Skip to main content

Update credential revocation status

PUT 
/v2/config/digital-wallet/openid/sdjwt/credential/history/:credentialExchangeId/revocation-status

Updates the revocation status of an issued credential using the IETF Token Status List.

Request

Path Parameters

    credentialExchangeId stringrequired

    Unique identifier of the credential exchange record tracking a single OID4VCI credential issuance lifecycle.

Body

    revocationStatus stringrequired

    Possible values: [Operational, Revoked, Suspended]

    New revocation status. Operational reactivates a suspended credential. Revoked permanently invalidates. Suspended temporarily invalidates (can be reactivated).

Responses

Credential revocation status updated successfully

Response Headers
    Schema
      credentialHistory object
      CredentialExchangeId string

      Unique identifier for the credential exchange record, tracking the full lifecycle of a single OID4VCI credential issuance.

      issuanceMode string

      Issuance mode used for this exchange. InTime means the credential was issued immediately via the OID4VCI Credential Endpoint. Deferred means the credential is pending via the Deferred Credential Endpoint.

      isPreAuthorised boolean

      When true, the issuance used the OID4VCI Pre-Authorized Code Flow. When false, the Authorization Code Flow was used.

      credentialOffer string

      The OID4VCI Credential Offer URI or JSON sent to the holder to initiate the issuance flow.

      credentialStatus string

      Possible values: [pending, ready]

      Processing status of the credential. pending means the credential is being prepared. ready means it is available for the holder to retrieve.

      status string

      Possible values: [offer_sent, offer_received, credential_issued, credential_acked, credential_accepted, credential_deleted, issuance_denied]

      Lifecycle status of the credential exchange in the OID4VCI protocol flow: offer_sent (Credential Offer sent to holder), offer_received (holder scanned/received offer), credential_issued (credential issued via Credential Endpoint), credential_acked (holder acknowledged receipt), credential_accepted (holder accepted credential), credential_deleted (holder deleted credential), issuance_denied (issuer denied issuance).

      clientId string

      Client identifier of the holder's wallet, typically a DID or URL. Provided during the OID4VCI Token Request.

      userPin string

      Transaction code (tx_code) for the Pre-Authorized Code Flow.

      createdAt number

      Unix timestamp (in seconds) when this exchange record was created.

      updatedAt number

      Unix timestamp (in seconds) when this exchange record was last modified.

      credential object

      The credential payload being issued. Contains type and credentialSubject for W3C VC (JWT) format, or vct/doctype and claims for IETF SD-JWT VC / ISO 18013-5 mDoc/mDL formats.

      property name* any

      The credential payload being issued. Contains type and credentialSubject for W3C VC (JWT) format, or vct/doctype and claims for IETF SD-JWT VC / ISO 18013-5 mDoc/mDL formats.

      disclosureMapping object

      Selective disclosure mapping for IETF SD-JWT VC credentials. Each entry maps a claim path to its disclosure setting.

      property name* any

      Selective disclosure mapping for IETF SD-JWT VC credentials. Each entry maps a claim path to its disclosure setting.

      presentationDefinitionId string

      Identifier of a presentation definition required for dynamic credential requests.

      presentationExchangeId string

      Identifier of the presentation exchange session linked to a dynamic credential request.

      holder object

      Metadata about the credential holder obtained during the OID4VCI exchange.

      name stringrequired

      Identifier of the holder, typically a DID or display name resolved from wallet client metadata.

      credentialFormat string

      Possible values: [jwt_vc_json, dc+sd-jwt, mso_mdoc]

      Credential format used for this issuance. Values: jwt_vc_json (W3C VC JWT), dc+sd-jwt (IETF SD-JWT VC), mso_mdoc (ISO 18013-5 mDoc/mDL).

      supportRevocation boolean

      Indicates whether revocation is enabled for the issued credential.

      revocationStatus string

      Possible values: [Operational, Revoked, Suspended]

      Current revocation status: Operational (valid), Revoked (permanently invalidated), Suspended (temporarily invalidated).

      clientAssertion string

      OAuth 2.0 client assertion JWT provided by the holder's wallet for client authentication.

      clientAssertionTokenType string

      Type of the client assertion token.

      isClientAssertionVerified boolean

      Indicates whether the holder's client assertion JWT was verified.

      walletUnitAttestation string

      Wallet Unit Attestation (WUA) credential presented by the holder, certifying the wallet instance is genuine.

      walletUnitAttestationPoP string

      Proof of Possession for the Wallet Unit Attestation.

      walletUnitAttestationVerified boolean

      Indicates whether the Wallet Unit Attestation was verified.

      credentialToken string

      The signed credential token (JWT, SD-JWT, or mDoc) issued to the holder.

      cnf object

      Confirmation claim (cnf) containing the holder's public key JWK for key binding.

      property name* any

      Confirmation claim (cnf) containing the holder's public key JWK for key binding.

      jti string

      JWT Token Identifier (jti) — unique identifier for the issued credential token.

      proof string

      Proof JWT provided by the holder in the OID4VCI Credential Request, demonstrating key possession.

      proofType string

      Type of the proof provided in the Credential Request (e.g. jwt).

      decodedWalletUnitAttestation object

      Decoded payload of the holder's Wallet Unit Attestation credential.

      property name* any

      Decoded payload of the holder's Wallet Unit Attestation credential.

      idToken string

      OpenID Connect ID Token shared by the holder during the issuance flow.

      idTokenDecoded object

      Decoded payload of the holder's OpenID Connect ID Token.

      idTokenVerified boolean

      Indicates whether the holder's OpenID Connect ID Token was verified.

      issuanceDeniedReason string

      Human-readable reason why the issuer denied the credential issuance request.

      expiredCredentialTokens string[]

      Array of previously issued credential tokens that have expired.

      expiredCredentials object[]

      Array of decoded expired credential payloads.

      credentialResponseEncryption object
      alg string
      enc string
      jwk object
      issuerTrustServiceProvider object

      The details of issuer trust service provider

      holderTrustServiceProvider object

      The details of holder trust service provider

      individualId string

      Identifier of the individual recipient the credential offer was sent to.

      mapperId string

      Mapper identifier linking the credential offer to an external individual record.

      credentialResponseInterval number

      Minimum polling interval (in seconds) for the OID4VCI Deferred Credential Endpoint.

    Loading...
    Last updated on