Suspension and Revocation
Credentials issued with a revocation method can be suspended or revoked to manage their validity after issuance. Whether a credential supports suspension and/or revocation is defined by its schema.
Suspend a credential
Use suspension to make a credential temporarily invalid. A suspended credential can be reactivated at any time.
When suspending a credential, you can optionally specify a suspendEndDate
— a time at which the system will automatically reactivate the credential.
Without this, the suspension remains in place until you manually
reactivate or revoke.
The SUSPEND_CHECK task checks suspended credentials against their
suspendEndDate and reactivates them when the date has passed. Decide
how often and when you want to run this check.
Reactivate a credential
Use the reactivation endpoint to lift a suspension. Credentials suspended
with a suspendEndDate will reactivate automatically at the specified time
(assuming a chron job) unless you reactivate them manually first.
Revoke a credential
Use revocation to permanently invalidate a credential. This cannot be undone.
A credential in ACCEPTED state that has a revocation method cannot be
deleted — use revocation instead. Credentials with no revocation method
can be deleted in any state. Deletion has no impact on the holder's copy
of the credential.
Batch credentials
For batch credentials, you can act on either the parent credential or on individual batch items.
Acting on the parent
Suspending, reactivating, or revoking the parent credential applies the action to all batch items together. This is the most straightforward approach when you want to manage the batch as a whole.
Acting on individual batch items
You can also suspend or revoke individual batch items, for example, if a specific credential is compromised while the rest of the batch remains valid.
However, acting on individual items constrains what you can later do at the parent level. If any batch item is in a state that cannot be reversed, for example, if you revoke a single item, the parent can no longer be reactivated, since reactivation would require all items to be restorable. In general, once you have taken action on individual batch items, certain parent-level operations become unavailable.
When managing a batch, prefer acting on the parent unless you have a specific reason to act on individual items. Mixing parent-level and item-level actions limits your options going forward.
Timing of validity changes
Suspension and revocation are not always instantaneous. The timing depends on the revocation method defined in the credential schema.
List-based methods publish a validity status list that is embedded by reference in the credential. Verifiers check this list in real time during verification, so suspension and revocation take effect virtually immediately.
Expiration-based methods work by issuing short-lived credentials that the system renews automatically before expiry — unless you have suspended or revoked the credential. When you suspend or revoke, you are instructing the system not to renew on the next reissuance request. The credential remains valid in the holder's wallet until it naturally expires.
Expiration-based methods include any credential in the ISO mdoc format.
Expiry durations are configurable via the MDOC format settings. See
System configuration.
For the states a credential moves through during its lifecycle, see Credential States.