Manage Status Credentials
In this walkthrough we take a look at how you can create a status credential configuration and add or update a status entry in the configured status credential. Please make sure you have created a credential status service as explained here.
Our implementation covers examples for each of the following standards:
Create A Status Credential Configuration
The first step is to create a configuration. However, the creation of a configuration does not yet issue the actual status credential. It's only after the first status entry has been created with a configuration that the status credential based on the configuration is being issued and made available for verifiers and other parties to access.
When defining the configuration, we decide which key will sign the status credential, the DID of the issuer, and the config of the status itself. The config sets up properties the depending on the status credential standard, e.g.:
- W3C standards (BitstringStatusList, StatusList2021, RevocationList2020) -
purposeof the status, e.g. revocation, thestatusSizeand more - IETF standard (TokenStatusList)
One status credential can host up to 32.000 status list entries.
In the examples below we create a configuration for a revocation status credential.
Endpoint: /v1/{target}/credential-status-service-api/status-credential/create | API Reference
Example Request
curl -X 'POST' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/credential-status-service-api/status-credential/create' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourToken}' \
-H 'Content-Type: application/json' \
-d '{
"kid": "waltid.tenant1.kms1.key1",
"did": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5Iiwia2lkIjoiMW1rQnBEYWZqVk9ONm9XVmlIZGREZXNEYXpKaXk1R0NTYko3VDU4QkJ3cyIsIngiOiJzZ1BiZWRPQjl1WEMtVG54LUVhV1IxRmg1Y25JLUxRLU43NUV1UE8wV2VFIn0",
"config": {
"purpose": "revocation",
"type": "BitstringStatusList",
"statusSize": 1,
"statuses": [
{
"status": "0x0",
"message": "unset"
},
{
"status": "0x1",
"message": "set"
}
]
}
}'
Path Parameters
orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is namedtest, your default Base URL will betest.enterprise-sandbox.walt.devwhen using the sandbox environment.target: resourceIdentifier - The target indicates the organization + tenant + credential status service in which to execute the status credential creation ({organizationID}.{tenantID}.{credentialStatusServiceID}), e.g.waltid.tenant1.status-service1
Response
201- Credential Status config created successfully.
Create A Status Entry
With our Status Credential configuration we can now create a status entry. With the following call we will allocate an index within the status credential encoded list for a credential we want to issue with status. The response will return a JSON structure representing the status-entry we can use in the VC issuance request.
Endpoint: /v1/{target}/credential-status-service-api/status-credential/status/create | API Reference
Example Request
curl -X 'POST' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/credential-status-service-api/status-credential/status/create' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourToken}' \
-H 'Content-Type: application/json' \
-d '{
"initialStatus": "0x0"
}'
Path Parameters
orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is namedtest, your default Base URL will betest.enterprise-sandbox.walt.devwhen using the sandbox environment.target: resourceIdentifier - The target indicates the organization + tenant + credential status service + credential status config ID in which to create a new status list entry.{organizationID}.{tenantID}.{credentialStatusServiceID}.{statusCredentialConfigID}), e.g.waltid.tenant1.status-service1.revocation-config
Create A Status Entry From The Issuer Service
Although we can use the credential status service to create a new status entry, it's quite a cumbersome process. That's why the issuer service was built to directly communicate & use the credential status service. This way when you make a credential issuance request, you can reference a credential status service config + the initial status in the body of the request. The issuer service then makes the same call we just made above to create a new status entry and the result of the call then gets directly embedded into the credential.
Example Issuance Request Body With Status
Notice the credentialData represents a W3C VCDM1.1 or VCMD2.0 credential.
{
"issuerKeyId": "waltid.tenant1.kms1.key1",
"issuerDid": "did:key:z6MkjoRhq1jSNJdLiruSXrFFxagqrztZaXHqHGUTKJbcNywp",
"authenticationMethod": "PRE_AUTHORIZED",
"credentialConfigurationId": "UniversityDegree_jwt_vc_json",
"credentialData": {
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1"
],
"id": "http://example.gov/credentials/3732",
"type": [
"VerifiableCredential",
"UniversityDegree"
],
"issuer": {
"id": "did:web:vc.transmute.world"
},
"issuanceDate": "2020-03-10T04:24:12.164Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"degree": {
"type": "BachelorDegree",
"name": "Bachelor of Science and Arts"
}
}
},
// STATUS
"status": {
"statusCredentialConfig": "waltid.tenant1.credential-status-service1.config1",
"initialStatus": "0x0"
},
//
"mapping": {
"id": "<uuid>",
"issuer": {
"id": "<issuerDid>"
},
"credentialSubject": {
"id": "<subjectDid>"
},
"issuanceDate": "<timestamp>",
"expirationDate": "<timestamp-in:365d>"
}
}
To learn about the issuance requests + the other parameters, please go here.
Body Parameters
status- Object defining the status service config + initial statusstatusCredentialConfig: The ID of the status credential config, e.g.waltid.tenant1.credential-status-service1.config1.initialStatus: The string representing the hexadecimal value of the status, e.g.0x0.
Note! To ensure compatibility with the issued holder credential, the provided status credential configuration and the requested holder credential must reference the same standard. Providing any other status credential reference will cause an error due to incompatibility between the holder and status credential formats.
Update A Credential Status
Endpoint: /v1/{target}/credential-status-service-api/status-credential/status/update | API Reference
Example Request
curl -X 'PUT' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/credential-status-service-api/status-credential/status/update' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourToken}' \
-H 'Content-Type: application/json' \
-d '{
"index": "11597",
"status": "0x1"
}'
Path Parameters
orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is namedtest, your default Base URL will betest.enterprise-sandbox.walt.devwhen using the sandbox environment.target: resourceIdentifier - The target indicates the organization + tenant + credential status service + credential status config ID in which to create a new status list entry.{organizationID}.{tenantID}.{credentialStatusServiceID}.{statusCredentialConfigID}), e.g.waltid.tenant1.status-service1.revocation-config
Body
{
"index": "11597",
"status": "0x1"
}
Body Parameters
index: The index of the credential status to update.status: The string representing the hexadecimal value of the updated status, e.g.0x1.