Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
The Status List v2021 supported in cheqd Studio utilise bitstrings to represent whether a Verifiable Credential has been suspended/revoked or not. A bitstring can be thought of as a long list of 1s and 0s, where, if the binary value of the position in the list is 1 (one), the verifiable credential is revoked, if it is 0 (zero) it is not revoked.
Figure 1: Graphic showing the StatusList2021 bitstring
Each issued Credential correlates with a position and index on the bitstring, so that a verifier will be able to correlate the value within the Credential against the public bitstring to ascertain whether the Credential has been revoked or not, using a validate algorithm as well as a bitstring expansion algorithm.
The issuer keeps a bitstring list of all Verifiable Credentials it has issued. The Status List is usually published by the issuer in the format of its own Verifiable Credential. This Verifiable Credential is generally hosted publicly on a centralised server or domain to enable third-party read-access.
cheqd stores each Status List and subsequent entries on-ledger as DID-Linked Resource versions. This has notable benefits, including the provenance, legitimacy and security of the Status List. For a full list of benefits, see the context for creating DID-Linked Resources.
Create Status List v2021
Create a Status List v2021 on cheqd as a DID-Linked Resource
Update Status List v2021
Update a Status List v2021 to revoke/suspend credentials
Check Status List v2021
Check whether a specified indices is revoked, suspended, unsuspended or valid
Search Status List v2021
Search for specific entries in the Status List, traversing its history
Querying Status List entries or indices
Using the /credential-status/check API, users are able to query specific Credential indices within a Status List to ascertain whether the Credential is revoked, suspended or currently valid.
Using the /credential-status/check API, users have two options for checking whether a particular Credential index is revoked or suspended:
Filling out a simple form using the application/x-www-url-form-encoded option on the Swagger UI.
Compiling a DID Document body yourself using the application/json option on the Swagger UI.
This is the easiest way to check whether a particular credential index is revoked or suspended.
Using the application/x-www-url-form-encoded option on the Swagger UI, users are able to choose between the following variables to compile your DID:
To automatically make a payment to an Issuer in order to verify an encrypted Status List, follow the tutorial here:
Instead of using simple parameters, users can submit a JSON payload to the same effect using the application/json option on the Swagger UI. For example:
Execute the API request using the API below:
Verifier pays Issuer
Understand how a Verifier pays an Issuer to decrypt an encrypted Status List and verify a Credential Status.
The /credential-status/search API allows users to search for specific entries of a Status List on the cheqd network. For example, if there are multiple Status Lists associated with the same DID, the search functionality allows applications to make requests only to a specified Status List.
Users are able to filter by:
Execute the filters from Step 1 on the API below:
Update indices in Status List
The /credential-status/update/unencrypted API enables users to update the indices of a Status List. This may be useful for revoking Credentials in bulk, rather than submitting individual /credential/revoke requests.
Token Status List is a specification from the Internet Engineering Task Force, using JSON or CBOR encoded sets of bits and wrapping these as either a JSON Web Tokens (JWTs) or CBOR Web Tokens (CWTs), to comprise a full status list.
The specification may be found below:
Create a Token Status List JWT or CWT as a DID-Linked Resource
Users are able to create Token Status List entries on-ledger, which may be used to represent whether a Verifiable Credential is active, inactive or suspended. This implementation on cheqd is a derivation from the core spec made by cheqd to support a more decentralised and resilient approach to storing Token Status Lists.
Make sure you have set up your account with cheqd Studio and are logged in, using our guide below:
Before you can create a Status List, you need to create a DID which is used to link the Status List on-ledger. Use the API in the page below to create a DID:
Token Status Lists are JWT or CWT files that reference lists of bits formatted in JSON or CBOR.
Save this file locally and call it something like statusListToken.json
Note that each JWT or CWT must be below ~45kb in size.
Prepare a file with resource and encode it into base64, base64url or hex. On Unix systems, you can use the following command input:
Expected output:
DID-Linked Resources are grouped by having identical names and types. This means if you want to create a new version of the same Resource, you will need to specify the same name and type in the following request.
For Token Status Lists, the "type" MUST be: "TokenStatusList".
For example:
Ensure that you link this Token Status List to the DID that you created in step 3. This will sign the resource with the same verification method keys in your DID Document, ensuring cryptographic integrity and Controllership of the Status List.
As a DID-Linked Resource, the Token Status List will have a fully resolvable DID URL which can be referenced within the body of Verifiable Credentials, and queried by verification policies to establish the status of the specific credential.
Owing to the design of DID-Linked Resources, following the creation of the Token Status List, users are able to reference the specific version, or create a query to always fetch the latest version of the Token Status List.
Using a DID Resolver or the search DID endpoint, users can find the DID URL and unique resourceId of the Token Status List. The unique resourceId allows users to specify this exact version of the Token Status List.
In the DID Document Metadata, users should find "linkedResourceMetadata", like the following snippet:
Here, the "resourceURI" specifies the DID URL of the specific Token Status List that was created.
In order to reference the latest version of the Token Status List, the following construction needs to be used:
did:cheqd:<namespace>:<resourceCollectionId>?resourceName=<resourceName>&resourceType=<resourceType>
For example:
did:cheqd:testnet:0a5b94d0-a417-48ed-a6f5-4abc9e95888d?resourceName=DegreeCredentialStatus&resourceType=TokenStatusList
In order to reference the Token Status List at a particular point in time, the following construction needs to be used:
did:cheqd:<namespace>:<resourceCollectionId>?resourceName=<resourceName>&resourceType=<resourceType>&resourceVerionTime=<XMLDateTime>
For example:
did:cheqd:testnet:0a5b94d0-a417-48ed-a6f5-4abc9e95888d?resourceName=DegreeCredentialStatus&resourceType=TokenStatusList&resourceVersionTime=2023-02-22T06:58:18.61Z
Create, update and fetch Status Lists on cheqd, stored as a DID-Linked Resources
Status Lists are generally sets of indices which can be used to mathematically derive whether an issued Credential has been revoked, suspended or is still valid. Status Lists are crucial for verifier applications to determine whether to accept a credential, presented by a holder.
There are many different ways to create status lists on cheqd, with options for easy integration (e.g. cheqd Studio) and more bespoke integrations (e.g. Credo and Veramo). Below are a list of options for creating cheqd DIDs.
There are two predominant Status List formats supported in cheqd Studio. Please choose a Status List type below to get started.
Create Status List 2021 Resource on cheqd.
Users are able to create Verifiable Credential Status List v2021 entries on-ledger, in order to revoke or suspend Verifiable Credentials. This is a derivation from the core spec made by cheqd to support a more decentralized and resilient approach to storing Status Lists.
Make sure you have set up your account with cheqd Studio and are logged in, using our guide below:
Before you can create a Status List, you need to create a DID which is used to link the Status List on-ledger. Use the API in the page below to create a DID:
When creating a Status List, a user will have the following options:
For the purpose of this tutorial, we will assume the user is creating an unencrypted Status List. For encrypted Status Lists, follow the tutorial here.
Using the /credential-status/create/unencrypted API, users have two options for creating an encrypted Status List on-ledger:
Filling out a simple form using the application/x-www-url-form-encoded option within an API client of your choice.
Compiling a Status List payload yourself using the application/json option within an API client of your choice.
This is the easiest way to create unencrypted Status Lists on cheqd and is recommended for users who are not overly familiar with compiling JSON objects.
Using the application/x-www-url-form-encoded option, users are able to choose between the following variables and options to create an unencrypted Status List on-ledger:
Instead of using simple form variables, you can create an encrypted Status List using a JSON payload yourself using the application/json option on the Swagger UI.
An example of the JSON payload needed to be submitted is below:
Once the Issuer has populated the requisite information for the unencrypted Status List request, they can use the API below to submit it to the ledger.
This endpoint checks a StatusList2021 index for a given Verifiable Credential and reports whether it is revoked or suspended. It offers a standalone method for checking an index without passing the entire Verifiable Credential or Verifiable Presentation.
The purpose of the status list. Can be either revocation or suspension.
DID of the StatusList2021 publisher.
The name of the StatusList2021 DID-Linked Resource to be checked.
Credential status index to be checked for revocation or suspension.
Automatically make fee payment (if required) based on payment conditions to unlock encrypted StatusList2021 DID-Linked Resource.
The request was successful.
truefalseSet up your account
Set up your account with cheqd Studio and log in to start using the APIs.
Create an Issuer DID
Create a W3C conformant DID on cheqd using the did:cheqd DID Method.
cheqd Studio
Our API product enables users to use cheqd's functionality with minimal complexity and easily integrate APIs into existing apps.
Credo
Credo is an SDK which supports the European Architecture and Reference Framework (ARF) standards as well as AnonCreds with full cheqd support for DIDs.
Veramo
The Veramo SDK Plugin supports JSON, JSON-LD credentials as well as cheqd Credential Payments in an SDK.
Walt.id Community Stack
Walt.id Community Stack is an SDK that supports the European Architecture and Reference Framework (ARF) standards for identity, with full cheqd support.
Status List v2021
This Status List is a generic Bitstring Status List used for most JSON and JSON-LD credential implementations.
Token Status List
This Status List is generally used for SD-JWT specific credential types.
Set up your account
Set up your account with cheqd Studio and log in to start using the APIs.
Create an Issuer DID
Create a W3C conformant DID on cheqd using the did:cheqd DID Method.
Create Token Status List
Create a Token Status List JWT or CWT as a DID-Linked Resource on cheqd
Update Token Status List
Update a Token Status List JWT or CWT as a new DID-Linked Resource version on cheqd
This endpoint creates an unencrypted StatusList2021 credential status list. The StatusList is published as a DID-Linked Resource on ledger. As input, it can can take input parameters needed to create the status list via a form, or a pre-assembled status list in JSON format. Status lists can be created as either encrypted or unencrypted; and with purpose as either revocation or suspension.
The purpose of the status list. Can be either revocation or suspension. Once this is set, it cannot be changed. A new status list must be created to change the purpose.
DID of the StatusList2021 publisher.
The name of the StatusList2021 DID-Linked Resource to be created.
The length of the status list to be created. The default and minimum length is 140000 which is 16kb.
The encoding format of the StatusList2021 DiD-Linked Resource to be created.
Optional field to assign a human-readable version in the StatusList2021 DID-Linked Resource.
Optional field to assign a set of alternative URIs where the DID-Linked Resource can be fetched from.
URI where the DID-Linked Resource can be fetched from. Can be any type of URI (e.g., DID, HTTPS, IPFS, etc.)
Optional description of the URI.
The request was successful.
true"H4sIAAAAAAAAA-3BAQ0AAADCoPdPbQ8HFAAAAAAAAAAAAAAAAAAAAADwaDhDr_xcRAAA""StatusList2021Revocation""2023-06-26T11:45:19.349Z""StatusList2021Revocation""base64url"falseThis endpoint creates an unencrypted StatusList2021 credential status list. The StatusList is published as a DID-Linked Resource on ledger. As input, it can can take input parameters needed to create the status list via a form, or a pre-assembled status list in JSON format. Status lists can be created as either encrypted or unencrypted; and with purpose as either revocation or suspension.
The purpose of the status list. Can be either revocation or suspension. Once this is set, it cannot be changed. A new status list must be created to change the purpose.
DID of the StatusList2021 publisher.
The name of the StatusList2021 DID-Linked Resource to be created.
The length of the status list to be created. The default and minimum length is 140000 which is 16kb.
The encoding format of the StatusList2021 DiD-Linked Resource to be created.
Optional field to assign a human-readable version in the StatusList2021 DID-Linked Resource.
Optional field to assign a set of alternative URIs where the DID-Linked Resource can be fetched from.
URI where the DID-Linked Resource can be fetched from. Can be any type of URI (e.g., DID, HTTPS, IPFS, etc.)
Optional description of the URI.
The request was successful.
true"H4sIAAAAAAAAA-3BAQ0AAADCoPdPbQ8HFAAAAAAAAAAAAAAAAAAAAADwaDhDr_xcRAAA""StatusList2021Revocation""2023-06-26T11:45:19.349Z""StatusList2021Revocation""base64url"falseThe DID of the issuer of the status list.
The purpose of the status list. Can be either revocation or suspension.
The name of the StatusList2021 DID-Linked Resource.
The request was successful.
true"H4sIAAAAAAAAA-3BAQ0AAADCoPdPbQ8HFAAAAAAAAAAAAAAAAAAAAADwaDhDr_xcRAAA""StatusList2021Revocation""2023-06-26T11:45:19.349Z""StatusList2021Revocation""base64url"falseThe update action to be performed on the unencrypted status list, can be revoke, suspend or reinstate
DID of the StatusList2021 publisher.
The name of the StatusList2021 DID-Linked Resource to be updated.
List of credential status indices to be updated. The indices must be in the range of the status list.
Optional field to assign a human-readable version in the StatusList2021 DID-Linked Resource.
The request was successful.
truetrue"H4sIAAAAAAAAA-3BAQ0AAADCoPdPbQ8HFAAAAAAAAAAAAAAAAAAAAADwaDhDr_xcRAAA""StatusList2021Revocation""2023-06-26T11:45:19.349Z""StatusList2021Revocation""base64url"falseThis endpoint creates a DID-Linked Resource. As input, it can take the DID identifier and the resource parameters via a form, or the fully-assembled resource itself.
DID identifier to link the resource to.
Encoded string containing the data to be stored in the DID-Linked Resource.
Encoding format used to encode the data.
Name of DID-Linked Resource.
Type of DID-Linked Resource. This is NOT the same as the media type, which is calculated automatically ledger-side.
Optional field to assign a set of alternative URIs where the DID-Linked Resource can be fetched from.
Optional field to assign a human-readable version in the DID-Linked Resource.
List of key references (publicKeys) which will be used for signing the message. The should be in hexadecimal format and placed in the wallet of current user.
The request was successful.
"did:cheqd:testnet:55dbc8bf-fba3-4117-855c-1e0dc1d3bb47/resources/398cee0a-efac-4643-9f4c-74c48c72a14b""55dbc8bf-fba3-4117-855c-1e0dc1d3bb47""398cee0a-efac-4643-9f4c-74c48c72a14b""cheqd-issuer-logo""CredentialArtwork""image/png""1.0""a95380f460e63ad939541a57aecbfd795fcd37c6d78ee86c885340e33a91b559""2021-09-01T12:00:00Z""d4829ac7-4566-478c-a408-b44767eddadc""ad7a8442-3531-46eb-a024-53953ec6e4ff"Resolve a DID Document by DID identifier. Also supports DID Resolution Queries as defined in the W3C DID Resolution specification.
DID identifier to resolve.
"did:cheqd:mainnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0"Return only metadata of DID Document instead of actual DID Document.
Unique UUID version identifier of DID Document. Allows for fetching a specific version of the DID Document. See cheqd DID Method Specification for more details.
"3ccde6ba-6ba5-56f2-9f4f-8825561a9860"Returns the closest version of the DID Document at or before specified time. See DID Resolution handling for did:cheqd for more details.
"1970-01-01T00:00:00Z"This directive transforms the Verification Method key format from the version in the DID Document to the specified format chosen below.
Query DID Document for a specific Service Endpoint by Service ID (e.g., service-1 in did:cheqd:mainnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0#service-1). This will typically redirect to the Service Endpoint based on DID Resolution specification algorithm.
"service-1"Relative reference is a query fragment appended to the Service Endpoint URL. Must be used along with the service query property above. See DID Resolution specification algorithm for more details.
"/path/to/file"The request was successful.
"https://w3id.org/did-resolution/v1""application/did+ld+json""2021-09-01T12:00:00Z""did:cheqd:testnet:55dbc8bf-fba3-4117-855c-1e0dc1d3bb47""cheqd""55dbc8bf-fba3-4117-855c-1e0dc1d3bb47"This input field contains either a complete DID document, or an incremental change (diff) to a DID document. See Universal DID Registrar specification.
DID appended with Service fragment ID (e.g., #service-1 in did:cheqd:mainnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0#service-1)
"did:cheqd:mainnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0#service-1"Service type as defined in DID Specification Registries.
"LinkedDomains"Service endpoint as defined in DID Core Specification.
"https://example.com""2021-09-01T12:00:00Z"false"2021-09-10T12:00:00Z""3ccde6ba-6ba5-56f2-9f4f-8825561a9860""did:cheqd:testnet:55dbc8bf-fba3-4117-855c-1e0dc1d3bb47/resources/398cee0a-efac-4643-9f4c-74c48c72a14b""55dbc8bf-fba3-4117-855c-1e0dc1d3bb47""398cee0a-efac-4643-9f4c-74c48c72a14b""cheqd-issuer-logo""CredentialArtwork""image/png""1.0""a95380f460e63ad939541a57aecbfd795fcd37c6d78ee86c885340e33a91b559""2021-09-01T12:00:00Z""d4829ac7-4566-478c-a408-b44767eddadc""ad7a8442-3531-46eb-a024-53953ec6e4ff"Update a Token Status List JWT or CWT as a new DID-Linked Resource
Create a JWT or CWT file with the updated indices and bits for the updated Status List.
Save this file locally and call it something like statusListTokenUPDATED.json
Note that each JWT or CWT must be below ~45kb in size.
Prepare a file with resource and encode it into base64, base64url or hex. On Unix systems, you can use the following command input:
Expected output:
To create a new version you must use the same "name" and "type" for your resource, and ensure that the new Token Status List resource is being created underneath the same DID as your initial DID. You will also need to be logged into the same cheqd Studio account that you used to create the initial Token Status List to have access to the keys to sign the update.
For Token Status Lists, the "type" MUST be: "TokenStatusList".
For example:
This endpoint creates a DID-Linked Resource. As input, it can take the DID identifier and the resource parameters via a form, or the fully-assembled resource itself.
DID identifier to link the resource to.
Encoded string containing the data to be stored in the DID-Linked Resource.
Encoding format used to encode the data.
Name of DID-Linked Resource.
Type of DID-Linked Resource. This is NOT the same as the media type, which is calculated automatically ledger-side.
Optional field to assign a set of alternative URIs where the DID-Linked Resource can be fetched from.
Optional field to assign a human-readable version in the DID-Linked Resource.
List of key references (publicKeys) which will be used for signing the message. The should be in hexadecimal format and placed in the wallet of current user.
The request was successful.
"did:cheqd:testnet:55dbc8bf-fba3-4117-855c-1e0dc1d3bb47/resources/398cee0a-efac-4643-9f4c-74c48c72a14b""55dbc8bf-fba3-4117-855c-1e0dc1d3bb47""398cee0a-efac-4643-9f4c-74c48c72a14b""cheqd-issuer-logo""CredentialArtwork""image/png""1.0""a95380f460e63ad939541a57aecbfd795fcd37c6d78ee86c885340e33a91b559""2021-09-01T12:00:00Z""d4829ac7-4566-478c-a408-b44767eddadc""ad7a8442-3531-46eb-a024-53953ec6e4ff"