Revocations API

Manage warrant revocations and the Signed Revocation List (SRL).

Get Signed Revocation List

GET /v1/revocations/srl/signed

Fetch the current SRL. Used by authorizers.

Scope required: authorizer or admin

Response

{
  "payload": {
    "Version": 42,
    "IssuedAt": "2024-01-15T10:00:00Z",
    "ExpiresAt": "2024-01-15T11:00:00Z",
    "RevokedIDs": [
      "tnu_wrt_abc123",
      "tnu_wrt_def456"
    ]
  },
  "srl": {
    "Payload": "base64-encoded-cbor-payload",
    "Signature": "base64-encoded-ed25519-signature"
  }
}

Check Revocation

GET /v1/revocations/check?warrant_id={id}

Check if a specific warrant is revoked.

Scope required: authorizer or admin

Response

{
  "warrant_id": "tnu_wrt_abc123",
  "revoked": true,
  "revoked_at": "2024-01-15T09:30:00Z",
  "reason": "Agent compromised"
}

Batch Check Revocations

POST /v1/revocations/check-batch

Check multiple warrants at once.

Scope required: authorizer or admin

Request Body

{
  "warrant_ids": ["tnu_wrt_abc123", "tnu_wrt_def456", "tnu_wrt_ghi789"]
}

Response

{
  "results": {
    "tnu_wrt_abc123": {
      "revoked": true,
      "revoked_at": "2024-01-15T09:30:00Z"
    },
    "tnu_wrt_def456": {
      "revoked": false
    },
    "tnu_wrt_ghi789": {
      "revoked": true,
      "revoked_at": "2024-01-15T08:00:00Z"
    }
  }
}

List Revocations

GET /v1/revocations

List all revocations.

Scope required: admin

Query Parameters

Parameter	Type	Description
`limit`	integer	Maximum results (default 50, max 100)
`cursor`	string	Pagination cursor

Response

{
  "revocations": [
    {
      "id": "tnu_rev_xyz789",
      "warrant_id": "tnu_wrt_abc123",
      "reason": "Agent compromised",
      "created_at": "2024-01-15T09:30:00Z",
      "created_by": "user@example.com"
    }
  ],
  "total": 1,
  "cursor": null
}

Create Revocation

POST /v1/revocations

Revoke a warrant.

Scope required: admin

Request Body

Field	Type	Required	Description
`warrant_id`	string	Yes	The warrant ID to revoke
`reason`	string	Yes	Reason for revocation

Example

curl -X POST "https://api.tenuo.cloud/v1/revocations" \
  -H "Authorization: Bearer tc_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "warrant_id": "tnu_wrt_abc123",
    "reason": "Agent compromised"
  }'

⚠️

After creating a revocation, you must regenerate the SRL for it to take effect.

Delete Revocation

DELETE /v1/revocations/{id}

Remove a revocation (un-revoke a warrant).

Scope required: admin

Regenerate SRL

POST /v1/revocations/srl/regenerate

Regenerate the Signed Revocation List with current revocations.

Scope required: admin

Response

{
  "version": 43,
  "issued_at": "2024-01-15T10:00:00Z",
  "expires_at": "2024-01-15T11:00:00Z",
  "revocation_count": 2
}

Keys API Keys