Appearance
Resolver Parameters
The Universal Resolver supports various advanced DID Resolution features using DID parameters and resolution error codes.
Instead of using DID parameters, these features can also be configured via the Resolver Configuration.
See https://github.com/decentralized-identity/did-spec-extensions for more information about DID parameters and resolution error codes.
checkValidDidDocument
This DID parameter is used to check if a DID document is valid, i.e. conformant with the DID data model. Possible values are ignore
, warn
, error
.
The error code INVALID_DID_DOCUMENT
is returned in case of an error.
Request
bash
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:indy:danube:63Nrjz6ARjXLNva5kY6WxC?checkValidDidDocument=error"
1
2
2
Response
json
{
"didDocument": null,
"didResolutionMetadata": {
"error": {
"type": "INVALID_DID_DOCUMENT",
"title": "Invalid DID document.",
"detail": "Invalid DID document: 1 validation problem(s).",
"validationProblems": [
{
"value": "id",
"error": "there must be one 'id' in 'service'"
}
]
}
},
"didDocumentMetadata": {}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
checkMethod
This DID parameter is used to check if the DID method is not allowed, based on an allow-list and deny-list. Possible values are ignore
, warn
, error
.
The error code NOT_ALLOWED_METHOD
is returned in case of an error.
Request
bash
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:indy:danube:63Nrjz6ARjXLNva5kY6WxC?checkMethod=error"
1
2
2
Response
json
{
"didDocument": null,
"didResolutionMetadata": {
"error": {
"type": "NOT_ALLOWED_METHOD",
"title": "This DID method is not allowed by policy.",
"detail": "Not allowed method: example"
}
},
"didDocumentMetadata": {}
}
1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
checkKeyType
This DID parameter is used to check if the DID document contains a key type that is not allowed, based on an allow-list and deny-list. Possible values are ignore
, warn
, error
.
The error code NOT_ALLOWED_KEY_TYPE
is returned in case of an error.
Request
bash
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:indy:danube:63Nrjz6ARjXLNva5kY6WxC?checkType=error"
1
2
2
Response
json
{
"didDocument": null,
"didResolutionMetadata": {
"error": {
"type": "NOT_ALLOWED_KEY_TYPE",
"title": "This key type is not allowed by policy.",
"detail": "Not allowed key type: Ed25519"
}
},
"didDocumentMetadata": {}
}
1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
checkVerificationMethodType
This DID parameter is used to check if the DID document contains a verification method with a type that is not allowed, based on an allow-list and deny-list. Possible values are ignore
, warn
, error
.
The error code NOT_ALLOWED_VERIFICATION_METHOD_TYPE
is returned in case of an error.
Request
bash
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:indy:danube:63Nrjz6ARjXLNva5kY6WxC?checkVerificationMethodType=error"
1
2
2
Response
json
{
"didDocument": null,
"didResolutionMetadata": {
"error": {
"type": "NOT_ALLOWED_VERIFICATION_METHOD_TYPE",
"title": "This verification method type is not allowed by policy.",
"detail": "Not allowed verification method type: JsonWebKey2020"
}
},
"didDocumentMetadata": {}
}
1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
checkLocalDerivedKey
This DID parameter is used to check if derived keys have been detected in the DID document, e.g. an X25519 key derived from an Ed25519 key. Possible values are ignore
, warn
, error
.
The error code NOT_ALLOWED_LOCAL_DERIVED_KEY
is returned in case of an error.
Request
bash
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:web:danubetech.com:did:test1?checkLocalDerivedKey=error"
1
2
2
Response
json
{
"didDocument": null,
"didResolutionMetadata": {
"error": {
"type": "NOT_ALLOWED_LOCAL_DERIVED_KEY",
"title": "Derived keys are not allowed by policy.",
"detail": "Error NOT_ALLOWED_LOCAL_DERIVED_KEY from resolver: Not allowed derived local verification methods: did:web:danubetech.com:did:test1#z6LSgCp1mGKMhPZ7VgbNoojE68yG7ubcGj87fBBhco2YP7LP from did:web:danubetech.com:did:test1#z6Mkt4AdazSYghXf69YfaYCms4qcrvwGA3yq7z8AifUzgrQz",
"derivedVerificationMethodId": "did:web:danubetech.com:did:test1#z6LSgCp1mGKMhPZ7VgbNoojE68yG7ubcGj87fBBhco2YP7LP",
"derivingVerificationMethodId": "did:web:danubetech.com:did:test1#z6Mkt4AdazSYghXf69YfaYCms4qcrvwGA3yq7z8AifUzgrQz"
}
},
"didDocumentMetadata": {}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13
checkLocalDuplicateKey
This DID parameter is used to check if duplicate keys have been detected in the DID document. Possible values are ignore
, warn
, error
.
The error code NOT_ALLOWED_LOCAL_DUPLICATE_KEY
is returned in case of an error.
Request
bash
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:web:danubetech.com:did:test2?checkLocalDuplicateKey=error"
1
2
2
Response
json
{
"didDocument": null,
"didResolutionMetadata": {
"error": {
"type": "NOT_ALLOWED_LOCAL_DUPLICATE_KEY",
"title": "Duplicate keys are not allowed by policy.",
"detail": "Error NOT_ALLOWED_LOCAL_DUPLICATE_KEY from resolver: Not allowed duplicate local verification methods: did:web:danubetech.com:did:test2#key-2 and did:web:danubetech.com:did:test2#key-1",
"duplicateLocalVerificationMethods": [
"did:web:danubetech.com:did:test2#key-1",
"did:web:danubetech.com:did:test2#key-2"
]
}
},
"didDocumentMetadata": {}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
2
3
4
5
6
7
8
9
10
11
12
13
14
15
checkGlobalDuplicateKey
This DID parameter is used to check if duplicate keys have been detected between the DID document and other globally known DID documents. Possible values are ignore
, warn
, error
.
The error code NOT_ALLOWED_GLOBAL_DUPLICATE_KEY
is returned in case of an error.
Request
bash
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:web:danubetech.com:did:test2?checkGlobalDuplicateKey=error"
1
2
2
Response
json
{
"didDocument": null,
"didResolutionMetadata": {
"error": {
"type": "NOT_ALLOWED_GLOBAL_DUPLICATE_KEY",
"title": "Duplicate keys are not allowed by policy.",
"detail": "...",
"duplicateGlobalVerificationMethods": [
]
}
},
"didDocumentMetadata": {}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13
verifyDnsBridge
This DID parameter is used to check if a DID document contains a domain name that cannot be verified via DNS, according to the High Assurance DIDs with DNS specification, based on an allow-list and deny-list. Possible values are ignore
, warn
, error
.
The error code UNVERIFIED_DNS_BRIDGE
is returned in case of an error.
Request
bash
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:web:danubetech.com:did:test7?verifyDnsBridge=error"
1
2
2
Response
json
{
"didDocument": null,
"didResolutionMetadata": {
"error": {
"type": "UNVERIFIED_DNS_BRIDGE",
"title": "The DID/DNS bridge could not be verified.",
"detail": "Error UNVERIFIED_DNS_BRIDGE from resolver: DID did:web:danubetech.com:did:test7 not found in DNS URI records for domain name rdapregistrygroup1.trustregistry.nborbit.ca.",
"domainName": "rdapregistrygroup1.trustregistry.nborbit.ca",
"uriRecordTargets": [
"did:web:rdapregistrygroup1.trustregistry.nborbit.ca"
]
}
},
"didDocumentMetadata": {}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
2
3
4
5
6
7
8
9
10
11
12
13
14
15
verifyCertificateBridge
This DID parameter is used to check if a DID document contains a key that cannot be traced back to a trusted certificate authority, based on an allow-list and deny-list. Possible values are ignore
, warn
, error
.
The error code UNVERIFIED_CERTIFICATE_BRIDGE
is returned in case of an error.
Request
bash
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:web:danubetech.com:did:test4?verifyCertificateBridge=error"
1
2
2
Response
json
{
"didDocument": null,
"didResolutionMetadata": {
"error": {
"type": "UNVERIFIED_CERTIFICATE_BRIDGE",
"title": "The DID/Certificate bridge could not be verified.",
"detail": "Error UNVERIFIED_CERTIFICATE_BRIDGE from resolver: Verification method's public key does not match certificate",
"certificate": "4097",
"verificationMethodId": "did:web:danubetech.com:did:test4#key-1"
}
},
"didDocumentMetadata": {}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13