# Access Grants Endpoint

{% hint style="success" %}
Added in version 2.3.
{% endhint %}

{% hint style="warning" %}
**Developer Preview**

The ESS Wallet Service endpoints are available as part of a Developer Preview program to allow early access to these features. Please be aware that these APIs may change.
{% endhint %}

The ESS Wallet Service provides the following endpoint for interacting with Wallet resources:

```
https://datawallet.{ESS Domain}/accessgrants
```

{% hint style="info" %}
**Note** To access the **`/accessgrants`** endpoint, users must be authenticated. The endpoint supports the use of HTTP-only, secure session cookies.
{% endhint %}

## List Access Grants

The Wallet Service provides an endpoint that returns a list of all the Access Grants stored in the Wallet.

<table data-header-hidden><thead><tr><th width="161.15625"></th><th></th></tr></thead><tbody><tr><td>Method</td><td><strong><code>GET</code></strong></td></tr><tr><td>Content-Type</td><td><strong><code>application/json</code></strong></td></tr><tr><td>Endpoint</td><td><strong><code>https://datawallet.{ESS Domain}/accessgrants</code></strong></td></tr><tr><td>Payload</td><td>none</td></tr></tbody></table>

### Output

Upon completion an array of Access Grants managed by the Wallet is returned.

**Example response**

```
[
  {
    "uuid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "identifier": "https://example.com/",
    "webId": "https://id.{DOMAIN}/{username}",
    "resource": "https://storage.example/data/MyResource",
    "resourceName": "MyResource",
    "forPurpose": "https://example.com/",
    "expirationDate": "2024-07-19T09:18:52.233Z",
    "issuedDate": "2024-07-19T09:18:52.233Z",
    "modes": [
      "read"
    ],
    "logo": "https://images.example/logo.png",
    "ownerName": "Example Name",
    "isRDFResource": true
  }
]
```

The fields have the following values:

<table><thead><tr><th width="161.09765625">Field</th><th>Value</th></tr></thead><tbody><tr><td><strong><code>uuid</code></strong></td><td>A unique identifier of this access grant.</td></tr><tr><td><strong><code>identifier</code></strong></td><td>The URI identifying the access grant.</td></tr><tr><td><strong><code>webId</code></strong></td><td>The WebID of the party requesting access to a resource.</td></tr><tr><td><strong><code>resource</code></strong></td><td>The URI of the resource within the Wallet to which access has been granted.</td></tr><tr><td><strong><code>resourceName</code></strong></td><td>The short-name of the resource to which access has been granted, without the hostname and parent path.</td></tr><tr><td><strong><code>forPurpose</code></strong></td><td>The URI of the document describing the purpose of this Access Grant.</td></tr><tr><td><strong><code>expirationDate</code></strong></td><td>The expiration date of the Access Request in ISO-8601 format.</td></tr><tr><td><strong><code>issuedDate</code></strong></td><td>The date of issuance of the Access Request in ISO-8601 format.</td></tr><tr><td><strong><code>modes</code></strong></td><td>The modes of access that will be granted if this access request is approved (e.g. <strong><code>read</code></strong>, <strong><code>write</code></strong>, <strong><code>append</code></strong>).</td></tr><tr><td><strong><code>logo</code></strong></td><td>A URI identifying a logo to associate with the party granted access to a resource (for display within the Wallet user interface).</td></tr><tr><td><strong><code>ownerName</code></strong></td><td>The name of the party granted access to a resource, if available.</td></tr><tr><td><strong><code>webId</code></strong></td><td>The WebID of the party granted access to a resource.</td></tr><tr><td><strong><code>isRDFResource</code></strong></td><td>Boolean value indicating whether the resource contains RDF data.</td></tr></tbody></table>

## Read Access Grant

The Wallet Service provides an endpoint that returns an Access Grant managed by the Wallet.

<table data-header-hidden><thead><tr><th width="160.40625"></th><th></th></tr></thead><tbody><tr><td>Method</td><td><strong><code>GET</code></strong></td></tr><tr><td>Content-Type</td><td><strong><code>application/ld+json</code></strong></td></tr><tr><td>Endpoint</td><td><strong><code>https://datawallet.{ESS Domain}/accessgrants/{uuid}</code></strong></td></tr><tr><td>Payload</td><td>none</td></tr></tbody></table>

### Input

<table><thead><tr><th width="159.8515625">Path Parameter</th><th>Value</th></tr></thead><tbody><tr><td><strong><code>uuid</code></strong></td><td>The UUID of the Access Grant item to read.</td></tr></tbody></table>

### Output

**Example response**

```
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://schema.inrupt.com/credentials/v2.jsonld",
    "https://w3id.org/security/data-integrity/v1",
    "https://w3id.org/vc-revocation-list-2020/v1",
    "https://w3id.org/vc/status-list/2021/v1",
    "https://w3id.org/security/suites/ed25519-2020/v1"
  ],
  "id": "https://credential.example/vc/d37de1c7-99aa-4152-92dd-afeed8fcb9ac",
  "type": [
    "VerifiableCredential",
    "SolidAccessGrant"
  ],
  "expirationDate": "2024-09-18T09:20:20Z",
  "issuanceDate": "2024-07-18T09:20:20Z",
  "issuer": "https://credential.example",
  "credentialSubject": {
    "id": "https://id.example/alice",
    "providedConsent": {
      "mode": "Read",
      "forPersonalData": "https://storage.example/ebb02f58-7708-43c8-bade-f654dc92604f/foo/bar",
      "forPurpose": "https://vocabulary.example/SpecificPurpose",
      "hasContext": "https://app.example/",
      "hasStatus": "ConsentStatusExplicitlyGiven",
      "isProvidedToController": "https://id.example/bob"
    }
  },
  "credentialStatus": {
    "id": "https://credential.example/status/SZib#0",
    "type": "RevocationList2020Status",
    "revocationListCredential": "https://credential.example/status/SZib",
    "revocationListIndex": "0"
  },
  "proof": {
    "type": "Ed25519Signature2020",
    "created": "2024-07-18T09:20:20Z",
    "domain": "solid",
    "proofPurpose": "assertionMethod",
    "proofValue": "ayEhvte44V3h1rn7tLTdMX...",
    "verificationMethod": "https://credential.example/key/c7652806-402b-364b-a920-966938f5646c"
  }
}
```

The fields in the response are described by the [Access Grant Service](https://docs.inrupt.com/ess/2.5/services/service-access-grant).

## Delete Access Grant

The Wallet Service provides an endpoint to delete an Access Grant that is managed by the Wallet.

<table data-header-hidden><thead><tr><th width="160.8203125"></th><th></th></tr></thead><tbody><tr><td>Method</td><td><strong><code>DELETE</code></strong></td></tr><tr><td>Content-Type</td><td><strong><code>application/json</code></strong></td></tr><tr><td>Endpoint</td><td><strong><code>https://datawallet.{ESS Domain}/accessgrants/{uuid}</code></strong></td></tr><tr><td>Payload</td><td>none</td></tr></tbody></table>

### Input

<table><thead><tr><th width="159.85546875">Path Parameter</th><th>Value</th></tr></thead><tbody><tr><td><strong><code>uuid</code></strong></td><td>The UUID of the access grant item to be deleted.</td></tr></tbody></table>

### Output

Upon completion, a status message is returned.

**Example response**

```
{
    "message": "success"
}
```

The fields have the following values:

<table><thead><tr><th width="160.92578125">Field</th><th>Value</th></tr></thead><tbody><tr><td><strong><code>message</code></strong></td><td>A successful operation includes the string “success”.</td></tr><tr><td><strong><code>error</code></strong></td><td>An unsuccessful operation describes the failure category, such as “UNAUTHORIZED”.</td></tr></tbody></table>

## Revoke Access Grant

The Wallet Service provides an endpoint to revoke an Access Grant that is managed by the Wallet.

<table data-header-hidden><thead><tr><th width="160.2734375"></th><th></th></tr></thead><tbody><tr><td>Method</td><td><strong><code>PUT</code></strong></td></tr><tr><td>Content-Type</td><td><strong><code>application/json</code></strong></td></tr><tr><td>Endpoint</td><td><strong><code>https://datawallet.{ESS Domain}/accessgrants/{uuid}/revoke</code></strong></td></tr><tr><td>Payload</td><td>none</td></tr></tbody></table>

### Input

<table><thead><tr><th width="160.8203125">Path Parameter</th><th>Value</th></tr></thead><tbody><tr><td><strong><code>uuid</code></strong></td><td>The UUID of the access grant to be revoked.</td></tr></tbody></table>

### Output

Upon completion, a status message is returned.

**Example response**

```
{
    "message": "success"
}
```

The fields have the following values:

<table><thead><tr><th width="159.01953125">Field</th><th>Value</th></tr></thead><tbody><tr><td><strong><code>message</code></strong></td><td>A successful operation includes the string “success”.</td></tr><tr><td><strong><code>error</code></strong></td><td>An unsuccessful operation describes the failure category, such as “UNAUTHORIZED”.</td></tr></tbody></table>

## Batch Revoke Access Grants

The Wallet Service provides an endpoint to revoke multiple Access Grants that are managed by the Wallet.

<table data-header-hidden><thead><tr><th width="159.35546875"></th><th></th></tr></thead><tbody><tr><td>Method</td><td><strong><code>PUT</code></strong></td></tr><tr><td>Content-Type</td><td><strong><code>application/json</code></strong></td></tr><tr><td>Endpoint</td><td><strong><code>https://datawallet.{ESS Domain}/accessgrants/revoke</code></strong></td></tr><tr><td>Payload</td><td>A JSON array of Access Grant UUIDs to revoke.</td></tr></tbody></table>

### Input

The body of the request contains a JSON array listing the Access Grants to be revoked.

<table><thead><tr><th width="161.46875">Body</th><th>Value</th></tr></thead><tbody><tr><td>Content-Type</td><td><strong><code>application/json</code></strong></td></tr><tr><td><strong><code>uuids</code></strong></td><td>An array of strings containing the UUIDs of the Access Grants managed by the Wallet to be revoked.</td></tr></tbody></table>

**Example request**

```
{
  "uuids": [
    "3fa85f64-5717-4562-b3fc-2c963f66afa6"
  ]
}
```

Upon completion, a status message is returned.

**Example response**

```
{
    "message": "success"
}
```

The fields have the following values:

<table><thead><tr><th width="159.85546875">Field</th><th>Value</th></tr></thead><tbody><tr><td><strong><code>message</code></strong></td><td>A successful operation includes the string “success”.</td></tr><tr><td><strong><code>error</code></strong></td><td>An unsuccessful operation describes the failure category, such as “UNAUTHORIZED”.</td></tr></tbody></table>