Resolver Parameters

The Universal Resolver supports various advanced DID Resolution features using DID parameters and resolution error codes.

Instead of using DID parameters, these features can also be configured via the Resolver Configuration.

See https://github.com/decentralized-identity/did-spec-extensions for more information about DID parameters and resolution error codes.

`checkValidDidDocument`

This DID parameter is used to check if a DID document is valid. Possible values are ignore, warn, error.

The error code invalidDidDocument is returned in case of an error.

Request

bash

curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
     -X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:indy:danube:63Nrjz6ARjXLNva5kY6WxC?checkValidDidDocument=error"

Response

json

{
  "@context": "https://w3id.org/did-resolution/v1",
  "content": null,
  "dereferencingMetadata": {
    "error": "invalidDidDocument",
    "errorMessage": "Error invalidDidDocument from resolver: Invalid DID document",
    "validationProblems": [
      {
        "value": "id",
        "error": "there must be one 'id' in 'service'"
      }
    ]
  },
  "contentMetadata": {}
}

`checkMethod`

This DID parameter is used to check if the DID method is not allowed, based on an allow-list and deny-list. Possible values are ignore, warn, error.

The error code notAllowedMethod is returned in case of an error.

Response

json

{
  "@context": "https://w3id.org/did-resolution/v1",
  "didDocument": null,
  "didResolutionMetadata": {
    "error": "notAllowedMethod"
  },
  "didDocumentMetadata": {}
}

`checkKeyType`

This DID parameter is used to check if the DID document contains a key type that is not allowed, based on an allow-list and deny-list. Possible values are ignore, warn, error.

The error code notAllowedKeyType is returned in case of an error.

Response

json

{
  "@context": "https://w3id.org/did-resolution/v1",
  "didDocument": null,
  "didResolutionMetadata": {
    "error": "notAllowedKeyType"
  },
  "didDocumentMetadata": {}
}

`checkVerificationMethodType`

This DID parameter is used to check if the DID document contains a verification method with a type that is not allowed, based on an allow-list and deny-list. Possible values are ignore, warn, error.

The error code notAllowedVerificationMethodType is returned in case of an error.

Response

json

{
  "@context": "https://w3id.org/did-resolution/v1",
  "didDocument": null,
  "didResolutionMetadata": {
    "error": "notAllowedVerificationMethodType"
  },
  "didDocumentMetadata": {}
}

`checkLocalDerivedKey`

This DID parameter is used to check if derived keys have been detected in the DID document, e.g. an X25519 key derived from an Ed25519 key. Possible values are ignore, warn, error.

The error code notAllowedLocalDerivedKey is returned in case of an error.

Request

bash

curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
     -X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:web:danubetech.com:did:test1"

Response

json

{
  "@context": "https://w3id.org/did-resolution/v1",
  "didDocument": null,
  "didResolutionMetadata": {
    "error": "notAllowedLocalDerivedKey",
    "errorMessage": "Error notAllowedLocalDerivedKey from resolver: Not allowed derived local verification methods: did:web:danubetech.com:did:test1#z6LSgCp1mGKMhPZ7VgbNoojE68yG7ubcGj87fBBhco2YP7LP from did:web:danubetech.com:did:test1#z6Mkt4AdazSYghXf69YfaYCms4qcrvwGA3yq7z8AifUzgrQz",
    "derivedVerificationMethodId": "did:web:danubetech.com:did:test1#z6LSgCp1mGKMhPZ7VgbNoojE68yG7ubcGj87fBBhco2YP7LP",
    "derivingVerificationMethod": "did:web:danubetech.com:did:test1#z6Mkt4AdazSYghXf69YfaYCms4qcrvwGA3yq7z8AifUzgrQz"
  },
  "didDocumentMetadata": {}
}

`checkLocalDuplicateKey`

This DID parameter is used to check if duplicate keys have been detected in the DID document. Possible values are ignore, warn, error.

The error code notAllowedLocalDuplicateKey is returned in case of an error.

Request

bash

curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
     -X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:web:danubetech.com:did:test2"

Response

json

{
  "@context": "https://w3id.org/did-resolution/v1",
  "didDocument": null,
  "didResolutionMetadata": {
    "error": "notAllowedLocalDuplicateKey",
    "errorMessage": "Error notAllowedLocalDuplicateKey from resolver: Not allowed duplicate local verification methods: did:web:danubetech.com:did:test2#key-2 and did:web:danubetech.com:did:test2#key-1",
    "duplicateLocalVerificationMethods": [
      "did:web:danubetech.com:did:test2#key-1",
      "did:web:danubetech.com:did:test2#key-2"
    ]
  },
  "didDocumentMetadata": {}
}

`checkGlobalDuplicateKey`

This DID parameter is used to check if duplicate keys have been detected between the DID document and other globally known DID documents. Possible values are ignore, warn, error.

The error code notAllowedGlobalDuplicateKey is returned in case of an error.

Response

json

{
  "@context": "https://w3id.org/did-resolution/v1",
  "didDocument": null,
  "didResolutionMetadata": {
    "error": "notAllowedGlobalDuplicateKey"
  },
  "didDocumentMetadata": {}
}

`checkDns`

This DID parameter is used to check if a DID document contains a domain name that cannot be verified via DNS, according to the High Assurance DIDs with DNS specification, based on an allow-list and deny-list. Possible values are ignore, warn, error.

The error code notAllowedDns is returned in case of an error.

Request

bash

curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
     -X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:web:danubetech.com:did:test7?checkDns=error"

Response

json

{
  "@context": "https://w3id.org/did-resolution/v1",
  "didDocument": null,
  "didResolutionMetadata": {
    "error": "notAllowedDns"
  },
  "didDocumentMetadata": {}
}

`checkCertificate`

This DID parameter is used to check if a DID document contains a key that cannot be traced back to a trusted certificate authority, based on an allow-list and deny-list. Possible values are ignore, warn, error.

The error code notAllowedCertificate is returned in case of an error.

Request

bash

curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
     -X GET "https://api.godiddy.com/1.0.0/universal-resolver/identifiers/did:web:danubetech.com:did:test4?checkCertificate=error"

Response

json

{
  "@context": "https://w3id.org/did-resolution/v1",
  "didDocument": null,
  "didResolutionMetadata": {
    "error": "notAllowedCertificate"
  },
  "didDocumentMetadata": {}
}

Resolver Parameters ​

checkValidDidDocument ​

Request ​

Response ​

checkMethod ​

Response ​

checkKeyType ​

Response ​

checkVerificationMethodType ​

Response ​

checkLocalDerivedKey ​

Request ​

Response ​

checkLocalDuplicateKey ​

Request ​

Response ​

checkGlobalDuplicateKey ​

Response ​

checkDns ​

Request ​

Response ​

checkCertificate ​

Request ​

Response ​

Resolver Parameters

`checkValidDidDocument`

Request

Response

`checkMethod`

Response

`checkKeyType`

Response

`checkVerificationMethodType`

Response

`checkLocalDerivedKey`

Request

Response

`checkLocalDuplicateKey`

Request

Response

`checkGlobalDuplicateKey`

Response

`checkDns`

Request

Response

`checkCertificate`

Request

Response