DID WEB Registry Setup Instructions
This guide shows all requests that are required to initiate a DID Web Registry in combination with the Enterprise API Gateway.
The Enterprise API Gateway is an optional component that shields the main Enterprise API from public access. Only dedicated routs such as the endpoint for resolving did:webs, are open. Furthermore, custom domains would point to the Gateway, rather than the privately hosted Enterprise API.
In the following example, the Enterprise API Gateway is hosted at the domain enterprise.test.waltid.cloud
. The subdomain waltid
is the name of the organization. You would need to change domain- and organization-name according to your setup (See Organization Setup)
Setup
Create Tenant
Create a new tenant with a configured did-web registry. In this example the tenant name is did-registry-tenant. You must replace this part of all the following URLs.
Note that the did-web registry name must be the same as the one used later when creating the did-web registry service. Of course, the tenant configuration could alos be updated afterwards.
curl -w "%{http_code}" -X'POST' \
'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant/resource-api/tenants/create' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourBearerToken}' \
-H 'Content-Type: application/json' \
-d '{
"name": "DID Registry Example Tenant",
"configuration": {
"didRegistry": "waltid.did-registry-tenant.did-web-registry"
}
}'
Create DID Store
curl -w "%{http_code}" -X 'POST' \
'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant.did-store/resource-api/services/create' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourBearerToken}' \
-H 'Content-Type: application/json' \
-d '{
"type": "did-store"
}'
Create DID Service
curl -w "%{http_code}" -X 'POST' \
'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant.did-service/resource-api/services/create' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourBearerToken}' \
-H 'Content-Type: application/json' \
-d '{
"type": "did"
}'
Create Service dependency
curl -w "%{http_code}" -X'POST' \
'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant.did-service/did-service-api/dids/dependencies/add' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourBearerToken}' \
-H 'Content-Type: application/json' \
-d 'waltid.did-registry-tenant.did-store'
Create the DID Web Registry Service
curl -w " %{http_code}" -X'POST' \
'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant.did-web-registry/resource-api/services/create' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourBearerToken}' \
-H 'Content-Type: application/json' \
-d '{
"type": "did-registry"
}'
Adding the DID Store as dependency to the DID Web Registry
curl -w " %{http_code}" -X'POST' \
'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant.did-web-registry/did-registry-service-api/dependencies/add' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourBearerToken}' \
-H 'Content-Type: application/json' \
-d 'waltid.did-registry-tenant.did-store'
Create Host Alias for Tenant
curl -X 'POST' \
'https://waltid.enterprise.test.waltid.cloud/v1/waltid.registry-host-alias/host-alias-api/host-aliases/create' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourBearerToken}' \
-H 'Content-Type: application/json' \
-d '{
"domain": "registry.test.waltid.cloud"
}'
Create a KMS
curl -w " %{http_code}" -X 'POST' \
'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant.kms/resource-api/services/create' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer {yourBearerToken}' \
-d '{
"type": "kms"
}'
Create a JWK Key
curl -X 'POST' \
'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant.kms/kms-service-api/keys/generate' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer {yourBearerToken}' \
-d '{
"backend": "jwk",
"keyType": "secp256r1"
}'
Creating DID Webs:
Finally, DIDs can be created by calling the following endpoint
curl -w " %{http_code}" -X'POST' \
'https://waltid.enterprise.test.waltid.cloud/v1/did-registry-tenant.did-service/did-service-api/dids/create/web' \
-H 'Authorization: Bearer {yourBearerToken}' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"type": "single_key_id",
"keyId": "waltid.did-registry-tenant.kms.5DeSEvJfA5-UimVwAtMhUcikL1chK-A8TZFWT9e2zBw",
"domain": "registry.test.waltid.cloud",
"path" : "did-registry-tenant/max"
}'
The created DID WEB is routed the following way:
Note, the Gateway is an optional component, where a custom domain would point to.
did:web:registry.test.waltid.cloud:did-registry-tenant:max
-> Gatway: https://registry.test.waltid.cloud/did-registry-tenant:max:did.json - should not be done
-> Enterprise API: https://registry.test.waltid.cloud/did-registry-tenant/max/did.json
-> Internal endpoint: https://waltid.enterprise.test.waltid.cloud/v1/waltid.did-registry-tenant.did-web-registry/did-registry-service-api/registry/registry.test.waltid.cloud:did-registry-tenant:max/did.json