Create an IACA

An IACA (Issuing Authority Certificate Authority) is a X.509 based certificate used to identify a Mobile Credential issuer and verify the Mobile Credentials they issue. An IACA is used to sign Document Signer Certificates (DSC), which are then in turn used to sign Mobile Security Objects (MSO) in Mobile Credentials.

There can be only one IACA per MATTR VII tenant. The private key linked to the certificate is stored and managed in our KMS platform, which is highly secure and reliable.

Create an IACA

Make the following request to create an IACA:


Copy to clipboard.
1POST /v2/credentials/mobile/iacas
Copy to clipboard.
2	"country": "NZ",
3	"commonName": "MATTR IACA"
  • country: This optional parameter indicates the country of the issuer. If not provided, a country is selected based on the region of the tenant subdomain cloud host. The value if specified MUST be uppercase and a valid country code as per ISO 3166.

  • commonName: This optional parameter indicates the common name of the IACA certificate. The value if specified must be a valid PrintableString. If not provided, the tenant subdomain is used.


Copy to clipboard.
2    "id": "e86dd9bc-1414-4f60-aeb1-9143451424bb",
4    "certificateData": {
5        "notAfter": "2033-08-05T00:09:21.000Z",
6        "notBefore": "2023-08-08T00:09:21.000Z",
7        "commonName": "MATTR IACA",
8        "country": "NZ"
9    },
10    "certificateFingerprint": "57b178a6c2b8c1877dba515ad4fd60f9c805efc309287182db7debfe43a22928",
11    "publicKeyJwk": {
12        "kty": "EC",
13        "crv": "P-256",
14        "x": "kbuvX83YDOKHZMj7UXGXd3hlgsOAQe0rWTRkZriJa60",
15        "y": "pTK_1JY8eBRiNiZEHWDsRHOP-k5ICymTvVj5AD6P2c8"
16    }
  • id: Unique identifier created for each IACA.

  • certificatePEM: Certificate PEM format.

  • certificateData: Key details of the created IACA:

    • notAfter: IACA's expiry date, which is 10 years from the creation date by default.

    • notBefore: IACA’s active from date.

    • commonName: IACA's name, if set in the request above.

    • country: IACA’s issuer country, if set in the request above.

  • certificateFingerprint: Hash value of the IACA certificate that includes all certificate data and its signature.

  • publicKeyJwk: JWK format of the IACA public key.

What's Next?

After creating an IACA, the next step is to create a Document Signer Certificate that will be signed by this IACA.