Credential Revocation Integration

Gataca currently supports multiple credential revocation protocols, with the following mechanisms being the most notable. These mechanisms continue to evolve, and Gataca ensures backward compatibility with previous revocation methods. The revocation mechanism used depends on when the credential was issued. Currently Gataca uses Verifiable Credential Status List 2021.

It is not necessary to explicitly determine the revocation mechanism of a credential, as Gataca manages this process. The issuer only needs to integrate with the Gataca API call described below.

These are the revocation mechanisms supported by Gataca:

• Credential Status List 2017

• Revocation List 2020

• Verifiable Credential Status List 2021

To update the status of a credential, the issuer must execute the following API call.

Request Example

PATCH /admin/v1/credentials/[CREDENTIAL-ID]
Host: certify.gataca.io
Authorization: jwt [ACCESS-TOKEN]
Content-Type: application/json

{
    "status": "[CREDENTIAL-STATUS]"
}

• CREDENTIAL-ID : Credential identifier. This identifier represents a credential, which will change its status after this call.

• ACCESS-TOKEN: Access token received from the authentication request (This authentication must be executed by an application linked to the tenant selected into the authentication request).

• CREDENTIAL-STATUS: Credential status identifier. In this case, only 3 different states can be assigned: REVOKED, SUSPENDED and ISSUED .

Response Example

Credential statuses

• ISSUED: This is the default status when a verifiable credential is issued. It indicates that the credential is valid.

• SUSPENDED: This is a temporary revocation, meaning the credential is currently not valid. However, it can be reinstated to the Issued status, restoring its validity.

• REVOKED: This is a permanent status. Once revoked, the credential is no longer valid and cannot be reinstated.

This diagram illustrates the status flow, explaining how a credential’s status can be modified.