Revocation status change notification
Whenever a revocation status is updated for a known subject-bound credential, a message can be sent to inform the holder of the status change. This comprises three steps:
Create a revocation message payload
Make the following request to create a revocation message payload:
Request
1POST https://YOUR_TENANT_URL/v2/credentials/web-semantic/{id}/revocation-status/notification
id
: Provide the identifier for the credential whose status has changed. This identifier can be retrieved using the relevant MATTR VII APIs.
1{
2 "from": "did:web:organization.com",
3 "to": [
4 "did:key:z6MkgmEkNM32vyFeMXcQA7AfQDznu47qHCZpy2AYH2Dtdu1d"
5 ]
6}
from
: The sender's DID URL, obtained from theid
field of the firstkeyAgreement
entry of the DID document. Refer to our DID tutorial for more information.to
: The recipient DID URL. In production environments you must have a secure way to obtain it:Use DID Auth for any new interactions.
Ask the user to share their wallet DID (MATTR Showcase wallet or MATTR GO users can do this by navigating to Settings > Advanced > Public DID).
Request an existing credential as part of a verification workflow, and extract the DID from that interaction.
Response
1{
2 "id": "8acd6b31-9225-47a9-8514-896602f3ac08",
3 "type": "https://mattr.global/schemas/verifiable-credential/status/RevocationStatus",
4 "to": [
5 "did:key:z6MkgmEkNM32vyFeMXcQA7AfQDznu47qHCZpy2AYH2Dtdu1d"
6 ],
7 "from": "did:web:organization.com",
8 "created_time": 1616137875353,
9 "body": {
10 "revocationListCredential": "https://YOUR_TENANT_URL/v1/revocation-lists/341db0e7-aeb5-4d88-bee2-41be51795266",
11 "revocationListIndex": "1547",
12 "isRevoked": false
13 }
14}
The result is a message payload constructed using the JWM format. The body
of the message indicates that the message concerns the status of a given credential which a digital wallet can consume to relay to the holder.
Encrypt the message payload
Once you have the message payload, make the following request to encrypt it:
Request
1POST https://YOUR_TENANT_URL/v1/messaging/encrypt
1{
2 "senderDidUrl": "did:web:organization.com#CU6dJt9p8t",
3 "recipientDidUrls": [
4 "did:key:z6MkgmEkNM32vyFeMXcQA7AfQDznu47qHCZpy2AYH2Dtdu1d"
5 ],
6 "payload": {
7 "id": "8acd6b31-9225-47a9-8514-896602f3ac08",
8 "type": "https://mattr.global/schemas/verifiable-credential/status/RevocationStatus",
9 "to": [
10 "did:key:z6MkgmEkNM32vyFeMXcQA7AfQDznu47qHCZpy2AYH2Dtdu1d"
11 ],
12 "from": "did:web:organization.com",
13 "created_time": 1616137875353,
14 "body": {
15 "revocationListCredential": "https://YOUR_TENANT_URL/v1/revocation-lists/341db0e7-aeb5-4d88-bee2-41be51795266",
16 "revocationListIndex": "1547",
17 "isRevoked": false
18 }
19 }
20}
senderDidUrl
: The sender's DID URL, obtained from theid
field of the firstkeyAgreement
entry of the DID document. Refer to our DID tutorial for more information.recipientDidUrls
: The recipient's DID URL. In production environments, you must have a secure way to obtain the DID that is associated with the intended recipient's digital wallet:Use DID Auth for a new interaction.
Ask the user to manually obtain their public DID by opening their MATTR Showcase wallet and navigating to Settings > Advanced > Public DID.
Request an existing credential as part of a verification workflow, and extract the recipient's digital wallet DID from that interaction.
payload
: Use the body of the JWM payload obtained in the previous step.
Response
1{
2 "jwe": {
3 "protected": "eyJhbGciOiJYQzIwUCJ9",
4 "recipients": [
5 {
6 "header": {
7 "alg": "ECDH-1PU+A256KW",
8 "kid": "did:key:z6MkgmEkNM32vyFeMXcQA7AfQDznu47qHCZpy2AYH2Dtdu1d#z6LSsvqSJkBvVEsDC8cxMHuQ3sKoLRMXB1MdtoLrMUq6A8Rg",
9 "epk": {
10 "kty": "OKP",
11 "crv": "X25519",
12 "x": "JOLnYaD7L-Rszz7fczPhn6MkNre25PUsztzB1RHoz14"
13 },
14 "skid": "did:key:z6MkreuqFq6WrwozTeGKuUDz8bniTFRNAg8f3ZB862YdLp7v#z6LScyz3YLToyoKwZE6Tfq65hgZUkZdHrC4ZqohcUH9X6Twx"
15 },
16 "encryption_key": "ag5iKzjJOth9Wa68dCVKJW_vnO_Ga0zSJgQp5rIUg69HCzIjuNYhDg"
17 }
18 ],
19 "ciphertext": "xpW-D6sDPpWc_jk87nEyxPX7JQV8_OZpaQft7ySQ5XmNhoj-lQyDkXDncOCyhB7yMSdZrRBNQjKxlEbpY_WLk1hBoWfsTeszVSAuFbX_VKUSJ7GR6rcnWGVNgDfKS8GsyC_owtswXatkF_65_mzFOygctkUmd2eI5bcpQpWjhw2vqnvnWkb7l2J27aWFF_c9cu52dB559j8lwLYyYC9oSMgV5piB6ppfrWBGo_DigjxvJcAYcjFYqFcT6A1nphPhwVTQ2HNfJodbQoseHub8UQdG4qAOcggq5DI84tbqor1SU9rdPH03jPkLgoO_aeXyJg5meITXoFSiu_tRfvf8QQ6vKq6pkTTXs8zKXcBCGhGIyKBNBG4R4RIY1UffTMnJQQQGBble3P06pGOnsnSop0BtygelB9M0ZEwnAUSAQqN1RR4AQwWcn9nH6hHEu1pMhSvhCuFNAPWS-hg24JGGw8Xe3EEZlLH0PM8qpUAfksPq",
20 "iv": "FJq5zKvuPiUQIdRcMtiChHCJByuY8XK9",
21 "tag": "u8kT0VAAtTswjGXxNpuX0g=="
22 }
23}
The result is a message payload constructed using the JWM format which can be used as a secure MATTR VII message.
Send the encrypted message
Make the following request to send the notification to the user's digital wallet:
Request
1POST https://YOUR_TENANT_URL/v1/messaging/send
1{
2"to": "{SUBJECT_DID}",
3"message": {
4 "to": "did:key:z6MkgmEkNM32vyFeMXcQA7AfQDznu47qHCZpy2AYH2Dtdu1d",
5 "message": {
6 "protected": "eyJhbGciOiJYQzIwUCJ9",
7 "recipients": [
8 {
9 "header": {
10 "alg": "ECDH-1PU+A256KW",
11 "kid": "did:key:z6MkgmEkNM32vyFeMXcQA7AfQDznu47qHCZpy2AYH2Dtdu1d#z6LSsvqSJkBvVEsDC8cxMHuQ3sKoLRMXB1MdtoLrMUq6A8Rg",
12 "epk": {
13 "kty": "OKP",
14 "crv": "X25519",
15 "x": "JOLnYaD7L-Rszz7fczPhn6MkNre25PUsztzB1RHoz14"
16 },
17 "skid": "did:key:z6MkreuqFq6WrwozTeGKuUDz8bniTFRNAg8f3ZB862YdLp7v#z6LScyz3YLToyoKwZE6Tfq65hgZUkZdHrC4ZqohcUH9X6Twx"
18 },
19 "encryption_key": "ag5iKzjJOth9Wa68dCVKJW_vnO_Ga0zSJgQp5rIUg69HCzIjuNYhDg"
20 }
21 ],
22 "ciphertext": "xpW-D6sDPpWc_jk87nEyxPX7JQV8_OZpaQft7ySQ5XmNhoj-lQyDkXDncOCyhB7yMSdZrRBNQjKxlEbpY_WLk1hBoWfsTeszVSAuFbX_VKUSJ7GR6rcnWGVNgDfKS8GsyC_owtswXatkF_65_mzFOygctkUmd2eI5bcpQpWjhw2vqnvnWkb7l2J27aWFF_c9cu52dB559j8lwLYyYC9oSMgV5piB6ppfrWBGo_DigjxvJcAYcjFYqFcT6A1nphPhwVTQ2HNfJodbQoseHub8UQdG4qAOcggq5DI84tbqor1SU9rdPH03jPkLgoO_aeXyJg5meITXoFSiu_tRfvf8QQ6vKq6pkTTXs8zKXcBCGhGIyKBNBG4R4RIY1UffTMnJQQQGBble3P06pGOnsnSop0BtygelB9M0ZEwnAUSAQqN1RR4AQwWcn9nH6hHEu1pMhSvhCuFNAPWS-hg24JGGw8Xe3EEZlLH0PM8qpUAfksPq",
23 "iv": "FJq5zKvuPiUQIdRcMtiChHCJByuY8XK9",
24 "tag": "u8kT0VAAtTswjGXxNpuX0g=="
25 }
26 }
27}
to
: Use your recipient's wallet public DID. This can be obtained from previous interactions, via DID authentication or directly from the user's wallet.message
: Use the content of thejwe
object obtained in the previous step response. Note that you do not need to include the precedingjwe
attribute, only the content of the object.
Response
A 200
response indicates that the message payload was sent to the service endpoint of the dereferenced DID Document (or the default MATTR service endpoint).