Overview
Sometimes a credential needs to be invalidated before it would naturally expire (an employee leaves, a licence is suspended, an enrolment ends). Revocation marks the credential as invalid, so any verifier checking it from that point on sees it as revoked.Revocation is only supported for
sd-jwt credentials today. mdoc credentials don’t currently support revocation
through this API. If your use case needs revocation, issue with the sd-jwt format.You need the credential id
Revocation acts on a credential, not on an issuance — so the id you pass is the credential id, not the issuance id. If that distinction isn’t second-nature yet, read Issuance vs credential first; it covers the resource split, the lifecycles, and how to look ids up later.Revoke a single credential
Revoke a batch
When you need to revoke many credentials at once, send the ids in one call:What the holder and verifier see
- In the holder’s wallet. The credential continues to exist but is marked as revoked. The holder can no longer use it to satisfy presentation requests.
- At verification time. When a verifier checks a presented credential, the platform consults the revocation status as part of the standard verification chain. A revoked credential fails verification, the same as an expired or invalidly signed one.

