Access Grants Endpoint

Added in version 2.3.

Developer Preview

The ESS Wallet Service endpoints are available as part of a Developer Preview program to allow early access to these features. Please be aware that these APIs may change.

The ESS Wallet Service provides the following endpoint for interacting with Wallet resources:

https://datawallet.{ESS Domain}/accessgrants

Note To access the /accessgrants endpoint, users must be authenticated. The endpoint supports the use of HTTP-only, secure session cookies.

List Access Grants

The Wallet Service provides an endpoint that returns a list of all the Access Grants stored in the Wallet.

Method

GET

Content-Type

application/json

Endpoint

https://datawallet.{ESS Domain}/accessgrants

Payload

none

Output

Upon completion an array of Access Grants managed by the Wallet is returned.

Example response

[
  {
    "uuid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "identifier": "https://example.com/",
    "webId": "https://id.{DOMAIN}/{username}",
    "resource": "https://storage.example/data/MyResource",
    "resourceName": "MyResource",
    "forPurpose": "https://example.com/",
    "expirationDate": "2024-07-19T09:18:52.233Z",
    "issuedDate": "2024-07-19T09:18:52.233Z",
    "modes": [
      "read"
    ],
    "logo": "https://images.example/logo.png",
    "ownerName": "Example Name",
    "isRDFResource": true
  }
]

The fields have the following values:

Field

Value

uuid

A unique identifier of this access grant.

identifier

The URI identifying the access grant.

webId

The WebID of the party requesting access to a resource.

resource

The URI of the resource within the Wallet to which access has been granted.

resourceName

The short-name of the resource to which access has been granted, without the hostname and parent path.

forPurpose

The URI of the document describing the purpose of this Access Grant.

expirationDate

The expiration date of the Access Request in ISO-8601 format.

issuedDate

The date of issuance of the Access Request in ISO-8601 format.

modes

The modes of access that will be granted if this access request is approved (e.g. read, write, append).

logo

A URI identifying a logo to associate with the party granted access to a resource (for display within the Wallet user interface).

ownerName

The name of the party granted access to a resource, if available.

webId

The WebID of the party granted access to a resource.

isRDFResource

Boolean value indicating whether the resource contains RDF data.

Read Access Grant

The Wallet Service provides an endpoint that returns an Access Grant managed by the Wallet.

Method

GET

Content-Type

application/ld+json

Endpoint

https://datawallet.{ESS Domain}/accessgrants/{uuid}

Payload

none

Input

Path Parameter

Value

uuid

The UUID of the Access Grant item to read.

Output

Example response

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://schema.inrupt.com/credentials/v1.jsonld",
    "https://w3id.org/security/data-integrity/v1",
    "https://w3id.org/vc-revocation-list-2020/v1",
    "https://w3id.org/vc/status-list/2021/v1",
    "https://w3id.org/security/suites/ed25519-2020/v1"
  ],
  "id": "https://credential.example/vc/d37de1c7-99aa-4152-92dd-afeed8fcb9ac",
  "type": [
    "VerifiableCredential",
    "SolidAccessGrant"
  ],
  "expirationDate": "2024-09-18T09:20:20Z",
  "issuanceDate": "2024-07-18T09:20:20Z",
  "issuer": "https://credential.example",
  "credentialSubject": {
    "id": "https://id.example/alice",
    "providedConsent": {
      "mode": "Read",
      "forPersonalData": "https://storage.example/ebb02f58-7708-43c8-bade-f654dc92604f/foo/bar",
      "forPurpose": "https://vocabulary.example/SpecificPurpose",
      "hasContext": "https://app.example/",
      "hasStatus": "ConsentStatusExplicitlyGiven",
      "isProvidedToController": "https://id.example/bob"
    }
  },
  "credentialStatus": {
    "id": "https://credential.example/status/SZib#0",
    "type": "RevocationList2020Status",
    "revocationListCredential": "https://credential.example/status/SZib",
    "revocationListIndex": "0"
  },
  "proof": {
    "type": "Ed25519Signature2020",
    "created": "2024-07-18T09:20:20Z",
    "domain": "solid",
    "proofPurpose": "assertionMethod",
    "proofValue": "ayEhvte44V3h1rn7tLTdMX...",
    "verificationMethod": "https://credential.example/key/c7652806-402b-364b-a920-966938f5646c"
  }
}

The fields in the response are described by the Access Grant Service.

Delete Access Grant

The Wallet Service provides an endpoint to delete an Access Grant that is managed by the Wallet.

Method

DELETE

Content-Type

application/json

Endpoint

https://datawallet.{ESS Domain}/accessgrants/{uuid}

Payload

none

Input

Path Parameter

Value

uuid

The UUID of the access grant item to be deleted.

Output

Upon completion, a status message is returned.

Example response

{
    "message": "success"
}

The fields have the following values:

Field

Value

message

A successful operation includes the string “success”.

error

An unsuccessful operation describes the failure category, such as “UNAUTHORIZED”.

Revoke Access Grant

The Wallet Service provides an endpoint to revoke an Access Grant that is managed by the Wallet.

Method

PUT

Content-Type

application/json

Endpoint

https://datawallet.{ESS Domain}/accessgrants/{uuid}/revoke

Payload

none

Input

Path Parameter

Value

uuid

The UUID of the access grant to be revoked.

Output

Upon completion, a status message is returned.

Example response

{
    "message": "success"
}

The fields have the following values:

Field

Value

message

A successful operation includes the string “success”.

error

An unsuccessful operation describes the failure category, such as “UNAUTHORIZED”.

Batch Revoke Access Grants

The Wallet Service provides an endpoint to revoke multiple Access Grants that are managed by the Wallet.

Method

PUT

Content-Type

application/json

Endpoint

https://datawallet.{ESS Domain}/accessgrants/revoke

Payload

A JSON array of Access Grant UUIDs to revoke.

Input

The body of the request contains a JSON array listing the Access Grants to be revoked.

Body

Value

Content-Type

application/json

uuids

An array of strings containing the UUIDs of the Access Grants managed by the Wallet to be revoked.

Example request

{
  "uuids": [
    "3fa85f64-5717-4562-b3fc-2c963f66afa6"
  ]
}

Upon completion, a status message is returned.

Example response

{
    "message": "success"
}

The fields have the following values:

Field

Value

message

A successful operation includes the string “success”.

error

An unsuccessful operation describes the failure category, such as “UNAUTHORIZED”.

PreviousInbox Endpoint NextSignup Endpoint

Last updated 5 months ago

hashtagList Access Grants

hashtagOutput

hashtagRead Access Grant

hashtagInput

hashtagOutput

hashtagDelete Access Grant

hashtagInput

hashtagOutput

hashtagRevoke Access Grant

hashtagInput

hashtagOutput

hashtagBatch Revoke Access Grants

hashtagInput

List Access Grants

Output

Read Access Grant

Input

Output

Delete Access Grant

Input

Output

Revoke Access Grant

Input

Output

Batch Revoke Access Grants

Input