Request body
Response (200)
verified is false, attestation is absent and a message field describes the failure reason.
Errors
Attestation lifetime
The attestation is a signed JWT-like payload (HMAC-SHA256 keyed byATTESTATION_SIGNING_KEY) that expires in 300 seconds (ATTESTATION_TTL_SECONDS). It is passed as attestation in the subsequent POST /api/dids call to prove ownership.