> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt
> Use this file to discover all available pages before exploring further.

# Revoke a certificate

> Disables the running MQ credential before recording revocation. The request fails if runtime enforcement is unavailable. Repeated requests preserve the original revocation timestamp.



## OpenAPI

````yaml en/openapi/v3-current/siloc.yaml post /api/v1/siloc/certificates/{certificateId}/revoke
openapi: 3.1.0
info:
  description: >-
    OpenAPI 3.1 surface for Lerian SILOC, the participant-side rail connecting
    the institution to Núclea's SILOC deferred-net interbank settlement for the
    card domain. It covers settlement-coverage capabilities, participant
    registry and operational status, regulated-certificate lifecycle, the
    card-domain message relay and its status, and administrative replay of
    parked relay failures.
  title: Lerian SILOC API
  version: 1.0.0
servers:
  - url: https://siloc.sandbox.lerian.net
security: []
paths:
  /api/v1/siloc/certificates/{certificateId}/revoke:
    post:
      tags:
        - Connectivity
      summary: Revoke a certificate
      description: >-
        Disables the running MQ credential before recording revocation. The
        request fails if runtime enforcement is unavailable. Repeated requests
        preserve the original revocation timestamp.
      operationId: revokeCertificate
      parameters:
        - description: Certificate id.
          in: path
          name: certificateId
          required: true
          schema:
            description: Certificate id.
            format: uuid
            type: string
        - description: Authorized bearer token used to derive the audit actor.
          in: header
          name: Authorization
          schema:
            description: Authorized bearer token used to derive the audit actor.
            type: string
        - description: Request correlation identifier. Generated when omitted.
          in: header
          name: X-Request-ID
          schema:
            description: Request correlation identifier. Generated when omitted.
            type: string
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CertificateResponse'
          description: OK
        default:
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/Detail'
          description: Error
      security:
        - BearerAuth: []
components:
  schemas:
    CertificateResponse:
      additionalProperties: false
      properties:
        custodyReference:
          description: >-
            Opaque reference to the private key in the FI's custody; the key
            itself is never stored here.
          type: string
        daysToExpiry:
          description: >-
            Whole days until expiry (0 the day it lapses, negative once
            expired). Always present — a real 0 is the most urgent operator
            signal.
          format: int64
          type: integer
        id:
          description: Certificate id.
          format: uuid
          type: string
        notAfter:
          description: Validity end (expiry).
          format: date-time
          type: string
        notBefore:
          description: Validity start.
          format: date-time
          type: string
        revokedAt:
          description: Revocation time. Omitted while the certificate is active.
          format: date-time
          type: string
        serialNumber:
          description: Certificate serial number.
          type: string
        subject:
          description: Certificate subject DN.
          examples:
            - CN=46026562, OU=SILOC
          type: string
      required:
        - id
        - subject
        - notAfter
        - daysToExpiry
      type: object
    Detail:
      additionalProperties: false
      properties:
        code:
          description: >-
            Stable, machine-readable domain error code scoped to the emitting
            service (format: <SERVICE>-NNNN).
          examples:
            - ERR-0001
          type: string
        detail:
          description: >-
            A human-readable explanation specific to this occurrence of the
            problem.
          examples:
            - Property foo is required but is missing.
          type: string
        errors:
          description: Optional list of individual error details
          items:
            $ref: '#/components/schemas/ErrorDetail'
          type:
            - array
            - 'null'
        instance:
          description: >-
            A URI reference that identifies the specific occurrence of the
            problem.
          examples:
            - https://example.com/error-log/abc123
          format: uri
          type: string
        status:
          description: HTTP status code
          examples:
            - 400
          format: int64
          type: integer
        title:
          description: >-
            A short, human-readable summary of the problem type. This value
            should not change between occurrences of the error.
          examples:
            - Bad Request
          type: string
        type:
          default: about:blank
          description: A URI reference to human-readable documentation for the error.
          examples:
            - https://example.com/errors/example
          format: uri
          type: string
      type: object
    ErrorDetail:
      additionalProperties: false
      properties:
        location:
          description: >-
            Where the error occurred, e.g. 'body.items[3].tags' or
            'path.thing-id'
          type: string
        message:
          description: Error message text
          type: string
        value:
          description: The value at the given location
      type: object
  securitySchemes:
    BearerAuth:
      bearerFormat: JWT
      description: JWT bearer token issued by the identity provider.
      scheme: bearer
      type: http

````