Registries

Revocation means deleting or updating a credential. Truvera's credential revocation is managed with a revocation registry.

There can be multiple registries on the chain, and each registry has a unique id. It is recommended that the revocation authority create a new registry for each credential type. Truvera Workspace allows you to create, delete, and revoke/unrevoke the credential. You can retrieve a specified registry as well as a list of all registries created by the user.

For a detailed example of the registry workflow. Please refer here.

If you want to revoke ZKP credentials, you must create a registry with type `DockVBAccumulator2022`. For revoking other credentials, you can use `StatusList2021Entry`.

Create Registry

To create a registry, you have to create a policy object for which a DID is needed. It is advised that the DID is registered on the chain first. Otherwise, someone can look at the registry and register the DID, thus gaining control of the registry.

Choosing the right revocation registry is essential. Here's a simplified overview of the available options:

StatusList2021Entry
- Only supports non-ZKP credentials.
- Recommended for most users.
- Collective Tracking: Manages all revocation entries together, making it less costly to revoke multiple credentials simultaneously.
- W3C Compliant.
DockVBAccumulator2022
- Only supports ZKP credentials.
- Utilizes an on-ledger accumulator for enhanced privacy.
- Offers more privacy than the W3C Status List 2021.

CredentialStatusList2017 (Deprecated)

Only supports non-ZKP credentials.
Individual Tracking: Each entry is tracked separately, which means more ledger space is used for multiple entries.
This registry is cost-effective for a single entry. However, managing several entries can be more expensive.
Implements add-only policies.

Parameters

Name

Type

Required

Description

addOnly

body

boolean

false

True/false options. The default value is "false".

policy

body

[DIDDock]

true

The DIDs which control this registry. You must own a DID listed here to use the registry. Only one policy supported as of now: OneOf DID in list.

type

body

string

false

Specifies which type of registry to create. Defaults to StatusList2021Entry.

Create Registry

post

Create a Revocation registry on the blockchain. More info about Registry Creation

Authorizations

Body

Revocation registry

addOnlybooleanOptional

policystring[] · min: 1Optional

Only one policy supported as of now called OneOf

Example: did:cheqd:testnet:ac2b9027-ec1a-4ee2-aad1-1e316e7d6f59

typestring · enumOptionalDefault: StatusList2021EntryPossible values:

Responses

200

Registry will be created.

application/json

400

Invalid params like policy not supported.

application/json

402

Transaction limit reached or upgrade required to proceed

application/json

404

Resource was not found.

application/json

post

POST /registries HTTP/1.1
Host: api-testnet.truvera.io
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 114

{
  "addOnly": false,
  "policy": [
    "did:cheqd:testnet:ac2b9027-ec1a-4ee2-aad1-1e316e7d6f59"
  ],
  "type": "StatusList2021Entry"
}

{
  "id": "2539",
  "data": {
    "id": "4a94feb9c5b13756540148b94a984e04e308e3cbe2c8ef4174b676d9b3d08a84",
    "policy": {
      "type": "OneOf",
      "policy": [
        "did:cheqd:testnet:ac2b9027-ec1a-4ee2-aad1-1e316e7d6f59"
      ],
      "addOnly": false
    }
  }
}

List Registries

Return a list of all registries created by the user. The list is returned with the registry id and policy of the revocation registry.

For now, only one policy is supported, and each registry is owned by a single DID.

Parameters

Name

Type

Required

Description

offset

query

integer

false

How many items to offset by for pagination

limit

query

integer

false

How many items to return at one time (max 64)

List Registries

get

Get all registries created by user. More info about List Registries

Authorizations

Query parameters

offsetinteger · int32Optional

How many items to offset by for pagination

Default: 0

limitinteger · int32 · min: 1 · max: 64Optional

How many items to return at one time (max 64)

Default: 64

didstringOptional

DID exists in policy filter

typestringOptional

Registry type filter

Responses

200

All registries by user

application/json

400

Application error

application/json

get

GET /registries HTTP/1.1
Host: api-testnet.truvera.io
Authorization: Bearer JWT
Accept: */*

[
  {
    "id": "text",
    "registry": {
      "addOnly": true,
      "policy": [
        "did:cheqd:testnet:ac2b9027-ec1a-4ee2-aad1-1e316e7d6f59"
      ],
      "type": "StatusList2021Entry"
    }
  }
]

Get Registry

Get the details of an existing registry, such as policy, add-only status, when it was last updated, and controller(s). You need only supply the revocation registry id that was returned upon revocation registry creation.

Parameters

Name

Type

Required

Description

path

Hex32

true

Revocation registry id.

Get Registry

get

Get the details of an existing registry, such as policy, add-only status, when it was last updated, and controller(s). More info about Get Registry

Authorizations

Path parameters

idstring · min: 64 · max: 64Required

32 byte hex string. Ignoring higher base (base64) for simplicity.

Responses

200

Returns the information about provided registry ID.

application/json

400

Application error

application/json

404

Registry was not found.

application/json

get

GET /registries/{id} HTTP/1.1
Host: api-testnet.truvera.io
Authorization: Bearer JWT
Accept: */*

{
  "id": "4a94feb9c5b13756540148b94a984e04e308e3cbe2c8ef4174b676d9b3d08a87",
  "policy_and_type": {
    "type": "OneOf",
    "policy": [
      "did:cheqd:testnet:ac2b9027-ec1a-4ee2-aad1-1e316e7d6f59"
    ],
    "addOnly": false
  },
  "registry_type": "StatusList2021Entry",
  "created_at": "2022-01-17T18:37:07.780Z",
  "job_id": "2539"
}

Revoke/Unrevoke Credential

Credential revocation is managed with on-chain revocation registries. To revoke a credential, its id (or hash of its id) must be added to the credential. It is advised to have one revocation registry per credential type. Revoking an already revoked credential has no effect.

Similar to the replay protection mechanism for DIDs, the last modified block number is kept for each registry, which is updated each time a credential is revoked or unrevoked. Unrevoking an unrevoked credential has no effect.

In this API, simply add Revoke/Unrevoke into the action parameter and input the desired credential ids.

Parameters

Name

Type

Required

Description

path

Hex32

true

Revocation registry id.

action

body

string

false

The action taken, either revoke or unrevoke. The default value is "revoke"

credentialIds

body

array

true

The list of credential ids to act upon.

Enumerated Values

Parameter

Value

Description

action

revoke or unrevoke

Action to take on the registry.

Revoke/Unrevoke Credential

post

Credential revocation is managed with on-chain revocation registries. To revoke a credential, its id (or hash of its id) must be added to the credential. More info about Revoke/Unrevoke Credentials

Authorizations

Path parameters

idstring · min: 64 · max: 64Required

32 byte hex string. Ignoring higher base (base64) for simplicity.

Body

actionstring · enumOptionalDefault: revokePossible values:

credentialIdsstring · uri[] · min: 1Optional

Responses

200

Will try to revoke/unrevoke the credential.

application/json

400

Invalid params

application/json

401

Unauthorized

application/json

402

Transaction limit reached or upgrade required to proceed

application/json

404

Registry was not found.

application/json

post

POST /registries/{id} HTTP/1.1
Host: api-testnet.truvera.io
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 103

{
  "action": "revoke",
  "credentialIds": [
    "https://credentials.truvera.io/3e343b80ebaefb40d8f9d99ec27a885e"
  ]
}

{
  "id": "2541",
  "data": {
    "revokeIds": [
      "0xaff1aa6770d43d684690c0ad679a8608d5b7576feb3fdc1d6712decf73ca44e"
    ]
  }
}

Delete Registry

A registry can be deleted, leading to all the corresponding revocation ids being deleted as well. This requires the signature from the owner, similar to the other updates.

Parameters

Name

Type

Required

Description

path

Hex32

true

Revocation registry id.

Delete Registry

delete

A registry can be deleted, leading to all the corresponding revocation ids being deleted as well. More info about Registry Deletion

Authorizations

Path parameters

idstring · min: 64 · max: 64Required

32 byte hex string. Ignoring higher base (base64) for simplicity.

Responses

200

Revocation Registry will be deleted

application/json

400

Something went wrong.

application/json

404

Registry was not found.

application/json

delete

DELETE /registries/{id} HTTP/1.1
Host: api-testnet.truvera.io
Authorization: Bearer JWT
Accept: */*

{
  "id": "938",
  "data": {
    "id": "6151e62d7e03bc4012fde0595cfdb0d140e463a2f0ad5a431ff47243374bc611",
    "hexId": "6151e62d7e03bc4012fde0595cfdb0d140e463a2f0ad5a431ff47243374bc612",
    "lastModified": 4226296
  }
}

PreviousOther proof endpoints NextRevocation Status

Last updated 4 months ago

Was this helpful?