Skip to main content

Overview

Credentials in the YoID ecosystem can be revoked when they are no longer valid. This is a trust story as much as a technical one — a training partner who discovers a fraudulent completion, or a programme that expires credentials annually, needs the ability to invalidate previously issued credentials. When a credential is revoked, any future verification attempt against it will show isValid: false.

When to Revoke

ScenarioExample
Fraudulent issuanceA learning partner discovers a youth didn’t actually complete the programme
Credential expiryAnnual certifications that need to be renewed
Data correctionA credential was issued with incorrect attributes and needs to be re-issued
Programme withdrawalA youth withdraws from a programme after a credential was issued

Endpoint

POST https://test.didxtech.com/me-creds/api/credentials/{id}/revoke

Request

curl -X POST "https://test.didxtech.com/me-creds/api/credentials/iss_cm7d9cq5600pwk3zq3kmpg8uc/revoke" \
  -H "Authorization: Bearer <access_token>"
Use the top-level issuance id, not the nested credentials[0].id. The issuance response contains two IDs — the top-level id (e.g. iss_cm7d9cq5600pwk3zq3kmpg8uc) is the one you need here. Using credentials[0].id will return a 404.

Response

HTTP 204 No Content The response body is empty. The credential is marked as revoked. Future verification attempts against this credential will return isValid: false with an issue indicating revocation.

Impact on Verification

When a verifier checks a credential that has been revoked: 
{
  "credentials": [
    {
      "isValid": false,
      "name": "Web Development Completion",
      "type": "https://didx.co.za/vct/didx/web-dev-completion-v1",
      "attributes": { ... },
      "issues": ["Credential has been revoked by the issuer"]
    }
  ]
}
The verifier’s application should check isValid and the issues array to determine why verification failed.
Revocation is permanent. If you need to re-credential a youth after revoking, issue a new credential through the standard issuance workflow.

Trust Implications

Revocation is part of what makes the ecosystem trustworthy. An employer verifying a credential can be confident that:
  1. The credential was genuinely issued by the claimed partner
  2. It hasn’t been tampered with
  3. It hasn’t been revoked — the issuer still stands behind it
Without revocation, the ecosystem can’t handle corrections or fraud. With it, every partner can trust that verified credentials are current and valid.