light-mode-image
Learn
CertificatesAPI Reference

Verification request signers

Create a Verification request signer

Create a Verification request signer

Creates a Verification request signer.

  • Only available in implementations using unmanaged (external) Verifier root CA certificates.
  • A maximum of five Verification request signers can be created per tenant.

Analytic events

  • CREDENTIAL_PRESENTATION_VERIFIER_SIGNER_CERTIFICATE_CREATE_START
  • CREDENTIAL_PRESENTATION_VERIFIER_SIGNER_CERTIFICATE_CREATE_SUCCESS
  • CREDENTIAL_PRESENTATION_VERIFIER_SIGNER_CERTIFICATE_CREATE_FAIL
POST/v2/presentations/certificates/verifier-signers

Authorization

AuthorizationBearer <token>

In: header

Request Body

Request payload for creating a Verification request signer using an unmanaged (external) Verifier root CA certificate.

caIdstring

Internal identifier of the Verifier root CA certificate that will be used for signing the Verification request signer.

  • Must be an unmanaged (external) Verifier root CA certificate.
Formatuuid
caType?string

Indicates the source of the verifier root CA certificate. Set to external if the verifier root CA certificate is managed outside of MATTR (e.g., using your own PKI).

Value in"external"

Request payload for creating a Verification request signer that uses an Apple Business Connect root CA. The CSR produced from this request must be uploaded to Apple Business Connect. Apple then issues a certificate that you upload to MATTR VII to associate with the signer.

caTypestring

Source of the verifier root CA certificate. Set to apple when the root CA is issued and managed by Apple Business Connect.

Apple Business Connect support is a tech preview; functionality may be limited and subject to change.

Value in"apple"
emailAddressstring

Email address for the domain or IT administrator.

Formatemail
countrystring

Two-letter country code (ISO 3166-1 alpha-2).

stateOrProvinceNamestring

State, province, or region where the company is registered.

organizationNamestring

Legal name of the company.

commonNamestring

Fully qualified domain name (FQDN) hosting the verifier application.

curl -X POST "https://example.vii.au01.mattr.global/v2/presentations/certificates/verifier-signers" \  -H "Content-Type: application/json" \  -d '{    "caId": "b0aae560-10e7-4247-8e96-7cdd3578a1e2"  }'
{
  "id": "782f1885-c7c2-4459-8426-b6d7c111b0b1",
  "csrPem": "-----BEGIN CERTIFICATE REQUEST-----\nMIIDXTCCAkWgAwIBAgIJAL5...\n-----END CERTIFICATE REQUEST-----",
  "caId": "b0aae560-10e7-4247-8e96-7cdd3578a1e2",
  "active": false,
  "caType": "mattr"
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Retrieve all Verification request signers

Retrieve all Verification request signers

Retrieves all Verification request signers.

Analytic events

  • CREDENTIAL_PRESENTATION_VERIFIER_SIGNER_CERTIFICATE_RETRIEVE_LIST_START
  • CREDENTIAL_PRESENTATION_VERIFIER_SIGNER_CERTIFICATE_RETRIEVE_LIST_SUCCESS
  • CREDENTIAL_PRESENTATION_VERIFIER_SIGNER_CERTIFICATE_RETRIEVE_LIST_FAIL
GET/v2/presentations/certificates/verifier-signers

Authorization

AuthorizationBearer <token>

In: header

Query Parameters

limit?number

Range size of returned list.

Default100
Range1 <= value <= 1000
cursor?string

Starting point for the list of entries.

curl -X GET "https://example.vii.au01.mattr.global/v2/presentations/certificates/verifier-signers?limit=2&cursor=Y3JlYXRlZEF0PTIwMjAtMDgtMjVUMDY6NDY6MDkuNTEwWiZpZD1h"
{
  "data": [
    {
      "id": "782f1885-c7c2-4459-8426-b6d7c111b0b1",
      "caType": "mattr",
      "active": true,
      "certificatePem": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAL5...\n-----END CERTIFICATE-----",
      "certificateFingerprint": "f6cad6e579d70b3973efa60624af731a580d1a11a7579e70f2f10f059dc86172",
      "certificateData": {
        "commonName": "example.com",
        "country": "US",
        "notAfter": "2024-10-22T00:00:00Z",
        "notBefore": "2023-10-22T00:00:00Z",
        "subjectAlternativeNames": [
          {
            "type": 0,
            "value": "string"
          }
        ]
      }
    }
  ],
  "nextCursor": "Y3JlYXRlZEF0PTIwMjAtMDgtMjVUMDY6NDY6MDkuNTEwWiZpZD1hNjZmZmVhNS04NDhlLTQzOWQtODBhNC1kZGE1NWY1M2UzNmM"
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Retrieve a Verification request signer

Retrieve a Verification request signer

Retrieves a Verification request signer.

Analytic events

  • CREDENTIAL_PRESENTATION_VERIFIER_SIGNER_CERTIFICATE_RETRIEVE_START
  • CREDENTIAL_PRESENTATION_VERIFIER_SIGNER_CERTIFICATE_RETRIEVE_SUCCESS
  • CREDENTIAL_PRESENTATION_VERIFIER_SIGNER_CERTIFICATE_RETRIEVE_FAIL
GET/v2/presentations/certificates/verifier-signers/{verifierSignerId}

Authorization

AuthorizationBearer <token>

In: header

Path Parameters

verifierSignerIdstring

Unique identifier of the Verification request signer.

Formatuuid
curl -X GET "https://example.vii.au01.mattr.global/v2/presentations/certificates/verifier-signers/b0aae560-10e7-4247-8e96-7cdd3578a1e2"
{
  "id": "782f1885-c7c2-4459-8426-b6d7c111b0b1",
  "caType": "mattr",
  "active": true,
  "certificatePem": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAL5...\n-----END CERTIFICATE-----",
  "certificateFingerprint": "f6cad6e579d70b3973efa60624af731a580d1a11a7579e70f2f10f059dc86172",
  "certificateData": {
    "commonName": "example.com",
    "country": "US",
    "notAfter": "2024-10-22T00:00:00Z",
    "notBefore": "2023-10-22T00:00:00Z",
    "subjectAlternativeNames": [
      {
        "type": 0,
        "value": "string"
      }
    ]
  }
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Update a Verification request signer

Update a Verification request signer

Updates a Verification request signer by:

  • Providing a Verification Request Signer Certificate (VRSC) in PEM format that matches its Certificate Signing Request (CSR).
  • Activating or deactivating the VRSC signer. Only VRSC signers with a valid PEM certificate can be activated.
  • The certificatePem field becomes immutable after it's updated for the first time.

Only available in implementations using unmanaged (external) Verifier root CA certificates.

Analytic events

  • CREDENTIAL_PRESENTATION_VERIFIER_SIGNER_CERTIFICATE_UPDATE_START
  • CREDENTIAL_PRESENTATION_VERIFIER_SIGNER_CERTIFICATE_UPDATE_SUCCESS
  • CREDENTIAL_PRESENTATION_VERIFIER_SIGNER_CERTIFICATE_UPDATE_FAIL
PUT/v2/presentations/certificates/verifier-signers/{verifierSignerId}

Authorization

AuthorizationBearer <token>

In: header

Path Parameters

verifierSignerIdstring

Unique identifier of the Verification request signer.

Formatuuid

Request Body

activeboolean

Indicates if the Verification request signer is active. Only active Verification request signers can be used for signing verification requests.

certificatePem?string

Verification Request Signer Certificate (VRSC) in PEM format. If caType is apple, then this certificate must be issued by Apple Business Connect.

curl -X PUT "https://example.vii.au01.mattr.global/v2/presentations/certificates/verifier-signers/b0aae560-10e7-4247-8e96-7cdd3578a1e2" \  -H "Content-Type: application/json" \  -d '{    "active": true  }'
{
  "id": "782f1885-c7c2-4459-8426-b6d7c111b0b1",
  "caType": "mattr",
  "active": true,
  "certificatePem": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAL5...\n-----END CERTIFICATE-----",
  "certificateFingerprint": "f6cad6e579d70b3973efa60624af731a580d1a11a7579e70f2f10f059dc86172",
  "certificateData": {
    "commonName": "example.com",
    "country": "US",
    "notAfter": "2024-10-22T00:00:00Z",
    "notBefore": "2023-10-22T00:00:00Z",
    "subjectAlternativeNames": [
      {
        "type": 0,
        "value": "string"
      }
    ]
  }
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Delete a Verification request signer

Delete a Verification request signer

Deletes a Verification request signer.

Only available in implementations using unmanaged (external) Verifier root CA certificates.

Analytic events

  • CREDENTIAL_PRESENTATION_VERIFIER_SIGNER_CERTIFICATE_DELETE_START
  • CREDENTIAL_PRESENTATION_VERIFIER_SIGNER_CERTIFICATE_DELETE_SUCCESS
  • CREDENTIAL_PRESENTATION_VERIFIER_SIGNER_CERTIFICATE_DELETE_FAIL
DELETE/v2/presentations/certificates/verifier-signers/{verifierSignerId}

Authorization

AuthorizationBearer <token>

In: header

Path Parameters

verifierSignerIdstring

Unique identifier of the Verification request signer.

Formatuuid
curl -X DELETE "https://example.vii.au01.mattr.global/v2/presentations/certificates/verifier-signers/b0aae560-10e7-4247-8e96-7cdd3578a1e2"
Empty
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

How would you rate this page?

Verifier root CA certificates

Previous Page

Android app signing

Next Page

On this page

Create a Verification request signerRetrieve all Verification request signersRetrieve a Verification request signerUpdate a Verification request signerDelete a Verification request signer