This page introduces working with Decentralized Identifiers through the VDP API. The full set of relevant endpoints are listed on the VDP OpenAPI Spec, notably in this section: https://platform.transmute.industries/openapi/openapi.yaml#tag–Identifiers

Managing Decentralized Identifiers

VDP allows management of common Decentralized Identifiers methods such as did:key and did:web. Any new organization is born with a set of DIDs which can be queried with GET /did/identifiers:

curl --location --request GET 'https://platform.transmute.industries/did/identifiers' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer YOUR_ACCESS_TOKEN'

Resolving a DID Document

All of the returned of DIDs, like any DID, can be resolved to a DID Document. GET /identifiers/{did} resolves a DID:

curl --location --request GET 'https://platform.transmute.industries/identifiers/did:key:z6MkshFkMdYi2XXfcrB77PkNVLioBFDr6QjvthyYBbn7JNKG' \
--header 'Accept: application/json'

Replace did:key:z6MkshFkMdYi2XXfcrB77PkNVLioBFDr6QjvthyYBbn7JNKG with one of the dids returned from GET /did/identifiers to resolve one of your own organization’s DIDs. Note that this can also be your organization’s did:web:

curl --location --request GET 'https://platform.transmute.industries/identifiers/YOUR_ORGANIZATION_ID' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer YOUR_ACCESS_TOKEN'

Understanding DID Documents

{
  "didDocument": {
    "@context": [
      "https://www.w3.org/ns/did/v1",
      "https://w3id.org/security/suites/jws-2020/v1"
    ],
    "id": "did:key:z6MkjcrxZHykMdAQBv4tqyayg2caVET2bgdj5iiM8V8yseXK",
    "verificationMethod": [
      {
        "id": "did:key:z6MkjcrxZHykMdAQBv4tqyayg2caVET2bgdj5iiM8V8yseXK#z6MkjcrxZHykMdAQBv4tqyayg2caVET2bgdj5iiM8V8yseXK",
        "type": "JsonWebKey2020",
        "controller": "did:key:z6MkjcrxZHykMdAQBv4tqyayg2caVET2bgdj5iiM8V8yseXK",
        "publicKeyJwk": {
          "kty": "OKP",
          "crv": "Ed25519",
          "x": "TMAjbsE9aeFO9oECIX3MI1QtGawnEYOJawl-lxwa1kI"
        }
      }
    ],
    "assertionMethod": [
      "did:key:z6MkjcrxZHykMdAQBv4tqyayg2caVET2bgdj5iiM8V8yseXK#z6MkjcrxZHykMdAQBv4tqyayg2caVET2bgdj5iiM8V8yseXK"
    ],
    "authentication": [
      "did:key:z6MkjcrxZHykMdAQBv4tqyayg2caVET2bgdj5iiM8V8yseXK#z6MkjcrxZHykMdAQBv4tqyayg2caVET2bgdj5iiM8V8yseXK"
    ]
  }
}

The DID Document which we just resolved (or the example listed above) includes everything which the public needs to know in order to verify that your organization controls a given DID.

DID Documents typically includes one or more public keys, listed in the verificationMethod array. Each of these public keys are paired with a private key which is kept on the platform as an organization secret.

Keys are used to allow others to verify that certain actions are indeed done by a private key holder, and thereby by a DID. Keys are formally referred to as “Verification Methods”; their relationship to the DID are referred to as “Verification Relationships”. Examples of such verification relationships include issuance of Verifiable Credentials (keys listed in the assertionMethod array) and making Verifiable Presentations (keys listed in the authentication array). There is a many-to-many relationship between keys and the verification relationships which they can be used to perform; the id of the verificationMethods used to associate which keys are used for what. The format of this id is known as a DID-URL and always consists of the DID itself (which is in the root id follow by a # and an internal key-identifier.