Resolver Parameters

The Universal Resolver supports various advanced DID Resolution features using DID parameters and resolution error codes.

Instead of using DID parameters, these features can also be configured via the Resolver Configuration.

See https://github.com/decentralized-identity/did-spec-extensions for more information about DID parameters and resolution error codes.

`checkValidDidDocument`

This DID parameter is used to check if a DID document is valid, i.e. conformant with the DID data model. Possible values are ignore, warn, error.

The error code INVALID_DID_DOCUMENT is returned in case of an error.

Request

bash

curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
     -X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:indy:danube:63Nrjz6ARjXLNva5kY6WxC?checkValidDidDocument=error"

Response

json

{
  "didDocument": null,
  "didResolutionMetadata": {
    "error": {
      "type": "INVALID_DID_DOCUMENT",
      "title": "Invalid DID document.",
      "detail": "Invalid DID document: 1 validation problem(s).",
      "validationProblems": [
        {
          "value": "id",
          "error": "there must be one 'id' in 'service'"
        }
      ]
    }
  },
  "didDocumentMetadata": {}
}

`checkMethod`

This DID parameter is used to check if the DID method is not allowed, based on an allow-list and deny-list. Possible values are ignore, warn, error.

The error code NOT_ALLOWED_METHOD is returned in case of an error.

Request

bash

curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
     -X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:indy:danube:63Nrjz6ARjXLNva5kY6WxC?checkMethod=error"

Response

json

{
  "didDocument": null,
  "didResolutionMetadata": {
    "error": {
      "type": "NOT_ALLOWED_METHOD",
      "title": "This DID method is not allowed by policy.",
      "detail": "Not allowed method: example"
    }
  },
  "didDocumentMetadata": {}
}

`checkKeyType`

This DID parameter is used to check if the DID document contains a key type that is not allowed, based on an allow-list and deny-list. Possible values are ignore, warn, error.

The error code NOT_ALLOWED_KEY_TYPE is returned in case of an error.

Request

bash

curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
     -X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:indy:danube:63Nrjz6ARjXLNva5kY6WxC?checkType=error"

Response

json

{
  "didDocument": null,
  "didResolutionMetadata": {
    "error": {
      "type": "NOT_ALLOWED_KEY_TYPE",
      "title": "This key type is not allowed by policy.",
      "detail": "Not allowed key type: Ed25519"
    }
  },
  "didDocumentMetadata": {}
}

`checkVerificationMethodType`

This DID parameter is used to check if the DID document contains a verification method with a type that is not allowed, based on an allow-list and deny-list. Possible values are ignore, warn, error.

The error code NOT_ALLOWED_VERIFICATION_METHOD_TYPE is returned in case of an error.

Request

bash

curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
     -X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:indy:danube:63Nrjz6ARjXLNva5kY6WxC?checkVerificationMethodType=error"

Response

json

{
  "didDocument": null,
  "didResolutionMetadata": {
    "error": {
      "type": "NOT_ALLOWED_VERIFICATION_METHOD_TYPE",
      "title": "This verification method type is not allowed by policy.",
      "detail": "Not allowed verification method type: JsonWebKey2020"
    }
  },
  "didDocumentMetadata": {}
}

`checkLocalDerivedKey`

This DID parameter is used to check if derived keys have been detected in the DID document, e.g. an X25519 key derived from an Ed25519 key. Possible values are ignore, warn, error.

The error code NOT_ALLOWED_LOCAL_DERIVED_KEY is returned in case of an error.

Request

bash

curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
     -X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:web:danubetech.com:did:test1?checkLocalDerivedKey=error"

Response

json

{
  "didDocument": null,
  "didResolutionMetadata": {
    "error": {
      "type": "NOT_ALLOWED_LOCAL_DERIVED_KEY",
      "title": "Derived keys are not allowed by policy.",
      "detail": "Error NOT_ALLOWED_LOCAL_DERIVED_KEY from resolver: Not allowed derived local verification methods: did:web:danubetech.com:did:test1#z6LSgCp1mGKMhPZ7VgbNoojE68yG7ubcGj87fBBhco2YP7LP from did:web:danubetech.com:did:test1#z6Mkt4AdazSYghXf69YfaYCms4qcrvwGA3yq7z8AifUzgrQz",
      "derivedVerificationMethodId": "did:web:danubetech.com:did:test1#z6LSgCp1mGKMhPZ7VgbNoojE68yG7ubcGj87fBBhco2YP7LP",
      "derivingVerificationMethodId": "did:web:danubetech.com:did:test1#z6Mkt4AdazSYghXf69YfaYCms4qcrvwGA3yq7z8AifUzgrQz"
    }
  },
  "didDocumentMetadata": {}
}

`checkLocalDuplicateKey`

This DID parameter is used to check if duplicate keys have been detected in the DID document. Possible values are ignore, warn, error.

The error code NOT_ALLOWED_LOCAL_DUPLICATE_KEY is returned in case of an error.

Request

bash

curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
     -X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:web:danubetech.com:did:test2?checkLocalDuplicateKey=error"

Response

json

{
  "didDocument": null,
  "didResolutionMetadata": {
    "error": {
      "type": "NOT_ALLOWED_LOCAL_DUPLICATE_KEY",
      "title": "Duplicate keys are not allowed by policy.",
      "detail": "Error NOT_ALLOWED_LOCAL_DUPLICATE_KEY from resolver: Not allowed duplicate local verification methods: did:web:danubetech.com:did:test2#key-2 and did:web:danubetech.com:did:test2#key-1",
      "duplicateLocalVerificationMethods": [
        "did:web:danubetech.com:did:test2#key-1",
        "did:web:danubetech.com:did:test2#key-2"
      ]
    }
  },
  "didDocumentMetadata": {}
}

`checkGlobalDuplicateKey`

This DID parameter is used to check if duplicate keys have been detected between the DID document and other globally known DID documents. Possible values are ignore, warn, error.

The error code NOT_ALLOWED_GLOBAL_DUPLICATE_KEY is returned in case of an error.

Request

bash

curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
     -X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:web:danubetech.com:did:test2?checkGlobalDuplicateKey=error"

Response

json

{
  "didDocument": null,
  "didResolutionMetadata": {
    "error": {
      "type": "NOT_ALLOWED_GLOBAL_DUPLICATE_KEY",
      "title": "Duplicate keys are not allowed by policy.",
      "detail": "...",
      "duplicateGlobalVerificationMethods": [
      ]
    }
  },
  "didDocumentMetadata": {}
}

`verifyDnsBridge`

This DID parameter is used to check if a DID document contains a domain name that cannot be verified via DNS, according to the High Assurance DIDs with DNS specification, based on an allow-list and deny-list. Possible values are ignore, warn, error.

The error code UNVERIFIED_DNS_BRIDGE is returned in case of an error.

Request

bash

curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
     -X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:web:danubetech.com:did:test7?verifyDnsBridge=error"

Response

json

{
  "didDocument": null,
  "didResolutionMetadata": {
    "error": {
      "type": "UNVERIFIED_DNS_BRIDGE",
      "title": "The DID/DNS bridge could not be verified.",
      "detail": "Error UNVERIFIED_DNS_BRIDGE from resolver: DID did:web:danubetech.com:did:test7 not found in DNS URI records for domain name rdapregistrygroup1.trustregistry.nborbit.ca.",
      "domainName": "rdapregistrygroup1.trustregistry.nborbit.ca",
      "uriRecordTargets": [
        "did:web:rdapregistrygroup1.trustregistry.nborbit.ca"
      ]
    }
  },
  "didDocumentMetadata": {}
}

`verifyCertificateBridge`

This DID parameter is used to check if a DID document contains a key that cannot be traced back to a trusted certificate authority, based on an allow-list and deny-list. Possible values are ignore, warn, error.

The error code UNVERIFIED_CERTIFICATE_BRIDGE is returned in case of an error.

Request

bash

curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
     -X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:web:danubetech.com:did:test4?verifyCertificateBridge=error"

Response

json

{
  "didDocument": null,
  "didResolutionMetadata": {
    "error": {
      "type": "UNVERIFIED_CERTIFICATE_BRIDGE",
      "title": "The DID/Certificate bridge could not be verified.",
      "detail": "Error UNVERIFIED_CERTIFICATE_BRIDGE from resolver: Verification method's public key does not match certificate",
      "certificate": "4097",
      "verificationMethodId": "did:web:danubetech.com:did:test4#key-1"
    }
  },
  "didDocumentMetadata": {}
}

Resolver Parameters ​

checkValidDidDocument ​

Request ​

Response ​

checkMethod ​

Request ​

Response ​

checkKeyType ​

Request ​

Response ​

checkVerificationMethodType ​

Request ​

Response ​

checkLocalDerivedKey ​

Request ​

Response ​

checkLocalDuplicateKey ​

Request ​

Response ​

checkGlobalDuplicateKey ​

Request ​

Response ​

verifyDnsBridge ​

Request ​

Response ​

verifyCertificateBridge ​

Request ​

Response ​

Resolver Parameters

`checkValidDidDocument`

Request

Response

`checkMethod`

Request

Response

`checkKeyType`

Request

Response

`checkVerificationMethodType`

Request

Response

`checkLocalDerivedKey`

Request

Response

`checkLocalDuplicateKey`

Request

Response

`checkGlobalDuplicateKey`

Request

Response

`verifyDnsBridge`

Request

Response

`verifyCertificateBridge`

Request

Response