1 of 7

Create DIDs and Identity Keys

Create Decentralized Identifiers (DIDs) and identity keys using cheqd's DID Method (did:cheqd).

A Decentralized Identifier "DID" is a globally unique identifier that does not require a centralized registration authority because it is registered with distributed ledger technology or other form of decentralized network.

Learn about DIDs If you want to learn about what DIDs are, please go over to our learning site here.

What options do I have for creating DIDs on cheqd?

There are many different ways to create DIDs on cheqd, with options for easy integration (e.g. cheqd Studio) and more bespoke integrations (e.g. Credo, ACA-Py and Veramo). Below are a list of SDK options for creating cheqd DIDs.

Get started with cheqd Studio

The easiest way to start creating DIDs is with our product cheqd Studio, allowing users to build and create did:cheqd DIDs using REST APIs.

Partner SaaS support

cheqd DIDs are also supported in a range of SaaS offerings from cheqd partners, making it possible to use did:cheqd across different platforms:

Read up on our DID Method

DIDs created on cheqd use the did:cheqd DID Method. This is fully defined below, as well as the associated ledger-write fees:

Create a DID

Create a Decentralized Identifier (DID) with the did:cheqd DID method using cheqd Studio.

In cheqd Studio, you can easily create and publish a did:cheqd DID to the cheqd testnet or mainnet, anchoring it on-ledger with associated public keys and metadata. This DID can then be used to:

Sign and issue verifiable credentials as an 'issuer'.
Establish a trusted identity on cheqd for entities like organisations, digital products or AI Agents.
Serve as the parent identifier for DID-Linked Resources (e.g. status lists, trust registries).

This tutorial walks through the process of creating an Issuer DID using cheqd Studio's API or interface, including how to configure your keys, DID Document, and optional service endpoints.

🔐 Once registered, the DID becomes publicly resolvable and forms the cryptographic foundation of your identity as an issuer in decentralized ecosystems.

Step 1: Set up your account

Make sure you have set up your account with cheqd Studio and have generated an API key to authenticate with our APIs, using our guides below:

Step 2: Create a DID and associated DID Document

Using the /did/create API, users have two options for creating a did:cheqd DID and associated DID Document on-ledger:

Filling out a simple form using the application/x-www-url-form-encoded or application/json option within an API client of your choice.
Compiling a full DID Document body yourself using the application/json option, using already created identity keys, within an API client of your choice.

Option 1. Choose from a few variables and we will compile the DID for you

This is the easiest way to create DIDs on cheqd and is recommended for users who are not overly familiar with compiling DID Documents.

Using application/x-www-url-form-encoded

Using the application/x-www-url-form-encoded option, users are able to choose between the following variables to compile your DID:

network (required)

"testnet" (recommended for testing)
"mainnet" (recommended for production)

identifierFormatType (required)

"uuid" - this is a Universally Unique Identifier (recommended)
"base58btc" - this is an identifier which is commonly used for Hyperledger Indy transactions

verificationMethodType (required)

"Ed25519VerificationKey2018" (recommended)
"Ed25519VerificationKey2020"

service (optional)

This input field contains the required inputs for adding in a service section to the DID Document upon creation.

From this request, cheqd Studio will automatically create and publish a DID and associated DID Document to the ledger and return it as a response.

Expected response format

Using application/json

Alternatively, you can use the application/json option and pass only a few specific inputs, for example:

Or, if you have that you want to use, you can reference the created key ID, kid, in the request:

Note that if you are passing a kid that is already created, you must also specify the verificationMethodType within options.

Using the application/json option, users are able to choose between the following variables to compile your DID:

network (required)

"testnet" (recommended for testing)
"mainnet" (recommended for production)

identifierFormatType (required)

"uuid" - this is a Universally Unique Identifier (recommended)
"base58btc" - this is an identifier which is commonly used for Hyperledger Indy transactions

verificationMethodType (required)

"Ed25519VerificationKey2018" (recommended)
"Ed25519VerificationKey2020"

key (optional)

"8255ddadd75695e01f3d98fcec8ccc7861a030b317d4326b0e48a4d579ddc43a"
This is a kid that should have been created using our .

Option 2. Publish a fully compiled DID Document body yourself

Instead of generating a DID Document using simple parameters, you can create a fully formatted DID Document yourself. Before, submitting a manually created DID, you will need to have to input the key material into the DID document.

Step 1: Create a new keypair

Use the to generate a new keypair within the Credential Service key management store. Copy the publicKeyHex.

Step 2 (option 1): Utilise the DID Document template helper

To simplify this process of formatting a DID Document using your own keys, we've created a . Simply paste in your publicKeyHex and choose the variables to compile your DID Document template.

Step 3: Paste the response

Within the /did/create JSON payload, paste the response of your DID Document template, with your own signing keys.

Request format:

Step 2 (option 2) Use application/json options

Alternatively, you can use the application/json request format below.

You can use the kid created from Step 1 within the options section, and then compile the remainder of tour DID Document.

Step 3: Hit execute on the API

Hit execute on the API below to create your did:cheqd DID and associated DID Document.

List DIDs associated with your account

After creating a DID or multiple DIDs, users can list all the created DIDs associated with their account. Using the /did/list API.

Alternatives

Below are a list of alternatives for creating cheqd DIDs.

Create Identity Keys

Create a standalone public/private keypair, used to create Decentralized Identifiers (DIDs), using cheqd Studio.

In decentralized identity systems, all actors—whether Issuers, Holders, or Verifiers—require cryptographic keys to prove control over a Decentralized Identifier (DID) and to sign or verify interactions (e.g. credential issuance or presentation).

This tutorial guides you through generating a key pair that can be used to:

✅ Create a new DID (e.g. did:cheqd or did:key)

Create a Subject DID

Create a 'Holder' or 'Subject' Decentralized Identifier (DID), of method did:key using cheqd Studio.

In decentralized identity systems, Holders (also referred to as Subjects) are the recipients of Verifiable Credentials—typically representing individuals, organisations, objects or devices.

To enable credential interactions such as receiving, presenting, and proving control over an identity, each Holder needs a unique cryptographic key pair. This key pair is used to create a Decentralized Identifier (DID) that represents their identity.

Use Cases for Holder Identity Keys

After generating a key pair using the API below, you can use it to:

✅ Generate a did:key identifier, an off-ledger, self-contained DID that is ideal for lightweight identity use cases

Why Use `did:key` for Holders?

The did:key method is a simple, deterministic DID method that embeds the Holder’s public key directly into the DID itself. It doesn’t require blockchain anchoring, making it:

⚡ Fast and lightweight – no on-ledger operations required
🔐 Privacy-preserving – good for ephemeral or throwaway identifiers
🧪 Useful for testing and interoperability – widely supported by wallets and agent frameworks

Many ecosystems choose did:key for wallet-based identities, while keeping issuer DIDs on-ledger (e.g. did:cheqd) to ensure resolvability and public trust.

Take a deeper look into the did:key specification here:

Note that there are also perfectly valid use cases for using a did:cheqd DID for a 'Holder' or 'Subject' DID as well, where it is valuable to have the 'Holder' / 'Subject' identifiable on-chain.

For example, AI Agents, Organisations or products in a supply chain are good use cases for using did:cheqd.

This is because the 'Holder' / 'Subject' does not have Personally Identifiable Information (PII) associated with it.

Get Started

To create a did:key DID, you can generate an identity key pair using the API below on cheqd Studio.

Resolve a DID

Resolve a did:cheqd Decentralized Identifier (DID) to fetch the associated DID Document, using cheqd Studio.

Resolving a DID means retrieving the associated DID Document, which contains the public keys, service endpoints, and metadata that describe and verify the identity. In decentralized identity systems, DID resolution is the foundation for:

Verifying the authenticity of a DID
Retrieving public keys for signature validation
Accessing service endpoints (e.g. credential issuance APIs)
Dereferencing to DID-Linked Resources (DLRs), such as status lists or trust registries.

A user is able to input a DID (string) as a request format and resolve the DID to fetch the associated DID Document, DID Resolution Metadata and DID Document metadata.

Update a DID

Update a did:cheqd Decentralized Identifier (DID) using cheqd Studio.

Users are able to update DID Documents for various reasons, such as to include a new section (such as service) or to rotate the verificationMethod or authentication keys within the DID Document.

With the /did/update API, users are able to input either:

Deactivate a DID

Deactivate a did:cheqd Decentralized Identifier (DID) using cheqd Studio.

Deactivating a DID marks it as no longer active or in use. This process updates the DID Document on the ledger to signal to verifiers, wallets, and other clients that the DID should no longer be trusted for interactions such as credential issuance or presentation.

Once a DID is deactivated:

✅ It cannot be updated again
❌ It cannot be reactivated

Create a DID

Create a Decentralized Identifier (DID) with the did:cheqd DID method using cheqd Studio.

Sign and issue verifiable credentials as an 'issuer'.
Establish a trusted identity on cheqd for entities like organisations, digital products or AI Agents.
Serve as the parent identifier for DID-Linked Resources (e.g. status lists, trust registries).

This tutorial walks through the process of creating an Issuer DID using cheqd Studio's API or interface, including how to configure your keys, DID Document, and optional service endpoints.

🔐 Once registered, the DID becomes publicly resolvable and forms the cryptographic foundation of your identity as an issuer in decentralized ecosystems.

Step 1: Set up your account

Make sure you have set up your account with cheqd Studio and have generated an API key to authenticate with our APIs, using our guides below:

Step 2: Create a DID and associated DID Document

Using the /did/create API, users have two options for creating a did:cheqd DID and associated DID Document on-ledger:

Filling out a simple form using the application/x-www-url-form-encoded or application/json option within an API client of your choice.
Compiling a full DID Document body yourself using the application/json option, using already created identity keys, within an API client of your choice.

Option 1. Choose from a few variables and we will compile the DID for you

This is the easiest way to create DIDs on cheqd and is recommended for users who are not overly familiar with compiling DID Documents.

Using application/x-www-url-form-encoded

Using the application/x-www-url-form-encoded option, users are able to choose between the following variables to compile your DID:

network (required)

"testnet" (recommended for testing)
"mainnet" (recommended for production)

identifierFormatType (required)

"uuid" - this is a Universally Unique Identifier (recommended)
"base58btc" - this is an identifier which is commonly used for Hyperledger Indy transactions

verificationMethodType (required)

"Ed25519VerificationKey2018" (recommended)
"Ed25519VerificationKey2020"

service (optional)

This input field contains the required inputs for adding in a service section to the DID Document upon creation.

From this request, cheqd Studio will automatically create and publish a DID and associated DID Document to the ledger and return it as a response.

Expected response format

Using application/json

Alternatively, you can use the application/json option and pass only a few specific inputs, for example:

Or, if you have that you want to use, you can reference the created key ID, kid, in the request:

Note that if you are passing a kid that is already created, you must also specify the verificationMethodType within options.

Using the application/json option, users are able to choose between the following variables to compile your DID:

network (required)

"testnet" (recommended for testing)
"mainnet" (recommended for production)

identifierFormatType (required)

"uuid" - this is a Universally Unique Identifier (recommended)
"base58btc" - this is an identifier which is commonly used for Hyperledger Indy transactions

verificationMethodType (required)

"Ed25519VerificationKey2018" (recommended)
"Ed25519VerificationKey2020"

key (optional)

"8255ddadd75695e01f3d98fcec8ccc7861a030b317d4326b0e48a4d579ddc43a"
This is a kid that should have been created using our .

Option 2. Publish a fully compiled DID Document body yourself

Step 1: Create a new keypair

Use the to generate a new keypair within the Credential Service key management store. Copy the publicKeyHex.

Step 2 (option 1): Utilise the DID Document template helper

To simplify this process of formatting a DID Document using your own keys, we've created a . Simply paste in your publicKeyHex and choose the variables to compile your DID Document template.

Step 3: Paste the response

Within the /did/create JSON payload, paste the response of your DID Document template, with your own signing keys.

Request format:

Step 2 (option 2) Use application/json options

Alternatively, you can use the application/json request format below.

You can use the kid created from Step 1 within the options section, and then compile the remainder of tour DID Document.

Step 3: Hit execute on the API

Hit execute on the API below to create your did:cheqd DID and associated DID Document.

List DIDs associated with your account

After creating a DID or multiple DIDs, users can list all the created DIDs associated with their account. Using the /did/list API.

Alternatives

Below are a list of alternatives for creating cheqd DIDs.

{ "@context": "https://w3id.org/did-resolution/v1", "didDidResolutionMetadata": { "contentType": "application/did+ld+json", "retrieved": "2021-09-01T12:00:00Z", "did": { "didString": "did:cheqd:testnet:55dbc8bf-fba3-4117-855c-1e0dc1d3bb47", "method": "cheqd", "methodSpecificId": "55dbc8bf-fba3-4117-855c-1e0dc1d3bb47" } }, "didDocument": { "@context": [ "https://www.w3.org/ns/did/v1" ], "id": "did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0", "controller": [ "did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0" ], "verificationMethod": [ { "id": "did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0#key-1", "type": "Ed25519VerificationKey2018", "controller": "did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0", "publicKeyBase58": "z6MkkVbyHJLLjdjU5B62DaJ4mkdMdUkttf9UqySSkA9bVTeZ" } ], "authentication": [ "did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0#key-1" ], "service": [ { "id": "did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0#service-1", "type": "LinkedDomains", "serviceEndpoint": [ "https://example.com" ] } ] }, "didDocumentMetadata": { "created": "2021-09-01T12:00:00Z", "deactivated": true, "updated": "2021-09-10T12:00:00Z", "versionId": "3ccde6ba-6ba5-56f2-9f4f-8825561a9860", "linkedResourceMetadata": [ { "resourceURI": "did:cheqd:testnet:55dbc8bf-fba3-4117-855c-1e0dc1d3bb47/resources/398cee0a-efac-4643-9f4c-74c48c72a14b", "resourceCollectionId": "55dbc8bf-fba3-4117-855c-1e0dc1d3bb47", "resourceId": "398cee0a-efac-4643-9f4c-74c48c72a14b", "resourceName": "cheqd-issuer-logo", "resourceType": "CredentialArtwork", "mediaType": "image/png", "resourceVersion": "1.0", "checksum": "a95380f460e63ad939541a57aecbfd795fcd37c6d78ee86c885340e33a91b559", "created": "2021-09-01T12:00:00Z", "nextVersionId": "d4829ac7-4566-478c-a408-b44767eddadc", "previousVersionId": "ad7a8442-3531-46eb-a024-53953ec6e4ff" } ] } }

{ "@context": "https://w3id.org/did-resolution/v1", "didDidResolutionMetadata": { "contentType": "application/did+ld+json", "retrieved": "2021-09-01T12:00:00Z", "did": { "didString": "did:cheqd:testnet:55dbc8bf-fba3-4117-855c-1e0dc1d3bb47", "method": "cheqd", "methodSpecificId": "55dbc8bf-fba3-4117-855c-1e0dc1d3bb47" } }, "didDocument": { "@context": [ "https://www.w3.org/ns/did/v1" ], "id": "did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0", "controller": [ "did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0" ], "verificationMethod": [ { "id": "did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0#key-1", "type": "Ed25519VerificationKey2018", "controller": "did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0", "publicKeyBase58": "z6MkkVbyHJLLjdjU5B62DaJ4mkdMdUkttf9UqySSkA9bVTeZ" } ], "authentication": [ "did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0#key-1" ], "service": [ { "id": "did:cheqd:testnet:7bf81a20-633c-4cc7-bc4a-5a45801005e0#service-1", "type": "LinkedDomains", "serviceEndpoint": [ "https://example.com" ] } ] }, "didDocumentMetadata": { "created": "2021-09-01T12:00:00Z", "deactivated": false, "updated": "2021-09-10T12:00:00Z", "versionId": "3ccde6ba-6ba5-56f2-9f4f-8825561a9860", "linkedResourceMetadata": [ { "resourceURI": "did:cheqd:testnet:55dbc8bf-fba3-4117-855c-1e0dc1d3bb47/resources/398cee0a-efac-4643-9f4c-74c48c72a14b", "resourceCollectionId": "55dbc8bf-fba3-4117-855c-1e0dc1d3bb47", "resourceId": "398cee0a-efac-4643-9f4c-74c48c72a14b", "resourceName": "cheqd-issuer-logo", "resourceType": "CredentialArtwork", "mediaType": "image/png", "resourceVersion": "1.0", "checksum": "a95380f460e63ad939541a57aecbfd795fcd37c6d78ee86c885340e33a91b559", "created": "2021-09-01T12:00:00Z", "nextVersionId": "d4829ac7-4566-478c-a408-b44767eddadc", "previousVersionId": "ad7a8442-3531-46eb-a024-53953ec6e4ff" } ] } }

Create DIDs and Identity Keys

hashtagWhat options do I have for creating DIDs on cheqd?

hashtagGet started with cheqd Studio

hashtagPartner SaaS support

hashtagRead up on our DID Method

Create a DID

hashtagStep 1: Set up your account

hashtagStep 2: Create a DID and associated DID Document

hashtagOption 1. Choose from a few variables and we will compile the DID for you

hashtagUsing application/x-www-url-form-encoded

hashtagUsing application/json

hashtagOption 2. Publish a fully compiled DID Document body yourself

hashtagStep 1: Create a new keypair

hashtagStep 2 (option 1): Utilise the DID Document template helper

hashtagStep 3: Paste the response

hashtagStep 2 (option 2) Use application/json options

hashtagStep 3: Hit execute on the API

hashtagList DIDs associated with your account

hashtagAlternatives

Create Identity Keys

Create a Subject DID

hashtagUse Cases for Holder Identity Keys

hashtagWhy Use did:key for Holders?

hashtagGet Started

Resolve a DID

Update a DID

Deactivate a DID

Create a DID

hashtagStep 1: Set up your account

hashtagStep 2: Create a DID and associated DID Document

hashtagOption 1. Choose from a few variables and we will compile the DID for you

hashtagUsing application/x-www-url-form-encoded

hashtagUsing application/json

hashtagOption 2. Publish a fully compiled DID Document body yourself

hashtagStep 1: Create a new keypair

hashtagStep 2 (option 1): Utilise the DID Document template helper

hashtagStep 3: Paste the response

hashtagStep 2 (option 2) Use application/json options

hashtagStep 3: Hit execute on the API

hashtagList DIDs associated with your account

hashtagAlternatives

Create a Subject DID

hashtagUse Cases for Holder Identity Keys

hashtagWhy Use did:key for Holders?

hashtagGet Started

Update a DID

Create Identity Keys

Deactivate a DID

hashtagExample Request formats

hashtagUpdate Service Section

hashtagRotate Keys

hashtagPass full updated DID Document body

hashtagGet started with the API below

hashtagWhy Identity Keys Matter

hashtagStep 1: Choose Your Key Type

hashtagStep 2: Hit the API below

hashtagStep 3 (Alternative): Fetch Identity Key Details

hashtagWhen to Deactivate a DID

hashtagSecurity Requirement

hashtagHow to Deactivate a DID

Create DIDs and Identity Keys

hashtagWhat options do I have for creating DIDs on cheqd?

hashtagGet started with cheqd Studio

hashtagPartner SaaS support

hashtagRead up on our DID Method

hashtagFetch DIDs associated with an account.

hashtagFetch an identity key pair.

Resolve a DID

hashtagCreate a DID Document.

hashtagCreate an identity key pair.

hashtagUpdate a DID Document.

hashtagCreate an identity key pair.

hashtagDeactivate a DID Document.

hashtagResolve a DID Document.

What options do I have for creating DIDs on cheqd?

Get started with cheqd Studio

Partner SaaS support

Read up on our DID Method

Step 1: Set up your account

Step 2: Create a DID and associated DID Document

Option 1. Choose from a few variables and we will compile the DID for you

Using application/x-www-url-form-encoded

Using application/json

Option 2. Publish a fully compiled DID Document body yourself

Step 1: Create a new keypair

Step 2 (option 1): Utilise the DID Document template helper

Step 3: Paste the response

Step 2 (option 2) Use application/json options

Step 3: Hit execute on the API

List DIDs associated with your account

Alternatives

Use Cases for Holder Identity Keys

Why Use `did:key` for Holders?

Get Started

Step 1: Set up your account

Step 2: Create a DID and associated DID Document

Option 1. Choose from a few variables and we will compile the DID for you

Using application/x-www-url-form-encoded

Using application/json

Option 2. Publish a fully compiled DID Document body yourself

Step 1: Create a new keypair

Step 2 (option 1): Utilise the DID Document template helper

Step 3: Paste the response

Step 2 (option 2) Use application/json options

Step 3: Hit execute on the API

List DIDs associated with your account

Alternatives

Use Cases for Holder Identity Keys

Why Use `did:key` for Holders?

Get Started

Example Request formats

Update Service Section

Rotate Keys

Pass full updated DID Document body

Get started with the API below

Why Identity Keys Matter

Step 1: Choose Your Key Type

Step 2: Hit the API below

Step 3 (Alternative): Fetch Identity Key Details

When to Deactivate a DID

Security Requirement

How to Deactivate a DID

What options do I have for creating DIDs on cheqd?

Get started with cheqd Studio

Partner SaaS support

Read up on our DID Method

Fetch DIDs associated with an account.

Fetch an identity key pair.

Create a DID Document.

Create an identity key pair.

Update a DID Document.

Create an identity key pair.

Deactivate a DID Document.

Resolve a DID Document.