#DID Web

#Create a did:web

Use the DID Service to generate a did:web identifier and store its DID Document. The endpoint does not publish the document to your domain; make sure the requested domain and path are reachable (e.g., via the DID Registry) so the DID can be resolved.

CURL

Endpoint: /v1/{target}/did-service-api/dids/create/web | API Reference

Example Request

curl -X 'POST' \
  'https://{orgId}.enterprise.test.waltid.cloud/v1/{target}/did-service-api/dids/create/web' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "type": "single_key_id",
  "keyId": "waltid.users.kms1.secp256r1",
  "domain": "waltid.enterprise.test.waltid.cloud",
  "path" : "users/alice"
}'

Body

{
  "type": "single_key_id",
  "keyId": "waltid.users.kms1.secp256r1",
  "domain": "waltid.enterprise.test.waltid.cloud",
  "path" : "users/alice"
}

Path Parameters

orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is named test, your default Base URL will be test.enterprise-sandbox.walt.dev when using the sandbox environment.
target: resourceIdentifier - The target indicates the organization + tenant + DID service in which to execute the DID creation ({organizationID}.{tenantID}.{didServiceID}), e.g. waltid.users.did1

Body Parameters

type: string - Defines how keys are assigned to verification relationships:
- single_key_id — Use one key for all verification relationships; include keyId.
- key_id_set — Provide multiple keys to distribute across relationships; include keyIdSet (array of key IDs).
- verification_key_id_set_config — Specify per-relationship keys; include verificationKeyIdSetConfiguration (map with authentication, assertionMethod, capabilityInvocation, capabilityDelegation, keyAgreement keys).
keyId: resourceIdentifier - Required when type is single_key_id. The key must be stored in a KMS service under the same tenant as the DID service.
keyIdSet: string - Required when type is key_id_set. Set of key IDs to spread across verification methods.
verificationKeyIdSetConfiguration: object - Required when type is verification_key_id_set_config. A map of verification relationship names to arrays of key IDs, letting you assign distinct keys per relationship.
domain: string - The domain name to be used for the DID:web. This is the domain under which the DID will be registered.
path: string - The path to be used for the DID:web. This is the path under which the DID will be registered:
- for tenant level DIDs, use {tenant}/user, e.g., users/alice.
- for organization level DIDs, use the user directly, e.g., alice.
serviceConfigurationSet: array - Optional service entries (e.g., DIDCommMessaging) to include in the DID Document.
rootCustomProperties: object - Optional map of additional top-level DID Document properties.
context: array - Optional extra JSON-LD contexts to add to the DID Document.

Response

201 - DID created successfully.

{
  "did": "did:web:waltid.enterprise.test.waltid.cloud:users:alice",
  "document": {
    "context": [
      "https://www.w3.org/ns/did/v1",
      "https://w3id.org/security/suites/jws-2020/v1"
    ],
    "id": "did:web:waltid.enterprise.test.waltid.cloud:users:alice",
    "verificationMethod": [
      {
        "id": "did:web:waltid.enterprise.test.waltid.cloud:users:alice#RbI8c98cFuu16mtpoeb3Axcx62ST5y4pd-aUX-PffqA",
        "type": "JsonWebKey2020",
        "controller": "did:web:waltid.enterprise.test.waltid.cloud:users:alice",
        "publicKeyJwk": {
          "kty": "EC",
          "crv": "P-256",
          "kid": "RbI8c98cFuu16mtpoeb3Axcx62ST5y4pd-aUX-PffqA",
          "x": "S-AzRQsvoO6TZ-hzQP3Zg7mZIoBdYO9ni3exxM2PTKY",
          "y": "32ImttHl0wU52b0RjlBfdzCWFMXIkFSehhzu_HjwI6M"
        }
      }
    ],
    "assertionMethod": [
      "did:web:waltid.enterprise.test.waltid.cloud:users:alice#RbI8c98cFuu16mtpoeb3Axcx62ST5y4pd-aUX-PffqA"
    ],
    "authentication": [
      "did:web:waltid.enterprise.test.waltid.cloud:users:alice#RbI8c98cFuu16mtpoeb3Axcx62ST5y4pd-aUX-PffqA"
    ],
    "capabilityDelegation": [
      "did:web:waltid.enterprise.test.waltid.cloud:users:alice#RbI8c98cFuu16mtpoeb3Axcx62ST5y4pd-aUX-PffqA"
    ],
    "capabilityInvocation": [
      "did:web:waltid.enterprise.test.waltid.cloud:users:alice#RbI8c98cFuu16mtpoeb3Axcx62ST5y4pd-aUX-PffqA"
    ],
    "keyAgreement": [
      "did:web:waltid.enterprise.test.waltid.cloud:users:alice#RbI8c98cFuu16mtpoeb3Axcx62ST5y4pd-aUX-PffqA"
    ]
  }
}

Last updated on December 10, 2025

DID Key DID Creation