Access Grants Endpoint
Added in version 2.3.
Developer Preview
The ESS Wallet Service endpoints are available as part of a Developer Preview program to allow early access to these features. Please be aware that these APIs may change.
The ESS Wallet Service provides the following endpoint for interacting with Wallet resources:
https://datawallet.{ESS Domain}/accessgrantsList Access Grants
The Wallet Service provides an endpoint that returns a list of all the Access Grants stored in the Wallet.
Method
GET
Content-Type
application/json
Endpoint
https://datawallet.{ESS Domain}/accessgrants
Payload
none
Output
Upon completion an array of Access Grants managed by the Wallet is returned.
Example response
[
{
"uuid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"identifier": "https://example.com/",
"webId": "https://id.{DOMAIN}/{username}",
"resource": "https://storage.example/data/MyResource",
"resourceName": "MyResource",
"forPurpose": "https://example.com/",
"expirationDate": "2024-07-19T09:18:52.233Z",
"issuedDate": "2024-07-19T09:18:52.233Z",
"modes": [
"read"
],
"logo": "https://images.example/logo.png",
"ownerName": "Example Name",
"isRDFResource": true
}
]The fields have the following values:
uuid
A unique identifier of this access grant.
identifier
The URI identifying the access grant.
webId
The WebID of the party requesting access to a resource.
resource
The URI of the resource within the Wallet to which access has been granted.
resourceName
The short-name of the resource to which access has been granted, without the hostname and parent path.
forPurpose
The URI of the document describing the purpose of this Access Grant.
expirationDate
The expiration date of the Access Request in ISO-8601 format.
issuedDate
The date of issuance of the Access Request in ISO-8601 format.
modes
The modes of access that will be granted if this access request is approved (e.g. read, write, append).
logo
A URI identifying a logo to associate with the party granted access to a resource (for display within the Wallet user interface).
ownerName
The name of the party granted access to a resource, if available.
webId
The WebID of the party granted access to a resource.
isRDFResource
Boolean value indicating whether the resource contains RDF data.
Read Access Grant
The Wallet Service provides an endpoint that returns an Access Grant managed by the Wallet.
Method
GET
Content-Type
application/ld+json
Endpoint
https://datawallet.{ESS Domain}/accessgrants/{uuid}
Payload
none
Input
uuid
The UUID of the Access Grant item to read.
Output
Example response
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://schema.inrupt.com/credentials/v2.jsonld",
"https://w3id.org/security/data-integrity/v1",
"https://w3id.org/vc-revocation-list-2020/v1",
"https://w3id.org/vc/status-list/2021/v1",
"https://w3id.org/security/suites/ed25519-2020/v1"
],
"id": "https://credential.example/vc/d37de1c7-99aa-4152-92dd-afeed8fcb9ac",
"type": [
"VerifiableCredential",
"SolidAccessGrant"
],
"expirationDate": "2024-09-18T09:20:20Z",
"issuanceDate": "2024-07-18T09:20:20Z",
"issuer": "https://credential.example",
"credentialSubject": {
"id": "https://id.example/alice",
"providedConsent": {
"mode": "Read",
"forPersonalData": "https://storage.example/ebb02f58-7708-43c8-bade-f654dc92604f/foo/bar",
"forPurpose": "https://vocabulary.example/SpecificPurpose",
"hasContext": "https://app.example/",
"hasStatus": "ConsentStatusExplicitlyGiven",
"isProvidedToController": "https://id.example/bob"
}
},
"credentialStatus": {
"id": "https://credential.example/status/SZib#0",
"type": "RevocationList2020Status",
"revocationListCredential": "https://credential.example/status/SZib",
"revocationListIndex": "0"
},
"proof": {
"type": "Ed25519Signature2020",
"created": "2024-07-18T09:20:20Z",
"domain": "solid",
"proofPurpose": "assertionMethod",
"proofValue": "ayEhvte44V3h1rn7tLTdMX...",
"verificationMethod": "https://credential.example/key/c7652806-402b-364b-a920-966938f5646c"
}
}The fields in the response are described by the Access Grant Service.
Delete Access Grant
The Wallet Service provides an endpoint to delete an Access Grant that is managed by the Wallet.
Method
DELETE
Content-Type
application/json
Endpoint
https://datawallet.{ESS Domain}/accessgrants/{uuid}
Payload
none
Input
uuid
The UUID of the access grant item to be deleted.
Output
Upon completion, a status message is returned.
Example response
{
"message": "success"
}The fields have the following values:
message
A successful operation includes the string “success”.
error
An unsuccessful operation describes the failure category, such as “UNAUTHORIZED”.
Revoke Access Grant
The Wallet Service provides an endpoint to revoke an Access Grant that is managed by the Wallet.
Method
PUT
Content-Type
application/json
Endpoint
https://datawallet.{ESS Domain}/accessgrants/{uuid}/revoke
Payload
none
Input
uuid
The UUID of the access grant to be revoked.
Output
Upon completion, a status message is returned.
Example response
{
"message": "success"
}The fields have the following values:
message
A successful operation includes the string “success”.
error
An unsuccessful operation describes the failure category, such as “UNAUTHORIZED”.
Batch Revoke Access Grants
The Wallet Service provides an endpoint to revoke multiple Access Grants that are managed by the Wallet.
Method
PUT
Content-Type
application/json
Endpoint
https://datawallet.{ESS Domain}/accessgrants/revoke
Payload
A JSON array of Access Grant UUIDs to revoke.
Input
The body of the request contains a JSON array listing the Access Grants to be revoked.
Content-Type
application/json
uuids
An array of strings containing the UUIDs of the Access Grants managed by the Wallet to be revoked.
Example request
{
"uuids": [
"3fa85f64-5717-4562-b3fc-2c963f66afa6"
]
}Upon completion, a status message is returned.
Example response
{
"message": "success"
}The fields have the following values:
message
A successful operation includes the string “success”.
error
An unsuccessful operation describes the failure category, such as “UNAUTHORIZED”.
Last updated