Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.truthlocks.com/llms.txt

Use this file to discover all available pages before exploring further.

Truthlocks provides public endpoints for resolving issuer identities using W3C Decentralized Identifiers (DIDs) and retrieving signing keys via JSON Web Key Sets (JWKS). These endpoints enable standards-based key verification without proprietary integrations.

DID resolution

Every issuer has a DID in the format did:truthlock:{issuer_id} that resolves to a W3C DID Document containing their public key material and service endpoints. DIDs are automatically assigned when an issuer is created.

Endpoint

GET /v1/public/did/{did}
No authentication required. Responses are cached for 1 hour.

Example request

curl https://api.truthlocks.com/v1/public/did/did:truthlock:iss_p4q5r6

Example response

{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://w3id.org/security/suites/jws-2020/v1"
  ],
  "id": "did:truthlock:iss_p4q5r6",
  "controller": "did:truthlock:iss_p4q5r6",
  "verificationMethod": [
    {
      "id": "did:truthlock:iss_p4q5r6#key-1",
      "type": "Ed25519VerificationKey2020",
      "controller": "did:truthlock:iss_p4q5r6",
      "publicKeyJwk": {
        "kty": "OKP",
        "crv": "Ed25519",
        "x": "base64url-encoded-public-key",
        "kid": "key-1",
        "alg": "ed25519"
      }
    }
  ],
  "authentication": ["did:truthlock:iss_p4q5r6#key-1"],
  "assertionMethod": ["did:truthlock:iss_p4q5r6#key-1"],
  "service": [
    {
      "id": "did:truthlock:iss_p4q5r6#verification",
      "type": "TruthlockVerification",
      "serviceEndpoint": "https://api.truthlocks.com/v1/verify"
    },
    {
      "id": "did:truthlock:iss_p4q5r6#portfolio",
      "type": "TruthlockPortfolio",
      "serviceEndpoint": "https://verify.truthlocks.com/portfolio"
    }
  ]
}
The response uses Content-Type: application/did+json.

Verification method types

The key type in the DID Document depends on the issuer’s signing algorithm:
AlgorithmVerification typeJWK key typeCurve
Ed25519Ed25519VerificationKey2020OKPEd25519
ES256JsonWebKey2020ECP-256
RS256JsonWebKey2020RSA

JWKS endpoint

Retrieve all active public keys for an issuer as a standard JSON Web Key Set.

Endpoint

GET /v1/public/issuers/{issuer_id}/jwks.json
No authentication required. Responses are cached for 1 hour.

Example request

curl https://api.truthlocks.com/v1/public/issuers/iss_p4q5r6/jwks.json

Example response

{
  "keys": [
    {
      "kty": "OKP",
      "crv": "Ed25519",
      "x": "base64url-encoded-public-key",
      "kid": "key-1",
      "alg": "ed25519"
    }
  ]
}

When to use each endpoint

Use caseEndpoint
Verify a proof bundle offline using the issuer_did fieldDID resolution
Validate JWT signatures from Truthlocks servicesJWKS
Build integrations that follow W3C Verifiable Credentials standardsDID resolution
Integrate with existing OIDC/JWT infrastructureJWKS

Using DIDs in proof bundles

The issuer_certificate.issuer_did field in a proof bundle contains the issuer’s DID. You can resolve it to retrieve the public key and independently verify the attestation signature without relying on Truthlocks infrastructure.