Learn

Create a did:web

DIDs using the web method host the DID document on a publicly accessible domain in order to make the document and contents available.

For example, MATTR has a did:web using our own domain did:web:mattr.global. This DID is hosted on our website at https://mattr.global/.well-known/did.json. DIDs may also be hosted at specific paths on your website.

Constraints

  • did:webs inherently rely on the security of the website the DID Document is hosted on. We would only recommend the use of this type of DID on trusted and known sites/domains, such as government agencies and enterprises.

  • Message signing is not possible at this time using DIDs that only contain a bls12381g2 key type. Note that MATTR VII creates did:web with multiple key types by default to overcome this constraint.

  • When you create a new credential configuration and don't specify an explicit issuer DID, the most recently created did:web on your tenant is used as an issuer DID by default.

DIDs created on your tenant can be viewed on our Self Service Portal.

Request

Make the following request to create a did:web:

http
Copy to clipboard.
1POST https://YOUR_TENANT_URL/v1/dids
json
Copy to clipboard.
1{
2  "method": "web",
3  "options": {
4    "url": "organization.com"
5  }
6}

  • method: Set to web in order to create a did:web.

  • url: The domain that will host the DID document. When using MATTR VII, this would likely be your tenant's URL.

Unlike the request to create a did:key, this request doesn't include a keyType attribute. MATTR VII creates all did:web with multiple key types by default. This enables issuers to issue different types of credentials from a single DID, making use of the different key types features:

  • P-256:

    • This is the default option for signing Compact Credentials.

  • Bls12381G2Key2020:

    • This is the default option for signing Web Credentials.

    • Supports ZKP-enabled credentials.

    • Supports key rotation.

  • X25519 suite:

    • Ed25519: Recommended when the web:did is used as a Verifier DID, as it supports symmetric key signing required for verifying messages.

Response

json
Copy to clipboard.
1{
2    "did": "did:web:organization.com",
3    "registrationStatus": "PROCESSING",
4    "localMetadata": {
5        "keys": [
6            {
7                "didDocumentKeyId": "did:web:organization.com#z12KpjmH",
8                "kmsKeyId": "aa87d1be-d4f9-4ff0-87b8-8af7b45871c8"
9            },
10            {
11                "didDocumentKeyId": "did:web:organization.com#7qLxNRsFS9",
12                "kmsKeyId": "5f2bf621-8b96-47d8-893b-db48b8bc2947"
13            },
14            {
15                "didDocumentKeyId": "did:web:organization.com#22NxLGzcwD",
16                "kmsKeyId": "70f5cba8-ec85-4770-a40d-27012e4f652f"
17            },
18            {
19                "didDocumentKeyId": "did:web:organization.com#2TurnSmooY",
20                "kmsKeyId": "68787eec-7bde-4cda-9dc1-b73007c3d48d"
21            }
22        ],
23        "registered": 1684275207499,
24        "initialDidDocument": {
25            "@context": [
26                "https://w3.org/ns/did/v1",
27                "https://w3id.org/security/suites/x25519-2019/v1",
28                "https://w3id.org/security/suites/jws-2020/v1",
29                "https://w3id.org/security/suites/ed25519-2018/v1",
30                "https://w3id.org/security/bbs/v1"
31            ],
32            "id": "did:web:organization.com",
33            "authentication": [
34                "did:web:organization.com#7qLxNRsFS9"
35            ],
36            "assertionMethod": [
37                "did:web:organization.com#z12KpjmH",
38                "did:web:organization.com#7qLxNRsFS9",
39                "did:web:organization.com#22NxLGzcwD"
40            ],
41            "capabilityDelegation": [
42                "did:web:organization.com#z12KpjmH",
43                "did:web:organization.com#7qLxNRsFS9",
44                "did:web:organization.com#22NxLGzcwD"
45            ],
46            "capabilityInvocation": [
47                "did:web:organization.com#z12KpjmH",
48                "did:web:organization.com#7qLxNRsFS9",
49                "did:web:organization.com#22NxLGzcwD"
50            ],
51            "verificationMethod": [
52                {
53                    "id": "did:web:organization.com#z12KpjmH",
54                    "controller": "did:web:organization.com",
55                    "type": "JsonWebKey2020",
56                    "publicKeyJwk": {
57                        "kty": "EC",
58                        "crv": "P-256",
59                        "x": "nAW2_ezqvNlSDYUyrpN3pAlRnWVH5D6-6G4iZS0ZoxI",
60                        "y": "bSeCEF-erfdu7ZuTv6u6Ps_YJCCvvJ_nkaaFNynn1dQ"
61                    }
62                },
63                {
64                    "id": "did:web:organization.com#7qLxNRsFS9",
65                    "controller": "did:web:organization.com",
66                    "type": "Ed25519VerificationKey2018",
67                    "publicKeyBase58": "7qLxNRsFS9T9bfa29a8YDrhsabKQsA5nmbT8RkbcdMm4"
68                },
69                {
70                    "id": "did:web:organization.com#22NxLGzcwD",
71                    "controller": "did:web:organization.com",
72                    "type": "Bls12381G2Key2020",
73                    "publicKeyBase58": "22NxLGzcwDb9oEtXCjT4gYEjemNX4vTL779hFHUSKEgMGNCLzbtdek4UN9jXbfHsgQ4TDS7FVnNFYTzzMaoSPhXGVDUTb6wiUx6ny9qwa6Rye398tEMLgg3Ki5CPX65MBnGP"
74                }
75            ],
76            "keyAgreement": [
77                {
78                    "id": "did:web:organization.com#2TurnSmooY",
79                    "controller": "did:web:organization.com",
80                    "type": "X25519KeyAgreementKey2019",
81                    "publicKeyBase58": "2TurnSmooYqT18Y5fi8Gh8HFNsAiSpTdoMNgSE6gvwUg"
82                }
83            ]
84        }
85    }
86}