Access Grants Endpoint#
Added in version 2.3.
Developer Preview
The ESS Wallet Service endpoints are available as part of a Developer Preview program to allow early access to these features. Please be aware that these APIs may change.
The ESS Wallet Service provides the following endpoint for interacting with Wallet resources:
https://datawallet.{ESS Domain}/accessgrants
Note
To access the /accessgrants endpoint, users must be authenticated. The endpoint supports the use of HTTP-only, secure session cookies.
List Access Grants#
The Wallet Service provides an endpoint that returns a list of all the Access Grants stored in the Wallet.
Method |
|
Content-Type |
|
Endpoint |
|
Payload |
none |
Output#
Upon completion an array of Access Grants managed by the Wallet is returned.
Example response
[
{
"uuid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"identifier": "https://example.com/",
"webId": "https://id.{DOMAIN}/{username}",
"resource": "https://storage.example/data/MyResource",
"resourceName": "MyResource",
"forPurpose": "https://example.com/",
"expirationDate": "2024-07-19T09:18:52.233Z",
"issuedDate": "2024-07-19T09:18:52.233Z",
"modes": [
"read"
],
"logo": "https://images.example/logo.png",
"ownerName": "Example Name",
"isRDFResource": true
}
]
The fields have the following values:
Field |
Value |
|---|---|
|
A unique identifier of this access grant. |
|
The URI identifying the access grant. |
|
The WebID of the party requesting access to a resource. |
|
The URI of the resource within the Wallet to which access has been granted. |
|
The short-name of the resource to which access has been granted, without the hostname and parent path. |
|
The URI of the document describing the purpose of this Access Grant. |
|
The expiration date of the Access Request in ISO-8601 format. |
|
The date of issuance of the Access Request in ISO-8601 format. |
|
The modes of access that will be granted if this access request is approved (e.g. |
|
A URI identifying a logo to associate with the party granted access to a resource (for display within the Wallet user interface). |
|
The name of the party granted access to a resource, if available. |
|
The WebID of the party granted access to a resource. |
|
Boolean value indicating whether the resource contains RDF data. |
Read Access Grant#
The Wallet Service provides an endpoint that returns an Access Grant managed by the Wallet.
Method |
|
Content-Type |
|
Endpoint |
|
Payload |
none |
Input#
Path Parameter |
Value |
|---|---|
|
The UUID of the Access Grant item to read. |
Output#
Example response
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://schema.inrupt.com/credentials/v1.jsonld",
"https://w3id.org/security/data-integrity/v1",
"https://w3id.org/vc-revocation-list-2020/v1",
"https://w3id.org/vc/status-list/2021/v1",
"https://w3id.org/security/suites/ed25519-2020/v1"
],
"id": "https://credential.example/vc/d37de1c7-99aa-4152-92dd-afeed8fcb9ac",
"type": [
"VerifiableCredential",
"SolidAccessGrant"
],
"expirationDate": "2024-09-18T09:20:20Z",
"issuanceDate": "2024-07-18T09:20:20Z",
"issuer": "https://credential.example",
"credentialSubject": {
"id": "https://id.example/alice",
"providedConsent": {
"mode": "Read",
"forPersonalData": "https://storage.example/ebb02f58-7708-43c8-bade-f654dc92604f/foo/bar",
"forPurpose": "https://vocabulary.example/SpecificPurpose",
"hasContext": "https://app.example/",
"hasStatus": "ConsentStatusExplicitlyGiven",
"isProvidedToController": "https://id.example/bob"
}
},
"credentialStatus": {
"id": "https://credential.example/status/SZib#0",
"type": "RevocationList2020Status",
"revocationListCredential": "https://credential.example/status/SZib",
"revocationListIndex": "0"
},
"proof": {
"type": "Ed25519Signature2020",
"created": "2024-07-18T09:20:20Z",
"domain": "solid",
"proofPurpose": "assertionMethod",
"proofValue": "ayEhvte44V3h1rn7tLTdMX...",
"verificationMethod": "https://credential.example/key/c7652806-402b-364b-a920-966938f5646c"
}
}
The fields in the response are described by the Access Grant Service.
Delete Access Grant#
The Wallet Service provides an endpoint to delete an Access Grant that is managed by the Wallet.
Method |
|
Content-Type |
|
Endpoint |
|
Payload |
none |
Input#
Path Parameter |
Value |
|---|---|
|
The UUID of the access grant item to be deleted. |
Output#
Upon completion, a status message is returned.
Example response
{
"message": "success"
}
The fields have the following values:
Field |
Value |
|---|---|
|
A successful operation includes the string “success”. |
|
An unsuccessful operation describes the failure category, such as “UNAUTHORIZED”. |
Revoke Access Grant#
The Wallet Service provides an endpoint to revoke an Access Grant that is managed by the Wallet.
Method |
|
Content-Type |
|
Endpoint |
|
Payload |
none |
Input#
Path Parameter |
Value |
|---|---|
|
The UUID of the access grant to be revoked. |
Output#
Upon completion, a status message is returned.
Example response
{
"message": "success"
}
The fields have the following values:
Field |
Value |
|---|---|
|
A successful operation includes the string “success”. |
|
An unsuccessful operation describes the failure category, such as “UNAUTHORIZED”. |
Batch Revoke Access Grants#
The Wallet Service provides an endpoint to revoke multiple Access Grants that are managed by the Wallet.
Method |
|
Content-Type |
|
Endpoint |
|
Payload |
A JSON array of Access Grant UUIDs to revoke. |
Input#
The body of the request contains a JSON array listing the Access Grants to be revoked.
Body |
Value |
|---|---|
Content-Type |
|
|
An array of strings containing the UUIDs of the Access Grants managed by the Wallet to be revoked. |
Example request
{
"uuids": [
"3fa85f64-5717-4562-b3fc-2c963f66afa6"
]
}
Upon completion, a status message is returned.
Example response
{
"message": "success"
}
The fields have the following values:
Field |
Value |
|---|---|
|
A successful operation includes the string “success”. |
|
An unsuccessful operation describes the failure category, such as “UNAUTHORIZED”. |