Vehicle Custody

Developer Hub

Custody SDK Events

Events in the CUSTODY_SDK product group cover vehicle custody transfers, authorization lifecycle, and credential operations. Subscribe to this group to build integrations around vehicle pickup, delivery, and chain-of-custody workflows.

All events in this group are Active and actively delivered to webhook subscribers. Contact the VECU team with any questions about relay availability.

Delivery semantics

  • At-least-once delivery. Consumers MUST be idempotent — the same event may be delivered more than once (network retries, regional failover).

  • No cross-VIN ordering is guaranteed.

  • Within a single authorization, use the version field on custody.authorization.modified and custody.authorization.assigned to order events relative to each other. A missed or out-of-order event is detectable by a non-monotonic version sequence.

  • On

    custody.authorization.assigned

    , idempotent consumers should dedupe on (authorizationId, version) — re-deliveries with the same version are duplicates of the same logical event.

Example values are illustrative

ID strings shown in this document (AUTH-xyz789abc, cred_abc123xyz, vecu_*, etc.) are stylized examples chosen for readability. Don't pattern-match on the literal example forms when integrating. Actual values are server-generated and follow these formats:

  • authorizationId — UUID (treat as opaque; up to 128 characters)
  • credentialId — service-assigned identifier (treat as opaque)
  • personIdentityKeyvecu_ prefix + 24 URL-safe-base64 characters (28 characters total)

Locations are emitted as plain-text street addresses (origin, destination, and location fields on individual events), often accompanied by coordinates (originLat, originLng, originGeohash). There is no separate location-ID system to resolve.

Identity Fields Reference

Different events use different field names for the same person. The mapping:

FieldUsed InMeaning
holderIdcredential.*, wallet.*User ID of the credential or wallet holder.
userIdauthorization.*, IDV eventsUser ID in the authorization / IDV domain.
personIdentityKeycustody.*Driver's identifier in the custody domain. vecu_ + 24-character URL-safe base64.
actor.actorIdAll events (envelope)The entity that triggered the event (may be a service, not the subject of the event).

Treat all identity fields as opaque strings. The same person produces a stable identifier across requests within your client, so events for the same person correlate. Different clients receive different identifiers for the same person — don't compare or join identifiers across clients.

When correlating events across services, use correlationId on the envelope rather than identity field values.

Credential Service Events

Identity credentials

credential.identity.revoked — an identity credential is revoked.Active

Source: vecu.credential-service

credentialIdstringrequired

Unique credential identifier.

reasonstringrequired

Revocation reason. One of (X.509-derived camelCase identifiers):

  • unspecified

  • keyCompromise — the issuer's private key was compromised

  • affiliationChanged — the holder's affiliation changed

  • superseded — replaced by a newer credential

  • cessationOfOperation — credential use no longer needed

  • privilegeWithdrawn — authorization or privilege revoked

  • fraudulent — credential determined to be fraudulent

  • holderRequested — holder requested revocation

revokedBystringrequired

Identifier of the user or service that initiated the revocation.

{
  "id": "evt_a1b2c3d4e5f6g7h8",
  "source": "vecu.credential-service",
  "type": "credential.identity.revoked",
  "specversion": "1.0",
  "time": "2026-03-15T15:30:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "credentialId": "cred_abc123xyz",
    "reason": "fraudulent",
    "revokedBy": "ops-user-42@client.example.com",
    "_platform": {
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "vecu.credential-service",
        "actorType": "service"
      },
      "metadata": {
        "environment": "production",
        "serviceName": "credential-service",
        "serviceVersion": "0.0.0"
      },
      "sourceRegion": "us-east-1",
      "deduplicationId": "evt_a1b2c3d4e5f6g7h8"
    }
  }
}
credential.identity.issued — a new identity credential (mDoc) is issued after identity verification completes successfully.Active

Source: vecu.credential-service

credentialIdstringrequired

Unique credential identifier.

holderIdstringrequired

User ID of the credential holder.

docTypestringrequired

Credential type URI. Always com.coxautoinc.vecu.identity.1 for this event.

issuedAtstringrequired

ISO 8601 timestamp when the credential was issued.

expiresAtstringrequired

ISO 8601 timestamp when the credential expires.

{
  "id": "evt_a1b2c3d4e5f6g7h8",
  "source": "vecu.credential-service",
  "type": "credential.identity.issued",
  "specversion": "1.0",
  "time": "2026-03-15T10:30:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "credentialId": "cred_abc123xyz",
    "holderId": "vecu_gfTRAjYnn_y-8zj-aBc4dEf5",
    "docType": "com.coxautoinc.vecu.identity.1",
    "issuedAt": "2026-03-15T10:30:00+00:00",
    "expiresAt": "2028-03-15T10:30:00+00:00",
    "_platform": {
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "vecu.credential-service",
        "actorType": "service"
      },
      "metadata": {
        "environment": "production",
        "serviceName": "credential-service",
        "serviceVersion": "0.0.0"
      },
      "sourceRegion": "us-east-1",
      "deduplicationId": "evt_a1b2c3d4e5f6g7h8"
    }
  }
}

Custody credentials

credential.custody.revoked — a vehicle custody credential is revoked.Active

Source: vecu.credential-service

credentialIdstringrequired

Unique credential identifier.

reasonstringrequired

Revocation reason. Same enum as credential.identity.revoked (X.509-derived camelCase identifiers).

revokedBystringrequired

Identifier of the user or service that initiated the revocation.

{
  "id": "evt_b2c3d4e5f6g7h8i9",
  "source": "vecu.credential-service",
  "type": "credential.custody.revoked",
  "specversion": "1.0",
  "time": "2026-03-15T15:32:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "credentialId": "cred_custody_xyz789",
    "reason": "privilegeWithdrawn",
    "revokedBy": "vecu.custody-service",
    "_platform": {
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "vecu.credential-service",
        "actorType": "service"
      },
      "metadata": {
        "environment": "production",
        "serviceName": "credential-service",
        "serviceVersion": "0.0.0"
      },
      "sourceRegion": "us-east-1",
      "deduplicationId": "evt_b2c3d4e5f6g7h8i9"
    }
  }
}
credential.custody.issued — a vehicle custody credential is issued for a transport assignment.Active

Source: vecu.credential-service

credentialIdstringrequired

Unique credential identifier.

holderIdstringrequired

Driver identifier (mapped form, vecu_ + 24 chars).

docTypestringrequired

Credential type URI. Always com.coxautoinc.vecu.custody.1 for this event.

vinstringrequired

17-character Vehicle Identification Number.

issuedAtstringrequired

ISO 8601 timestamp when the credential was issued.

expiresAtstringrequired

ISO 8601 timestamp when the credential expires.

{
  "id": "evt_cf307e5abd9e459a95db4095893b1cb3",
  "source": "vecu.credential-service",
  "type": "credential.custody.issued",
  "specversion": "1.0",
  "time": "2026-03-15T14:00:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "credentialId": "cred_f5d83a52e7b44cdbbcb2f5d79a277aeb",
    "holderId": "vecu_gIZE5XjsQQE7eHWavMp0nOY3",
    "docType": "com.coxautoinc.vecu.custody.1",
    "vin": "19UUB2F64JA422871",
    "issuedAt": "2026-03-15T14:00:00+00:00",
    "expiresAt": "2026-03-16T14:00:00+00:00",
    "_platform": {
      "traceId": "Root=1-6a0de106-1192a9b14251546f731b3623;Parent=7d9332e7bf769cb0;Sampled=1;Lineage=2:638c6cad:0",
      "actor": {
        "actorId": "vecu.credential-service",
        "actorType": "service"
      },
      "metadata": {
        "environment": "sandbox",
        "serviceName": "credential-service",
        "serviceVersion": "0.0.0"
      },
      "sourceRegion": "us-east-1",
      "deduplicationId": "evt_cf307e5abd9e459a95db4095893b1cb3"
    }
  }
}

Expiration

credential.expired — a credential reaches its expiry date and is automatically marked expired by a scheduled job.Active

Source: vecu.credential-service

This event fires for both identity and custody credentials — the credentialType field on the payload distinguishes them. There is no separate credential.identity.expired or credential.custody.expired event.

credentialIdstringrequired

Unique credential identifier.

credentialTypestringrequired

Type of credential that expired. Identity credentials use com.coxautoinc.vecu.identity.1; custody credentials use com.coxautoinc.vecu.custody.1.

holderIdstringrequired

Identifier of the credential holder.

expiredAtstringrequired

ISO 8601 timestamp when the credential was marked expired.

issuedAtstringrequired

ISO 8601 timestamp when the credential was originally issued.

previousStatusstringrequired

Status the credential was in before expiration. Currently always active.

{
  "id": "evt_exp_a1b2c3d4e5f6",
  "source": "vecu.credential-service",
  "type": "credential.expired",
  "specversion": "1.0",
  "time": "2026-03-15T00:00:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "credentialId": "cred_abc123xyz",
    "credentialType": "com.coxautoinc.vecu.identity.1",
    "holderId": "vecu_gfTRAjYnn_y-8zj-aBc4dEf5",
    "expiredAt": "2026-03-15T00:00:00+00:00",
    "issuedAt": "2025-03-15T10:30:00+00:00",
    "previousStatus": "active",
    "_platform": {
      "correlationId": "corr_exp_abc123",
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "system:expiration-handler",
        "actorType": "system"
      }
    }
  }
}

Authorization Service Events

The source identifier for authorization events is vecu.authorization (no hyphen before "authorization"). This is a historical naming convention — new services use hyphenated names (e.g., vecu.authorization-pool-service, vecu.custody-service).

authorization.user.created — a user is created in the authorization system, typically after initial onboarding.Active

Source: vecu.authorization-service

userIdstringrequired

Unique user identifier in the authorization system.

createdAtstringrequired

ISO 8601 timestamp of user creation.

wasAutoProvisionedbooleanrequired

true when the user record was created implicitly by the platform (for example, on first token exchange); false when an explicit user-creation call was made.

clientIdstring | null

Client identifier this user belongs to. null for users not scoped to a client.

{
  "id": "evt_auth_user_a1b2c3",
  "source": "vecu.authorization-service",
  "type": "authorization.user.created",
  "specversion": "1.0",
  "time": "2026-03-15T10:30:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "_platform": {
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": { "actorId": "system:auto_provision", "actorType": "system" }
    },
    "userId": "user_123",
    "createdAt": "2026-03-15T10:30:00Z",
    "wasAutoProvisioned": true,
    "clientId": "client_abc123"
  }
}
authorization.record.created — an authorization record is created granting a user a role within a scope.Active

Source: vecu.authorization-service

authorizationIdstringrequired

Unique authorization record ID.

userIdstringrequired

User associated with the authorization record.

roleIdstringrequired

Identifier of the role granted by this record.

scopestringrequired

Scope in which the role applies.

createdAtstringrequired

ISO 8601 timestamp of record creation.

expiresAtstring | null

ISO 8601 timestamp when this authorization expires. null when the authorization does not expire.

wasAutoProvisionedbooleanrequired

true when the record was created implicitly by the platform; false when an explicit grant call was made.

{
  "id": "evt_auth_rec_d4e5f6",
  "source": "vecu.authorization-service",
  "type": "authorization.record.created",
  "specversion": "1.0",
  "time": "2026-03-15T10:36:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "_platform": {
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": { "actorId": "system:auto_provision", "actorType": "system" }
    },
    "authorizationId": "auth_abc123",
    "userId": "user_123",
    "roleId": "role_driver",
    "scope": "vehicle-custody",
    "createdAt": "2026-03-15T10:36:00Z",
    "expiresAt": null,
    "wasAutoProvisioned": true
  }
}

Authorization Pool Service Events

authorizationpool.authorization.created — a pool authorization is created (a transfer assignment offered to a driver).Active

Source: vecu.authorization-pool-service

authorizationIdstringrequired

Unique authorization identifier (UUID).

poolIdstringrequired

Authorization pool this entry belongs to (UUID).

personIdentityKeystringrequired

Driver identifier in vecu_ + 24-character format. Treat as opaque.

vinstringrequired

17-character Vehicle Identification Number.

originstringrequired

Pickup location (street address).

destinationstringrequired

Delivery location (street address).

rolestringrequired

Role of the authorized person: OWNER, ADMIN, or DRIVER.

statusstringrequired

Authorization status at the moment this event was emitted. For this event, always PENDING.

customAuthorizationIdstring | null

Linked custody-service authorization ID (UUID), when this pool entry was created as part of a custody authorization fan-out. null for pool entries created directly.

authorizedBystringrequired

Identifier of the carrier/client that created the pool authorization.

validUntilstringrequired

ISO 8601 timestamp when this authorization expires if no driver accepts it.

{
  "id": "evt_pool_create_a1b2c3",
  "source": "vecu.authorization-pool-service",
  "type": "authorizationpool.authorization.created",
  "specversion": "1.0",
  "time": "2026-03-15T13:00:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "authorizationId": "9b4bdd89-1451-4bf6-b28e-7324ef1ac5c7",
    "poolId": "26a0f42d-44cd-41ee-8169-09e04e9a8fa7",
    "personIdentityKey": "vecu_gfTRAjYnn_y-8zj-aBc4dEf5",
    "vin": "5XXXX00000XEXMPL1",
    "origin": "6205 Peachtree Dunwoody Rd, Atlanta, GA 30328",
    "destination": "4900 Buford Hwy, Atlanta, GA 30340",
    "role": "DRIVER",
    "status": "PENDING",
    "customAuthorizationId": "997e933b-43d8-4cf6-934f-f415e39d8fa0",
    "authorizedBy": "shyju.viswambaran@coxautoinc.com",
    "validUntil": "2026-03-16T13:00:00+00:00",
    "_platform": {
      "correlationId": "9b4bdd89-1451-4bf6-b28e-7324ef1ac5c7",
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "vecu.authorization-pool-service",
        "actorType": "service"
      }
    }
  }
}
authorizationpool.authorization.accepted — a driver accepts a pool authorization offer.Active

Source: vecu.authorization-pool-service

authorizationIdstringrequired

Authorization that was accepted (UUID).

poolIdstringrequired

Pool the accepted authorization belongs to (UUID).

personIdentityKeystringrequired

Driver identifier (vecu_ + 24 chars). Treat as opaque.

vinstringrequired

17-character Vehicle Identification Number.

originstringrequired

Pickup location (street address).

destinationstringrequired

Delivery location (street address).

rolestringrequired

Role of the accepting person: OWNER, ADMIN, or DRIVER.

statusstringrequired

Authorization status at the moment this event was emitted. Always ACCEPTED.

customAuthorizationIdstring | null

Linked custody-service authorization ID (UUID), when applicable.

acceptedAtstringrequired

ISO 8601 timestamp of acceptance.

credentialIdstringrequired

Credential ID issued to the accepting driver. Empty string when no credential is issued at acceptance time.

competingAuthorizationsExpiredintegerrequired

Count of competing pool authorizations that were expired by this acceptance under firstAcceptCancelsOthers mode. 0 for single-driver pools or pools running in non-competing mode.

{
  "id": "evt_pool_accept_d4e5f6",
  "source": "vecu.authorization-pool-service",
  "type": "authorizationpool.authorization.accepted",
  "specversion": "1.0",
  "time": "2026-03-15T14:10:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "authorizationId": "9b4bdd89-1451-4bf6-b28e-7324ef1ac5c7",
    "poolId": "26a0f42d-44cd-41ee-8169-09e04e9a8fa7",
    "personIdentityKey": "vecu_gfTRAjYnn_y-8zj-aBc4dEf5",
    "vin": "5XXXX00000XEXMPL1",
    "origin": "6205 Peachtree Dunwoody Rd, Atlanta, GA 30328",
    "destination": "4900 Buford Hwy, Atlanta, GA 30340",
    "role": "DRIVER",
    "status": "ACCEPTED",
    "customAuthorizationId": "997e933b-43d8-4cf6-934f-f415e39d8fa0",
    "acceptedAt": "2026-03-15T14:10:00+00:00",
    "credentialId": "cred_769d0433a7f34b1a833c51474f4834c3",
    "competingAuthorizationsExpired": 0,
    "_platform": {
      "correlationId": "9b4bdd89-1451-4bf6-b28e-7324ef1ac5c7",
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "vecu.authorization-pool-service",
        "actorType": "service"
      }
    }
  }
}
authorizationpool.authorization.expired — a pool authorization expires (no driver accepted in time, or a competing driver accepted first).Active

Source: vecu.authorization-pool-service

authorizationIdstringrequired

Authorization that expired (UUID).

poolIdstringrequired

Pool this expired authorization belongs to (UUID).

personIdentityKeystringrequired

Driver identifier (vecu_ + 24 chars). Treat as opaque.

vinstringrequired

17-character Vehicle Identification Number.

originstringrequired

Pickup location (street address).

destinationstringrequired

Delivery location (street address).

rolestringrequired

Role of the person: OWNER, ADMIN, or DRIVER.

statusstringrequired

Always EXPIRED.

customAuthorizationIdstring | null

Linked custody-service authorization ID (UUID), when applicable.

expiredAtstringrequired

ISO 8601 timestamp of expiry.

expirationReasonstringrequired

Why the authorization expired:

  • FIRST_ACCEPT_WINS — a competing driver accepted before this one (multi-driver pools).

  • TIMEOUT — the validity window ran out before any acceptance.

  • CANCELLED — the authorization was explicitly cancelled (see also the .cancelled event).

  • POOL_CANCELLED — the entire authorization pool was cancelled upstream, expiring all of its entries.

  • VEHICLE_RELEASED — the vehicle was released through another path, retiring any remaining pending pool entries.

{
  "id": "evt_pool_exp_g7h8i9",
  "source": "vecu.authorization-pool-service",
  "type": "authorizationpool.authorization.expired",
  "specversion": "1.0",
  "time": "2026-03-15T17:00:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "authorizationId": "9b4bdd89-1451-4bf6-b28e-7324ef1ac5c7",
    "poolId": "26a0f42d-44cd-41ee-8169-09e04e9a8fa7",
    "personIdentityKey": "vecu_kMxLWqPrBn4-aT2bCdEf5gHi",
    "vin": "5XXXX00000XEXMPL1",
    "origin": "6205 Peachtree Dunwoody Rd, Atlanta, GA 30328",
    "destination": "4900 Buford Hwy, Atlanta, GA 30340",
    "role": "DRIVER",
    "status": "EXPIRED",
    "customAuthorizationId": "997e933b-43d8-4cf6-934f-f415e39d8fa0",
    "expiredAt": "2026-03-15T17:00:00+00:00",
    "expirationReason": "FIRST_ACCEPT_WINS",
    "_platform": {
      "correlationId": "9b4bdd89-1451-4bf6-b28e-7324ef1ac5c7",
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "expiration-handler",
        "actorType": "system"
      }
    }
  }
}
authorizationpool.authorization.cancelled — a pool authorization is explicitly cancelled (manually or by an upstream custody-service cancel).Active

Source: vecu.authorization-pool-service

authorizationIdstringrequired

Authorization that was cancelled (UUID).

poolIdstringrequired

Pool this cancelled authorization belongs to (UUID).

personIdentityKeystringrequired

Driver identifier (vecu_ + 24 chars). Treat as opaque.

vinstringrequired

17-character Vehicle Identification Number.

originstringrequired

Pickup location (street address).

destinationstringrequired

Delivery location (street address).

rolestringrequired

Role of the person: OWNER, ADMIN, or DRIVER.

statusstringrequired

Always CANCELLED.

customAuthorizationIdstring | null

Linked custody-service authorization ID (UUID), when applicable.

cancelledAtstringrequired

ISO 8601 timestamp of cancellation.

cancelledBystring | null

Identifier of the user that cancelled. null when the cancellation was triggered by an upstream service (e.g., custody-service cascade). The _platform.actor field distinguishes user-initiated vs service-initiated cancellations.

{
  "id": "evt_pool_cancel_j1k2l3",
  "source": "vecu.authorization-pool-service",
  "type": "authorizationpool.authorization.cancelled",
  "specversion": "1.0",
  "time": "2026-03-15T15:30:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "authorizationId": "9b4bdd89-1451-4bf6-b28e-7324ef1ac5c7",
    "poolId": "26a0f42d-44cd-41ee-8169-09e04e9a8fa7",
    "personIdentityKey": "vecu_kMxLWqPrBn4-aT2bCdEf5gHi",
    "vin": "5XXXX00000XEXMPL1",
    "origin": "6205 Peachtree Dunwoody Rd, Atlanta, GA 30328",
    "destination": "4900 Buford Hwy, Atlanta, GA 30340",
    "role": "DRIVER",
    "status": "CANCELLED",
    "customAuthorizationId": "997e933b-43d8-4cf6-934f-f415e39d8fa0",
    "cancelledAt": "2026-03-15T15:30:00+00:00",
    "cancelledBy": "ops-user-42@client.example.com",
    "_platform": {
      "correlationId": "9b4bdd89-1451-4bf6-b28e-7324ef1ac5c7",
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "ops-user-42@client.example.com",
        "actorType": "user"
      }
    }
  }
}

Custody Service Events

Custody Transfer Lifecycle

A complete vehicle transfer generates events in this sequence. Not all steps are mandatory — the exact sequence depends on business configuration:

1. custody.authorization.created     ← Transfer authorization created
2. custody.session.started           ← Driver begins the pickup session
3. custody.transfer.completed        ← Individual transfer steps recorded
   (may repeat for multi-step transfers)
4. custody.session.completed         ← All transfer steps finished
5. custody.vehicle.released          ← Vehicle physically released to driver

Custody Service Events

Authorization lifecycle

custody.authorization.created — a custody authorization is created (POST /authorizations).Active

Source: vecu.custody-service

authorizationIdstringrequired

Unique authorization identifier (UUID).

vinstringrequired

17-character Vehicle Identification Number.

credentialIdstring | nullrequired

Credential ID of the authorizer when applicable. Currently emitted as null from this code path — populated in future iterations when the authorizer credential is resolved at create time.

authorizedActionsstring[]required

Actions this authorization permits. Driven by the auth role: ["PICKUP", "CHECKPOINT", "DELIVERY"] for DRIVER role; ["PICKUP", "HANDOFF", "CHECKPOINT", "DELIVERY"] for TRANSPORTER role.

expiresAtstringrequired

ISO 8601 timestamp when the authorization expires.

originLatnumber | nullrequired

Origin latitude as resolved by Amazon Location Service. null when the origin geocode lookup failed.

originLngnumber | nullrequired

Origin longitude as resolved by Amazon Location Service. null when the origin geocode lookup failed.

originGeohashstring | nullrequired

Geohash-7 of the origin coordinates. null when geocoding failed.

originInterpolatedbooleanrequired

true when the resolved origin is from an interpolated street address rather than an exact match. Useful when you need to distinguish interpolated origins from exact ones in your own auditing.

{
  "id": "evt_bc01200456a84813987ee8bbaff6b615",
  "source": "vecu.custody-service",
  "type": "custody.authorization.created",
  "specversion": "1.0",
  "time": "2026-03-15T13:30:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "authorizationId": "AUTH-xyz789abc",
    "vin": "5XXXX00000XEXMPL1",
    "credentialId": null,
    "authorizedActions": ["PICKUP", "CHECKPOINT", "DELIVERY"],
    "expiresAt": "2026-03-16T13:30:00+00:00",
    "originLat": 33.924675567041,
    "originLng": -84.350596966385,
    "originGeohash": "dnh0bxc",
    "originInterpolated": false,
    "_platform": {
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "vecu.custody-service",
        "actorType": "service"
      },
      "metadata": {
        "environment": "sandbox",
        "serviceName": "custody-service",
        "serviceVersion": "0.1.0"
      },
      "sourceRegion": "us-east-1",
      "deduplicationId": "evt_bc01200456a84813987ee8bbaff6b615"
    }
  }
}
custody.authorization.cancelled — a custody authorization is cancelled (POST /authorizations/{id}/cancel, the assign-cascade for non-assigned drivers, or post-release cleanup).Active

Source: vecu.custody-service

authorizationIdstringrequired

Authorization ID being cancelled (UUID).

vinstringrequired

17-character Vehicle Identification Number.

poolIdstring | nullrequired

Authorization-pool UUID this cancellation was tied to. null for single-driver authorizations that have no associated pool.

statusstringrequired

Always "CANCELLED" — emitted explicitly so subscribers can keep their own state machine in sync without inferring it.

cancellationReasonstringrequired

Free-form reason supplied by the caller. Common observed values: MANUAL, VEHICLE_RELEASED, EXPIRED, ADMIN_ACTION.

cancelledBystringrequired

Actor ID that initiated the cancellation (service identifier or mapped user ID).

cancelledAtstringrequired

ISO 8601 timestamp of cancellation.

{
  "id": "evt_auth_cancel_g7h8i9",
  "source": "vecu.custody-service",
  "type": "custody.authorization.cancelled",
  "specversion": "1.0",
  "time": "2026-03-15T16:00:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "authorizationId": "AUTH-xyz789abc",
    "vin": "5XXXX00000XEXMPL1",
    "poolId": "9b4bdd89-1451-4bf6-b28e-7324ef1ac5c7",
    "status": "CANCELLED",
    "cancellationReason": "VEHICLE_RELEASED",
    "cancelledBy": "service:vecu-authorization-pool",
    "cancelledAt": "2026-03-15T16:00:00+00:00",
    "_platform": {
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "vecu.custody-service",
        "actorType": "service"
      },
      "metadata": {
        "environment": "sandbox",
        "serviceName": "custody-service",
        "serviceVersion": "0.1.0"
      },
      "sourceRegion": "us-east-1",
      "deduplicationId": "evt_auth_cancel_g7h8i9"
    }
  }
}
custody.authorization.modified — drivers are added or removed on a multi-driver authorization via PATCH /v1/authorizations/{id}/drivers. One event per API call (not per driver). Single-driver authorizations never emit this event.Active

Source: vecu.custody-service

authorizationIdstringrequired

Authorization ID that was modified.

vinstringrequired

17-character Vehicle Identification Number.

authorizedDriverPiksstring[]required

Post-PATCH driver list as opaque identifiers in vecu_ + 24-character format. The list reflects state after the PATCH was applied — consumers reading this event see the new authoritative driver roster, not a delta.

versionintegerrequired

New monotonic authorization version after the PATCH committed. Matches the ETag header returned on the PATCH response. Use this to drive optimistic-concurrency checks downstream.

actorIdentifierstring

Client-supplied forensic identifier of the user inside your system who initiated the PATCH. Stored verbatim and emitted unchanged — not validated by the API. Absent when the caller didn't supply one on the PATCH request.

modifiedAtstringrequired

ISO 8601 timestamp of when the PATCH committed.

{
  "id": "evt_auth_mod_d4e5f6",
  "source": "vecu.custody-service",
  "type": "custody.authorization.modified",
  "specversion": "1.0",
  "time": "2026-03-15T14:15:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "authorizationId": "AUTH-xyz789abc",
    "vin": "5XXXX00000XEXMPL1",
    "authorizedDriverPiks": [
      "vecu_gfTRAjYnn_y-8zj-aBc4dEf5",
      "vecu_kMxLWqPrBn4-aT2bCdEf5gHi"
    ],
    "version": 4,
    "actorIdentifier": "ops-user-42@client.example.com",
    "modifiedAt": "2026-03-15T14:15:00+00:00",
    "_platform": {
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "vecu.custody-service",
        "actorType": "service"
      },
      "metadata": {
        "environment": "sandbox",
        "serviceName": "custody-service",
        "serviceVersion": "0.1.0"
      },
      "sourceRegion": "us-east-1",
      "deduplicationId": "evt_auth_mod_d4e5f6"
    }
  }
}

Use Cases

  • Operational dashboards: render the current driver list on a multi-driver authorization without re-querying GET /v1/authorizations/{id}.
  • Forensic correlation: pair actorIdentifier with internal client audit logs to reconstruct who modified the roster.
  • Pool-side reconciliation: each PATCH emits one event regardless of how many drivers were added or removed; downstream consumers should treat authorizedDriverPiks as the authoritative post-state, not a delta.
custody.authorization.assigned — an authorization is locked to a single driver via PUT /v1/authorizations/{id}/assign. The payload includes any revoked credential IDs and cancelled pool composite IDs for non-assigned drivers. One event per API call (not per revoked credential).Active

Source: vecu.custody-service

Delivery timing

This event is published after the PUT /assign call returns 200 — by which time non-assigned credentials are already marked revoked and non-assigned pool entries are already cancelled. Consumers can rely on the credential IDs in revokedCredentialIds being in REVOKED state when this event arrives.

If the assign returns 503 ASSIGN_PARTIAL_FAILURE, no .assigned event is published — the partial-failure state is surfaced via the API response only.

Verifiers MUST still check live credential status at presentation time. This event is for downstream operational state, not a substitute for the verifier's status check.

authorizationIdstringrequired

Authorization ID that was assigned.

vinstringrequired

17-character Vehicle Identification Number.

assignedDriverPikstringrequired

Opaque identifier of the chosen driver (vecu_ + 24 chars). Single value, never a list — PUT /assign locks the authorization to exactly one driver.

versionintegerrequired

New monotonic authorization version after the assign committed.

actorIdentifierstring

Client-supplied forensic identifier of the user inside your system who initiated the assign. Stored verbatim and emitted unchanged — not validated by the API.

revokedCredentialIdsstring[]required

Credential IDs that were revoked as part of the assign. Empty list when no non-assigned drivers had issued credentials at the time of the assign. One entry per non-assigned driver whose credential had been issued.

cancelledPoolCompositeIdsstring[]required

Authorization-pool composite IDs ({poolId}:{authPoolAuthorizationId}) that were cancelled as part of the assign. One entry per non-assigned driver's pool entry that was still pending. Empty list for single-driver authorizations.

assignedAtstringrequired

ISO 8601 timestamp of when the assign committed.

{
  "id": "evt_auth_assign_h7i8j9",
  "source": "vecu.custody-service",
  "type": "custody.authorization.assigned",
  "specversion": "1.0",
  "time": "2026-03-15T15:30:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "authorizationId": "AUTH-xyz789abc",
    "vin": "5XXXX00000XEXMPL1",
    "assignedDriverPik": "vecu_gfTRAjYnn_y-8zj-aBc4dEf5",
    "version": 5,
    "actorIdentifier": "ops-user-42@client.example.com",
    "revokedCredentialIds": ["cred_20260315_alice", "cred_20260315_bob"],
    "cancelledPoolCompositeIds": ["pool_abc:auth_alice", "pool_abc:auth_bob"],
    "assignedAt": "2026-03-15T15:30:00+00:00",
    "_platform": {
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "vecu.custody-service",
        "actorType": "service"
      },
      "metadata": {
        "environment": "sandbox",
        "serviceName": "custody-service",
        "serviceVersion": "0.1.0"
      },
      "sourceRegion": "us-east-1",
      "deduplicationId": "evt_auth_assign_h7i8j9"
    }
  }
}

Use Cases

  • Wallet-side credential sweep: consume revokedCredentialIds to surface revocation in user-facing wallet display before the user reaches the gate.
  • Pool-side reconciliation: cancelledPoolCompositeIds lets you attribute pool-cancellation to the assign rather than handling a separate cancellation event.
  • Audit trail: pair actorIdentifier with assignedAt and version to reconstruct who assigned which driver and when.

Sessions and transfers

custody.session.started — a custody session is started (the first PICKUP transfer for a session).Active

Source: vecu.custody-service

Published once per session — fires on the PICKUP transfer that opens the session.

vinstringrequired

17-character Vehicle Identification Number.

sessionIdstringrequired

Unique session identifier.

startedBystringrequired

Credential ID of the actor who initiated the session (not a personIdentityKey). This is the credential under which the PICKUP transfer was authorized.

locationstringrequired

Address string of the location where the session started.

{
  "id": "evt_session_start_p4q5r6",
  "source": "vecu.custody-service",
  "type": "custody.session.started",
  "specversion": "1.0",
  "time": "2026-03-15T14:20:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "vin": "5XXXX00000XEXMPL1",
    "sessionId": "session_xyz123abc",
    "startedBy": "cred_abc123xyz",
    "location": "Manheim Atlanta, 400 Atlanta Dr, Hapeville, GA",
    "_platform": {
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "vecu.custody-service",
        "actorType": "service"
      },
      "metadata": {
        "environment": "sandbox",
        "serviceName": "custody-service",
        "serviceVersion": "0.1.0"
      },
      "sourceRegion": "us-east-1",
      "deduplicationId": "evt_session_start_p4q5r6"
    }
  }
}
custody.session.completed — a custody session is closed (the DELIVERY transfer that ends the session).Active

Source: vecu.custody-service

Published once per session — fires on the DELIVERY transfer that closes the session.

vinstringrequired

17-character Vehicle Identification Number.

sessionIdstringrequired

Unique session identifier.

completedBystringrequired

Credential ID of the actor who completed the session (the DELIVERY transfer's toCustodian).

locationstringrequired

Address string of the location where the session completed.

totalTransfersintegerrequired

Total number of transfer steps in the session (PICKUP + intermediate CHECKPOINT/HANDOFFs + DELIVERY).

durationinteger | nullrequired

Session duration in seconds (DELIVERY time minus PICKUP time). null when the start or end timestamp couldn't be resolved.

{
  "id": "evt_session_comp_v1w2x3",
  "source": "vecu.custody-service",
  "type": "custody.session.completed",
  "specversion": "1.0",
  "time": "2026-03-15T14:28:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "vin": "5XXXX00000XEXMPL1",
    "sessionId": "session_xyz123abc",
    "completedBy": "cred_def456",
    "location": "Metro Honda, 5555 Peachtree Rd, Atlanta, GA",
    "totalTransfers": 3,
    "duration": 480,
    "_platform": {
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "vecu.custody-service",
        "actorType": "service"
      },
      "metadata": {
        "environment": "sandbox",
        "serviceName": "custody-service",
        "serviceVersion": "0.1.0"
      },
      "sourceRegion": "us-east-1",
      "deduplicationId": "evt_session_comp_v1w2x3"
    }
  }
}
custody.transfer.completed — an individual transfer step in a custody session is completed. May fire multiple times per session for multi-step transfers (e.g., PICKUP → CHECKPOINT → CHECKPOINT → DELIVERY).Active

Source: vecu.custody-service

Published once per transfer step (one event per call to POST /transfers).

vinstringrequired

17-character Vehicle Identification Number.

transferIdstringrequired

Unique transfer step identifier.

sessionIdstringrequired

Session this transfer step belongs to.

transferTypestringrequired

Type of transfer: PICKUP, CHECKPOINT, HANDOFF, or DELIVERY.

fromCustodianstring | nullrequired

Previous custodian's credential ID. null for PICKUP (no previous custodian).

toCustodianstringrequired

Credential ID of the custodian receiving custody on this transfer step.

locationstringrequired

Address string of the location where the transfer occurred.

eventHashstringrequired

Ledger event hash — cryptographic integrity anchor for the chain-of-custody ledger entry created by this transfer.

{
  "id": "evt_transfer_comp_s7t8u9",
  "source": "vecu.custody-service",
  "type": "custody.transfer.completed",
  "specversion": "1.0",
  "time": "2026-03-15T14:25:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "vin": "5XXXX00000XEXMPL1",
    "transferId": "transfer_def789",
    "sessionId": "session_xyz123abc",
    "transferType": "PICKUP",
    "fromCustodian": null,
    "toCustodian": "cred_abc123xyz",
    "location": "Manheim Atlanta, 400 Atlanta Dr, Hapeville, GA",
    "eventHash": "0xae3f1c9d6b8e0a4d2f1e8c7b6a5d4c3b2a1f0e9d8c7b6a5d4c3b2a1f0e9d8c7b",
    "_platform": {
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "vecu.custody-service",
        "actorType": "service"
      },
      "metadata": {
        "environment": "sandbox",
        "serviceName": "custody-service",
        "serviceVersion": "0.1.0"
      },
      "sourceRegion": "us-east-1",
      "deduplicationId": "evt_transfer_comp_s7t8u9"
    }
  }
}

Releasability

custody.releasability.updated — a vehicle's releasability status is computed or updated. Emitted at three points: when a release-API call resolves status, during authorization creation (releasability re-check), and from the Manheim-API fallback path inside the releasability check service.Active

Source: vecu.custody-service

This event is published from three different code paths inside vecu.custody-service:

  1. PUT /releasability — emits the full 11-field shape (adds originFormattedAddress and releaseId to the 9-field base set).
  2. Manheim API fallback (when the cached releasability lookup misses and the service queries Manheim directly) — emits the 9-field base set.
  3. Authorization-time releasability check (fired during POST /authorizations when releasability state is computed against the cache) — emits the 9-field base set.
vinstringrequired

17-character Vehicle Identification Number.

releasablebooleanrequired

Whether the vehicle is now releasable.

releasabilityStatusstringrequired

Tri-state status: RELEASABLE, NOT_RELEASABLE, or UNKNOWN (the UNKNOWN value appears when authorization-time releasability check runs without a cache hit).

blockersstring[]required

Reasons the vehicle is not releasable (e.g., "Releasability pending", payment/title/inspection blockers). Empty list when releasable is true.

originAddressstring | nullrequired

Origin address string as supplied by the caller / cache.

originLatnumber | nullrequired

Origin latitude (Amazon Location resolved). null when geocoding didn't succeed.

originLngnumber | nullrequired

Origin longitude. null when geocoding didn't succeed.

originGeohashstring | nullrequired

Geohash-7 of the origin coordinates. null when geocoding didn't succeed.

originFormattedAddressstring | null

Canonical/normalized origin address from Amazon Location. Only present on events fired by the PUT /releasability path.

detectedAtstring | nullrequired

ISO 8601 timestamp of when this releasability status was determined. May be null when the originating caller didn't supply one.

releaseIdstring | null

Optional release identifier supplied by the Manheim integration contract. Only present on events fired by the PUT /releasability path.

{
  "id": "evt_5259518ca2b04820b9f1d65f34fa5f08",
  "source": "vecu.custody-service",
  "type": "custody.releasability.updated",
  "specversion": "1.0",
  "time": "2026-03-15T13:45:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "vin": "5XXXX00000XEXMPL0",
    "releasable": false,
    "releasabilityStatus": "UNKNOWN",
    "blockers": ["Releasability pending"],
    "originAddress": "6205 Peachtree Dunwoody Rd, Atlanta, GA 30328",
    "originLat": 33.924675567041,
    "originLng": -84.350596966385,
    "originGeohash": "dnh0bxc",
    "detectedAt": "2026-03-15T13:45:00+00:00",
    "_platform": {
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "vecu.custody-service",
        "actorType": "service"
      },
      "metadata": {
        "environment": "sandbox",
        "serviceName": "custody-service",
        "serviceVersion": "0.1.0"
      },
      "sourceRegion": "us-east-1",
      "deduplicationId": "evt_5259518ca2b04820b9f1d65f34fa5f08"
    }
  }
}

Vehicle release

custody.vehicle.released — a vehicle is physically released to a driver. This is the final event in the custody transfer lifecycle.Active

Source: vecu.custody-service

The envelope time field is the release timestamp — there is no separate data.releasedAt. releaseLocation is a typed object {(latitude, longitude)} | null, not a string. holderId, poolId, and releasedPoolCompositeId are nullable in the schema; holderId and poolId are populated for every release driven through the standard auth-pool path.

vinstringrequired

17-character Vehicle Identification Number.

authorizationIdstringrequired

Custody authorization that permitted this release. UUID.

holderIdstring | null

Driver who received the vehicle, in mapped form. Per ADR-043, this is the KMS-pepper'd HMAC mapped form (vecu_ + 24 chars URL-safe base64, e.g., vecu_gfTRAjYnn_y-8zj-aBc4dEf5 — illustrative; actual values are 24 chars after vecu_). Note: other custody.* events identify the driver via personIdentityKey — this event uses holderId instead, reflecting the release point in the lifecycle where the credential-holder identity is the relevant surface. Nullable in the schema — sourced from the verifier-supplied release request body, with fallback to the authorization record's already-mapped personIdentityKey for legacy single-driver auths.

releaseMethodstringrequired

How the release was triggered: web_verifier, mobile_verifier, or gate_pass. Reflects the upstream surface that initiated the release — not the cryptographic verification protocol.

releaseLocationobject | null

Coordinates of the physical release location. Currently emitted as null for all releases pending verifier-side coordinate-capture rollout. When populated the shape is:

releaseLocation.latitudenumberrequired

Latitude of the release point.

releaseLocation.longitudenumberrequired

Longitude of the release point.

poolIdstring | null

Authorization-pool UUID this release was tied to. Useful for correlating with authorizationpool.* events on the same pool. Nullable in the schema; populated whenever the release was driven through the auth-pool fan-out (the standard path).

releasedPoolCompositeIdstring | null

Pool composite ID ({poolId}:{authPoolAuthorizationId}) of the specific pool entry that was released, when applicable. null for single-driver releases without a pool composite. Distinct from custody.authorization.assigned's cancelledPoolCompositeIds (which lists non-assigned drivers).

verifiedDriversobject[]required

Drivers who verified themselves against this authorization prior to release. Added by vecu-event-relay at delivery time (not by vecu-custody-service); the relay cross-references the vecu-event-relay-verifications guest-book table by AUTH#<authorizationId>, dedupes by holderId, and injects the result into the payload. Empty array ([]) when no verifications were recorded against this authorization — see _enrichmentStatus for the reason.

Each entry is minimized to exactly two fields:

verifiedDrivers[].holderIdstringrequired

Mapped personIdentityKey of the verified driver (vecu_ + 24 chars URL-safe base64 per ADR-043). The list is deduped by this field; cardinality is bounded at ≤25 per ADR-042 §AC-6.

verifiedDrivers[].verifiedAtstringrequired

ISO-8601 timestamp of the most-recent verification for this holderId. When multiple verifications exist for the same driver (e.g., credential rotation mid-authorization), only the latest verifiedAt is kept.

_enrichmentStatusstring

Marker for the enrichment outcome. Currently observed values: no-verifications-recorded (the verification record-set was empty at release time) and race-window-empty (release fired before cross-region replication caught up — retry/idempotent re-delivery resolves). Absent when enrichment produced a non-empty verifiedDrivers array.

Where verifiedDrivers comes from

verifiedDrivers and _enrichmentStatus are added by the relay service at delivery time — they reflect the verification record-set resolved at the moment of release, not data the originating service carried on the internal event. This enrichment is specific to custody.vehicle.released; other custody events pass through unmodified.

{
  "id": "evt_rel_a1b2c3d4e5f6",
  "source": "vecu.custody-service",
  "type": "custody.vehicle.released",
  "specversion": "1.0",
  "time": "2026-03-15T14:30:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "vin": "5XXXX00000XEXMPL0",
    "authorizationId": "AUTH-xyz789abc",
    "releaseMethod": "mobile_verifier",
    "releaseLocation": null,
    "poolId": "9b4bdd89-1451-4bf6-b28e-7324ef1ac5c7",
    "holderId": "vecu_gfTRAjYnn_y-8zj-aBc4dEf5",
    "releasedPoolCompositeId": null,
    "_platform": {
      "correlationId": "",
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": {
        "actorId": "vecu.custody-service",
        "actorType": "service"
      },
      "metadata": {
        "environment": "sandbox",
        "serviceName": "custody-service",
        "serviceVersion": "0.1.0"
      },
      "sourceRegion": "us-east-1",
      "deduplicationId": "evt_rel_a1b2c3d4e5f6"
    },
    "verifiedDrivers": [
      {
        "holderId": "vecu_gfTRAjYnn_y-8zj-aBc4dEf5",
        "verifiedAt": "2026-03-15T14:29:48.123Z"
      }
    ]
  }
}

`verifiedDrivers: []` when no verification was recorded

When the release occurs without any prior credential verification (e.g., manual override flows, test authorizations that skip the verifier step), the array is empty AND _enrichmentStatus is populated with the reason:

"verifiedDrivers": [],
"_enrichmentStatus": "no-verifications-recorded"

Consumers should treat an empty array as "no verified drivers at release time", not as a delivery error.

Wallet Service Events

wallet.credential.stored — a credential is stored in a user's wallet.Active

Source: vecu.wallet-service

credentialIdstringrequired

Unique credential identifier; treat as opaque.

holderIdstringrequired

Opaque holder identifier in vecu_ + 24 URL-safe-base64 characters (28 characters total).

credentialTypestringrequired

Credential type identifier (e.g. com.coxautoinc.vecu.identity.1, com.coxautoinc.vecu.custody.1).

docTypestringrequired

mDoc document type. Currently matches credentialType on the wire.

issuedAtstringrequired

ISO 8601 timestamp of credential issuance.

{
  "id": "evt_9e9a96e2e9314a08b062aabdb1d56b0f",
  "source": "vecu.wallet-service",
  "type": "wallet.credential.stored",
  "specversion": "1.0",
  "time": "2026-05-19T19:57:46.651184Z",
  "datacontenttype": "application/json",
  "data": {
    "_platform": {
      "traceId": "Root=1-6a0cc0b9-2b940d476a21888a1bc1f908;Parent=e0ddaa6b33c623ac;Sampled=1;Lineage=3:638c6cad:0",
      "actor": {
        "actorId": "vecu.wallet-service",
        "actorType": "service"
      }
    },
    "credentialId": "cred_52447c2d8b324a2883c7d6ca95186ea0",
    "holderId": "vecu_qUReRox9xes06VbyAJamami8",
    "credentialType": "com.coxautoinc.vecu.custody.1",
    "docType": "com.coxautoinc.vecu.custody.1",
    "issuedAt": "2026-05-19T19:57:46.561813Z"
  }
}
wallet.credential.presented — a credential is presented or shared from a user's wallet.Active

Source: vecu.wallet-service

credentialIdstringrequired

Unique credential identifier; treat as opaque.

holderIdstringrequired

Opaque holder identifier in vecu_ + 24 URL-safe-base64 characters (28 characters total).

presentedAtstringrequired

ISO 8601 timestamp of presentation.

verifierClientIdstring | null

Identifier of the verifier that requested the presentation. May be a client ID or, when the verifier did not authenticate, a redirect_uri: reference to the response URL.

claimsRequestedstring[]required

Claim paths the verifier requested, in <namespace>/<element> form (e.g. com.coxautoinc.vecu.custody.1.vehicle/vin).

authorizationIdstring | null

Custody authorization ID extracted from the presented credential, when the credential carries one. null for credentials without a custody authorization.

{
  "id": "evt_ac1c38f66e364699843690ca95617156",
  "source": "vecu.wallet-service",
  "type": "wallet.credential.presented",
  "specversion": "1.0",
  "time": "2026-05-19T19:57:59.761719Z",
  "datacontenttype": "application/json",
  "data": {
    "_platform": {
      "traceId": "Root=1-6a0cc0bd-3e092cc16e719e7a01d2b8e7;Parent=f1cb5357c0bf3dca;Sampled=1;Lineage=1:563ddb03:0",
      "actor": {
        "actorId": "vecu.wallet-service",
        "actorType": "service"
      }
    },
    "credentialId": "cred_52447c2d8b324a2883c7d6ca95186ea0",
    "holderId": "vecu_qUReRox9xes06VbyAJamami8",
    "verifierClientId": "redirect_uri:https://verifier.example.com/v1/verification/presentations/response",
    "presentedAt": "2026-05-19T19:57:59.761475Z",
    "claimsRequested": [
      "com.coxautoinc.vecu.custody.1.driver/driver_id",
      "com.coxautoinc.vecu.custody.1.vehicle/vin",
      "com.coxautoinc.vecu.custody.1.vehicle/origin_location",
      "com.coxautoinc.vecu.custody.1.vehicle/destination_location",
      "com.coxautoinc.vecu.custody.1.vehicle/origin_coordinates",
      "com.coxautoinc.vecu.custody.1.auth/authorization_id",
      "com.coxautoinc.vecu.custody.1.auth/credential_id"
    ],
    "authorizationId": "d91e73d3-d566-4eeb-80fc-a12b6439acd5"
  }
}
wallet.credential.revoked — a credential is revoked from a wallet.Active

Source: vecu.wallet-service

credentialIdstringrequired

Unique credential identifier; treat as opaque.

holderIdstringrequired

Opaque holder identifier in vecu_ + 24 URL-safe-base64 characters (28 characters total).

revocationReasonstringrequired

Reason for revocation. Currently always holder_requested for revocations initiated through the wallet API.

revokedAtstringrequired

ISO 8601 timestamp of revocation.

{
  "id": "evt_wallet_revoke_e1f2g3",
  "source": "vecu.wallet-service",
  "type": "wallet.credential.revoked",
  "specversion": "1.0",
  "time": "2026-03-15T15:35:00.123Z",
  "datacontenttype": "application/json",
  "data": {
    "_platform": {
      "traceId": "Root=1-5e3f4b5c-7a8b9c0d1e2f3a4b5c6d7e8f",
      "actor": { "actorId": "vecu.wallet-service", "actorType": "service" }
    },
    "credentialId": "cred_52447c2d8b324a2883c7d6ca95186ea0",
    "holderId": "vecu_qUReRox9xes06VbyAJamami8",
    "revocationReason": "holder_requested",
    "revokedAt": "2026-03-15T15:35:00Z"
  }
}