0g=="
22  }
23}

The result is a message payload constructed using the JWM format which can be used as a secure MATTR VII message.

Send the encrypted message

Make the following request to send the notification to the user's digital wallet:

Request

http
Copy to clipboard.
1POST https://YOUR_TENANT_URL/v1/messaging/send
json
Copy to clipboard.
1{
2"to": "{SUBJECT_DID}",
3"message": {
4  "to": "did:key:z6MkgmEkNM32vyFeMXcQA7AfQDznu47qHCZpy2AYH2Dtdu1d",
5  "message": {
6    "protected": "eyJhbGciOiJYQzIwUCJ9",
7    "recipients": [
8      {
9        "header": {
10          "alg": "ECDH-1PU+A256KW",
11          "kid": "did:key:z6MkgmEkNM32vyFeMXcQA7AfQDznu47qHCZpy2AYH2Dtdu1d#z6LSsvqSJkBvVEsDC8cxMHuQ3sKoLRMXB1MdtoLrMUq6A8Rg",
12          "epk": {
13            "kty": "OKP",
14            "crv": "X25519",
15            "x": "JOLnYaD7L-Rszz7fczPhn6MkNre25PUsztzB1RHoz14"
16          },
17          "skid": "did:key:z6MkreuqFq6WrwozTeGKuUDz8bniTFRNAg8f3ZB862YdLp7v#z6LScyz3YLToyoKwZE6Tfq65hgZUkZdHrC4ZqohcUH9X6Twx"
18        },
19        "encryption_key": "ag5iKzjJOth9Wa68dCVKJW_vnO_Ga0zSJgQp5rIUg69HCzIjuNYhDg"
20      }
21    ],
22    "ciphertext": "xpW-D6sDPpWc_jk87nEyxPX7JQV8_OZpaQft7ySQ5XmNhoj-lQyDkXDncOCyhB7yMSdZrRBNQjKxlEbpY_WLk1hBoWfsTeszVSAuFbX_VKUSJ7GR6rcnWGVNgDfKS8GsyC_owtswXatkF_65_mzFOygctkUmd2eI5bcpQpWjhw2vqnvnWkb7l2J27aWFF_c9cu52dB559j8lwLYyYC9oSMgV5piB6ppfrWBGo_DigjxvJcAYcjFYqFcT6A1nphPhwVTQ2HNfJodbQoseHub8UQdG4qAOcggq5DI84tbqor1SU9rdPH03jPkLgoO_aeXyJg5meITXoFSiu_tRfvf8QQ6vKq6pkTTXs8zKXcBCGhGIyKBNBG4R4RIY1UffTMnJQQQGBble3P06pGOnsnSop0BtygelB9M0ZEwnAUSAQqN1RR4AQwWcn9nH6hHEu1pMhSvhCuFNAPWS-hg24JGGw8Xe3EEZlLH0PM8qpUAfksPq",
23    "iv": "FJq5zKvuPiUQIdRcMtiChHCJByuY8XK9",
24    "tag": "u8kT0VAAtTswjGXxNpuX0g=="
25    }
26  }
27}

  • to: Use your recipient's wallet public DID. This can be obtained from previous interactions, via DID authentication or directly from the user's wallet.

  • message: Use the content of the jwe object obtained in the previous step response. Note that you do not need to include the preceding jwe attribute, only the content of the object.

Response

200 response indicates that the message payload was sent to the service endpoint of the dereferenced DID Document (or the default MATTR service endpoint).