> ## Documentation Index > Fetch the complete documentation index at: https://docs.truthlocks.com/llms.txt > Use this file to discover all available pages before exploring further. # DID & JWKS discovery > Resolve issuer identities and public keys using standard discovery protocols. Truthlocks provides public endpoints for resolving issuer identities using W3C Decentralized Identifiers (DIDs) and retrieving signing keys via JSON Web Key Sets (JWKS). These endpoints enable standards-based key verification without proprietary integrations. ## DID resolution Every issuer has a DID in the format `did:truthlock:{issuer_id}` that resolves to a W3C DID Document containing their public key material and service endpoints. DIDs are automatically assigned when an issuer is created. ### Endpoint ```text theme={null} GET /v1/public/did/{did} ``` No authentication required. Responses are cached for 1 hour. ### Example request ```bash theme={null} curl https://api.truthlocks.com/v1/public/did/did:truthlock:iss_p4q5r6 ``` ### Example response ```json theme={null} { "@context": [ "https://www.w3.org/ns/did/v1", "https://w3id.org/security/suites/jws-2020/v1" ], "id": "did:truthlock:iss_p4q5r6", "controller": "did:truthlock:iss_p4q5r6", "verificationMethod": [ { "id": "did:truthlock:iss_p4q5r6#key-1", "type": "Ed25519VerificationKey2020", "controller": "did:truthlock:iss_p4q5r6", "publicKeyJwk": { "kty": "OKP", "crv": "Ed25519", "x": "base64url-encoded-public-key", "kid": "key-1", "alg": "ed25519" } } ], "authentication": ["did:truthlock:iss_p4q5r6#key-1"], "assertionMethod": ["did:truthlock:iss_p4q5r6#key-1"], "service": [ { "id": "did:truthlock:iss_p4q5r6#verification", "type": "TruthlockVerification", "serviceEndpoint": "https://api.truthlocks.com/v1/verify" }, { "id": "did:truthlock:iss_p4q5r6#portfolio", "type": "TruthlockPortfolio", "serviceEndpoint": "https://verify.truthlocks.com/portfolio" } ] } ``` The response uses `Content-Type: application/did+json`. ### Verification method types The key type in the DID Document depends on the issuer's signing algorithm: | Algorithm | Verification type | JWK key type | Curve | | --------- | ---------------------------- | ------------ | --------- | | Ed25519 | `Ed25519VerificationKey2020` | `OKP` | `Ed25519` | | ES256 | `JsonWebKey2020` | `EC` | `P-256` | | RS256 | `JsonWebKey2020` | `RSA` | — | ## JWKS endpoint Retrieve all active public keys for an issuer as a standard JSON Web Key Set. ### Endpoint ```text theme={null} GET /v1/public/issuers/{issuer_id}/jwks.json ``` No authentication required. Responses are cached for 1 hour. ### Example request ```bash theme={null} curl https://api.truthlocks.com/v1/public/issuers/iss_p4q5r6/jwks.json ``` ### Example response ```json theme={null} { "keys": [ { "kty": "OKP", "crv": "Ed25519", "x": "base64url-encoded-public-key", "kid": "key-1", "alg": "ed25519" } ] } ``` ## When to use each endpoint | Use case | Endpoint | | ------------------------------------------------------------------- | -------------- | | Verify a proof bundle offline using the `issuer_did` field | DID resolution | | Validate JWT signatures from Truthlocks services | JWKS | | Build integrations that follow W3C Verifiable Credentials standards | DID resolution | | Integrate with existing OIDC/JWT infrastructure | JWKS | ## Using DIDs in proof bundles The `issuer_certificate.issuer_did` field in a [proof bundle](/specification/proof-bundle) contains the issuer's DID. You can resolve it to retrieve the public key and independently verify the attestation signature without relying on Truthlocks infrastructure. ## Related * [Proof bundle format](/specification/proof-bundle) — The cryptographic proof format that references issuer DIDs. * [Issuer keys API](/api-reference/issuers/keys) — Manage issuer signing keys.