# /status Endpoint ESS supports an [authorization mechanism based on Access Requests and Grants](https://github.com/inrupt/docs-gitbook/blob/main/ess/security/authorization/access-requests-grants/README.md). ESS serializes the Access Requests and Grants as [Verifiable Credentials (VCs)](/reference/glossary.md#verifiable-credential). The Access Requests and Grants VCs include the **`credentialStatus`** object with the following fields that provide information on their revocation status: ```json { // ... "credentialStatus": { "id": "https://vc./status/umZS#801", "revocationListCredential": "https://vc./status/umZS", "revocationListIndex": "801", "type": "RevocationList2020Status" }, // ... } ```
FieldValue
"id""https://vc.<ESS Domain>/status/<credential>#<idx>"
The URL of the revocation status for this VC.
"revocationListCredential""https://vc./status/"
The URL identifying the VC in the revocation list.
"revocationListIndex""<idx>"
The bit position (i.e., the index) of the VC’s revocation status.
"type""RevocationList2020Status"
The ESS [Access Grant Service](/ess/2.6/services/service-access-grant.md) provides an endpoint where users may revoke an Access Requests/Grants. For more information, see [RevocationList2020Status](https://w3c-ccg.github.io/vc-status-rl-2020/#revocationlist2020status) ## `/status` Endpoint The ESS [Access Grant Service](/ess/2.6/services/service-access-grant.md) provides the following endpoint for updating the revocation status of issued Access Requests/Grants: ```json https://vc./status ``` Specifically, the endpoint allows for the revocation of the Access Requests/Grants. To revoke an Access Requests/Grants VC, clients can send a **`POST`** request to the endpoint: {% hint style="warning" %} **Important** * Users must be authenticated. The endpoint supports the use of either [Solid-OpenID Connect (OIDC) access token](/ess/2.6/services/service-oidc.md) or [UMA token](/ess/2.6/services/service-uma.md). * Only the agent whose WebID matches the Access Request/Grant VC’s **`credentialSubject.id`** can update the status. * For Access Requests, users must use an application whose Client ID is allowed by the [**`INRUPT_VC_CLIENT_ID_ALLOW_LIST_SOLIDACCESSREQUEST`**](/ess/2.6/services/service-access-grant.md#inrupt_vc_client_id_allow_list_solidaccessrequest) setting. * For Access Grants, users must use an application whose Client ID is allowed by the [**`INRUPT_VC_CLIENT_ID_ALLOW_LIST_SOLIDACCESSGRANT`**](/ess/2.6/services/service-access-grant.md#inrupt_vc_client_id_allow_list_solidaccessgrant) setting. {% endhint %}
MethodPOST
Content-Typeapplication/json
Endpointhttps://vc.<ESS Domain>/status
PayloadStatus update request object. See Payload for details.
Upon successful update, the endpoint returns a status of **`204`** . {% hint style="info" %} The **`/status`** endpoint no longer allows the reactivation of revoked Access Requests/Grants. Once revoked, initiate a new Access Request/Grant flow to regain access after revocation. {% endhint %} ## Payload The ESS Access Grant service’s **`/status`** endpoint accepts a document of the form: ```json { "credentialId": , "credentialStatus": [ { "type": "RevocationList2020Status", "status": 1 } ] } ```
FieldDescription
credentialIdThe id value (URL) of the access request/grant VC to update; e.g., a string of the form:
"https://vc.<ESS DOMAIN>/vc/<value>"
credentialStatus

Specify an array of status documents. To revoke ESS-issued Access Requests/Grants, specify a document of the form:
{ "type": "RevocationList2020Status", "status": 1 }

The status of Access Requests/Grants issued by ESS is indicated through the RevocationList2020Status.

The status value of 1 indicates that the Access Request/Grant is to be revoked.

Note

The /status endpoint no longer allows the reactivation of revoked Access Requests/Grants. That is, you can no longer specify "credentialStatus.status": 0 in the payload.

Instead, once an Access Request/Grant is revoked, initiate a new Access Request/Grant flow to regain access.

## Example {% hint style="warning" %} **Important**\ Only the agent whose WebID matches the VC’s **`credentialSubject.id`** can update the status of an Access Request/Grant. {% endhint %} For example, assume that **`owliverowner`** has the following access grant as a record of the access granted to **`requestingrabbit`** : 
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://schema.inrupt.com/credentials/v2.jsonld",
    "https://w3id.org/security/data-integrity/v1",
    "https://w3id.org/vc-revocation-list-2020/v1",
    "https://w3id.org/vc/status-list/2021/v1",
    "https://w3id.org/security/suites/ed25519-2020/v1"
  ],
  "id": "https://vc.<ESS DOMAIN>/vc/xxxxxx-1234-ffff-5678-abcd99999999",
  "type": [
    "VerifiableCredential",
    "SolidAccessGrant"
  ],
  "proof": {
    // ... Omitted for brevity
  },
  "credentialStatus": {
    "id": "https://vc.<ESS DOMAIN>/status/umZS#801",
    "revocationListCredential": "https://vc.<ESS DOMAIN>/status/umZS",
    "revocationListIndex": "801",
    "type": "RevocationList2020Status"
  },
  "credentialSubject": {
    "id": "https://id.<ESS DOMAIN>/owliverowner",
    "providedConsent": {
      "mode": "Read",
      "forPersonalData": "https://storage.<ESS DOMAIN>/<owliversRootContainer>/getting-started/readingList/myList",
      "hasStatus": "ConsentStatusExplicitlyGiven",
      "isProvidedTo": "https://id.<ESS Domain>/requestingrabbit"
    }
  },
  "issuer": "https://vc.<ESS DOMAIN>",
  "issuanceDate": "2023-02-10T23:41:39.731Z",
  "expirationDate": "2023-02-10T23:51:43.285Z"
}
In the example Access Grant, * **`id`** is **`"https://vc./vc/xxxxxx-1234-ffff-5678-abcd99999999"`** . When changing the revocation status of this Access Grant, use this value in the **`credentialId`** . * **`credentialStatus.type`** is **`"RevocationList2020Status"`** . When revoking this Access Grant, use this value in the **`credentialStatus.type`** field. * **`crendentialSubject.id`** is **`"https://id./owliverowner"`** . This indicates that **`"https://id./owliverowner"`** can modify the revocation status of this Access Grant. Then to revoke this Access Grant, the **`owliverowner`** can post the following payload to **`/status`** endpoint: ```json { "credentialId": "https://vc./vc/xxxxxx-1234-ffff-5678-abcd99999999", "credentialStatus": [ { "type": "RevocationList2020Status", "status": "1" } ] } ``` Upon successful update, the endpoint returns a status of **`204`** . After the Access Grant has been revoked, if you [verify the revoked access grant](/ess/2.6/services/service-access-grant/service-access-grant-verifier.md), you get the following result: 
{
  "checks": [
    "issuanceDate",
    "proof",
    "expirationDate",
    "credentialStatus"
  ],
  "errors": [
    "credentialStatus validation has failed: credential has been revoked"
  ],
  "warnings": []
}
If **`requestingrabbit`** needs to access the resource, **`requestingrabbit`** must create a new request access to **`owliverowner`** . --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.inrupt.com/ess/2.6/services/service-access-grant/service-access-grant-status.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.