Domain Verification

Verify your domain ownership for enhanced security and increased user trust.

Domain Verification service is a security feature of Affinidi Trust Network that enables developers to verify the domain ownership displayed in the Affinidi Vault’s consent screen. It empowers users to decide whether to share their data with the requesting domain.

Benefits of Domain Verification

  • Enhanced Security: Domain Verification provides proof of control over the domain. It adds the Verified by Affinidi checkmark on the consent page, which informs users that they are securely sharing their data to the correct website.

  • Increased User Trust: Domain Verification strengthens user confidence in the website as Affinidi verifies the developer’s domain ownership, leading to better user engagement and data sharing.

How Domain Verification Works

    actor Developer
    participant Affinidi Portal
    participant Domain Verification
    participant Website

    Developer->>Affinidi Portal: Verify Domain
    Affinidi Portal->>Domain Verification: Configured domain value
    Domain Verification->>Domain Verification: Generates a did:web document based on configured domain
    Domain Verification->>Affinidi Portal: Respond with the did:web document
    Affinidi Portal->>Developer: Downloads the did:web document
    Developer-->>Website: Upload the did:web document to the specified location
    Developer->>Affinidi Portal: Clicked on "I've hosted it"
    Affinidi Portal->>Domain Verification: Initiate verification of the did:web document
    Domain Verification->>Website: Parse the did:web document on the specified path
    Domain Verification->>Domain Verification: Verifies that the did:web document is valid
    Domain Verification->>Affinidi Portal: Respond with the verification status
    Affinidi Portal->>Affinidi Portal: Update the Login Configuration with verified domain

Using the Domain Verification service in the Affinidi Portal, the service will generate a did:web document that developers must upload to the hosting server in the following path - https://[DOMAIN]/.well-known/did.json. After the file is hosted on the specified location, the service will parse the did:web document to validate the content and update the domain as verified if successful.

Once the configured domain is verified, users will see a checkmark on the Consent flow when sharing their data to ensure they share it with the verified domain.

How to Verify the Domain on Affinidi Login

To verify the domain configured on the Login Configuration, go to the Affinidi Login page of  Affinidi Portal.

  1. Open the Login Configuration if you would like to have the domain verified.

  2. Click on the Verify button in the Configuration Details section.

Domain Verification - verify
  1. Confirm that the domain value is correct and click on Continue button.

If you need to update the value, click on the Login Configuration Detail link and update the Origin URL field.

Domain Verification - Step 1
  1. The service will generate the required did:web document (as an example below). Download the did:web document.
  "id": "",
  "@context": "",
  "publicKey": [
      "id": "",
      "type": "Secp256k1VerificationKey2018",
      "publicKeyHex": "0338e112f1ebefb3114e7b8d41d6f5068e063b0a86345a455af952285987hyfr69",
      "controller": ""
  "verificationMethod": [
      "id": "",
      "controller": "",
      "type": "Secp256k1VerificationKey2018",
      "publicKeyHex": "0338e112f1ebefb3114e7b8d41d6f5068e063b0a86345a455af952285987hyfr69"
  "authentication": [
  "assertionMethod": [
  1. Upload the downloaded did:web document in the .well-known directory of your website and ensure the file name is did.json.

For example, if you specified the domain as, you must upload the did:web document in the location

  1. Once you upload the did.json file, go back to the Affinidi Portal - Domain Verification page and click on I’ve hosted it button to start the verification.
Domain Verification - Step 2

Once successful, the Login Configuration will be updated with a verified domain, and the same verified tag will be reflected on Affinidi Vault’s consent page when users share their data.

Domain Verification - Verified

If the verification fails, ensure that you have uploaded the did.json file to the correct path - https://[DOMAIN]/.well-known/did.json and the path is publicly accessible, then click on the Retry button.

Domain Verification - Consent page

Once Affinidi verifies the domain, users will see a verified checkmark on the Consent screen of the Affinidi Vault when sharing their data, increasing user trust and providing better user experience.