# M2M Verifiable Credential Endpoints

{% hint style="info" %}
Specifications and best practice implementations for Verifiable Credentials are currently being developed. This page is expected to be updated, closely following these developments.
{% endhint %}

As issuer of Data Rights Credentials, the Authorisation Registry is recommended:

* Not to provide long-lived Data Rights Credentials
* Or maintain a list of provided credentials, so the credentials may be revoked

If conditions change, or an Entitled Party decides that data access must be revoked, after issuing a Data Rights Credential, not following these recommendations may result in unwanted data access.

Be aware that a large volume of recorded long-lived credentials may lead to a long list of credentials that may be revoked.

The following endpoints must be provided if the DCP protocol is supported by the Authorisation Registry:

* [credential-storage-dcp](https://dev.ishare.eu/all-roles-common-endpoints/m2m-verifiable-credential-endpoints/credential-storage-dcp "mention")
* [credential-issuance-dcp](https://dev.ishare.eu/all-roles-common-endpoints/m2m-verifiable-credential-endpoints/credential-issuance-dcp "mention")
* [credential-status-dcp](https://dev.ishare.eu/all-roles-common-endpoints/m2m-verifiable-credential-endpoints/credential-status-dcp "mention")
* [metadata-dcp](https://dev.ishare.eu/all-roles-common-endpoints/m2m-verifiable-credential-endpoints/metadata-dcp "mention")
* [offers-dcp](https://dev.ishare.eu/all-roles-common-endpoints/m2m-verifiable-credential-endpoints/offers-dcp "mention")
* [resolution-dcp](https://dev.ishare.eu/all-roles-common-endpoints/m2m-verifiable-credential-endpoints/resolution-dcp "mention")