Revocation API

Credential revocation management

/

Overview

Revoke credentials when users should lose access. Revocation is propagated through a Bloom filter that clients sync periodically.

Revoke Credential

POST /api/revocation/revoke

Request

JSON
{
    "credential_id": "cred_xyz789...",
    "reason": "user_requested"    // Optional
}

Response

JSON
{
    "success": true,
    "revoked_at": 1704067200
}

Bloom Filter

GET /api/revocation/bloom-filter

Get the current revocation Bloom filter. Clients sync this automatically.

Privacy

The Bloom filter uses hashed credential IDs, so revocation checks don't expose which credentials are being verified.