DID WEB Registry Setup Instructions

This guide shows all requests that are required to initiate a DID Web Registry in combination with the Enterprise API Gateway.

The Enterprise API Gateway is an optional component that shields the main Enterprise API from public access. Only dedicated routs such as the endpoint for resolving did:webs, are open. Furthermore, custom domains would point to the Gateway, rather than the privately hosted Enterprise API.

In the following example, the Enterprise API Gateway is hosted at the domain enterprise.test.waltid.cloud. The subdomain waltid is the name of the organization. You would need to change domain- and organization-name according to your setup (See Organization Setup)

Setup

Create Tenant

Create a new tenant with a configured did-web registry. In this example the tenant name is did-registry-tenant. You must replace this part of all the following URLs.

Note that the did-web registry name must be the same as the one used later when creating the did-web registry service. Of course, the tenant configuration could alos be updated afterwards.

curl -w "%{http_code}" -X'POST' \
  'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant/resource-api/tenants/create' \
  -H 'accept: */*' \
  -H 'Authorization: Bearer {yourBearerToken}' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "DID Registry Example Tenant",
    "configuration": {
       "didRegistry": "waltid.did-registry-tenant.did-web-registry"
    }
  }'

Create DID Store

curl -w "%{http_code}" -X 'POST' \
  'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant.did-store/resource-api/services/create' \
  -H 'accept: */*' \
  -H 'Authorization: Bearer {yourBearerToken}' \
  -H 'Content-Type: application/json' \
  -d '{
  "type": "did-store"
}'

Create DID Service

curl -w "%{http_code}" -X 'POST' \
  'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant.did-service/resource-api/services/create' \
  -H 'accept: */*' \
  -H 'Authorization: Bearer {yourBearerToken}' \
  -H 'Content-Type: application/json' \
  -d '{
  "type": "did"
}'

Create Service dependency

curl -w "%{http_code}" -X'POST' \
  'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant.did-service/did-service-api/dids/dependencies/add' \
  -H 'accept: */*' \
  -H 'Authorization: Bearer {yourBearerToken}' \
  -H 'Content-Type: application/json' \
  -d 'waltid.did-registry-tenant.did-store'

Create the DID Web Registry Service

curl -w " %{http_code}" -X'POST' \
  'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant.did-web-registry/resource-api/services/create' \
  -H 'accept: */*' \
  -H 'Authorization: Bearer {yourBearerToken}' \
  -H 'Content-Type: application/json' \
  -d '{
  "type": "did-registry"
}'

Adding the DID Store as dependency to the DID Web Registry

curl -w " %{http_code}" -X'POST' \
'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant.did-web-registry/did-registry-service-api/dependencies/add' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourBearerToken}' \
-H 'Content-Type: application/json' \
-d 'waltid.did-registry-tenant.did-store'

Create Host Alias for Tenant

curl -X 'POST' \
  'https://waltid.enterprise.test.waltid.cloud/v1/waltid.registry-host-alias/host-alias-api/host-aliases/create' \
  -H 'accept: */*' \
  -H 'Authorization: Bearer {yourBearerToken}' \
  -H 'Content-Type: application/json' \
  -d '{
  "domain": "registry.test.waltid.cloud"
}'

Create a KMS

curl  -w " %{http_code}" -X 'POST' \
  'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant.kms/resource-api/services/create' \
  -H 'accept: */*' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer {yourBearerToken}' \
  -d '{
  "type": "kms"
}'

Create a JWK Key

curl -X 'POST' \
  'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant.kms/kms-service-api/keys/generate' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer {yourBearerToken}' \
  -d '{
  "backend": "jwk",
  "keyType": "secp256r1"
}'

Creating DID Webs:

Finally, DIDs can be created by calling the following endpoint

curl -w " %{http_code}"  -X'POST' \
  'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant.did-service/did-service-api/dids/create/web' \
  -H 'Authorization: Bearer {yourBearerToken}' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "type": "single_key_id",
  "keyId": "waltid.did-registry-tenant.kms.5DeSEvJfA5-UimVwAtMhUcikL1chK-A8TZFWT9e2zBw",
  "domain": "registry.test.waltid.cloud",
  "path" : "did-registry-tenant/max"
}'

The created DID WEB is routed the following way:

Note, the Gateway is an optional component, where a custom domain would point to.

did:web:registry.test.waltid.cloud:did-registry-tenant:max
  -> Gatway: https://registry.test.waltid.cloud/did-registry-tenant:max:did.json - should not be done
  -> Enterprise API: https://registry.test.waltid.cloud/did-registry-tenant/max/did.json
  -> Internal endpoint: https://waltid.enterprise.test.waltid.cloud/v1/waltid.did-registry-tenant.did-web-registry/did-registry-service-api/registry/registry.test.waltid.cloud:did-registry-tenant:max/did.json
Last updated on October 2, 2025