An ARA network node that resolves an identifier to its corresponding keystore

Usage no npm install needed!

<script type="module">
  import araIdentityResolver from '';



Build Status">

Ara Universal Resolver is a universal resolver implementation that providers a driver for the did:ara: method.


$ npm install arablocks/ara-identity-resolver


Starting with ann

The resolver can be started with the ann command line tool.

$ ann -t ara-identity-resolver \
  --secret 'SHARED_SECRET' \
  --keyring 'path/to/keyring' \

Try ann -t ara-identity-resolver --help if you run into any issues. See Runtime Configuration below for more configuration options. See Generating Network Keys to generate keys for this resolver.

Programmtic usage

Ara Identity Resolver implements ARA RFC 0002 enabling programmatic usage of the node.

const {
} = require('ara-identity-resolver')

  .then((node) => node.on('error', console.error))

HTTP Server Routes

This section describes the public HTTP routes implemented in server. If the route is not defined, the server will return a 404. If the route is known, but lacking implementation, the server will return a 503. Identifiers that can be correctly resolved return a 200. Internal server errors will return a 500 and resolution times will return a 408.

GET /1.0/identifiers/:did

This route matches version 1.0 DID identifiers.

DID Method Actions

This secion describes the DID methods implemented by this node.


The ara DID method resolves a DDO document for a DID if resolution is successful. The node will persist a local cache that it will check before asking the network or local file system. Cached documents can expire based on a configured TTL.

Runtime Configuration

Ara Identity Resolver makes use of various runtime configuration to configure how the node runs. They are documented in this section.


Configuration related to the server running in this node.


The time in milliseconds before a HTTP request times out the response.

Default: 5000


The server port to listen to incoming HTTP requests on.

Default: 8000


Configuration related to the document cache database.


An array of existing nodes to share cache lookups with. Each entry should be a valid Ara Identity URI or identifier.

Default: []


The time in milliseconds a cached entry should be valid for.

Default: 10000

Configuration related to the document cache database data store.

The path to the data root of the document cache database data store.

Default: ~/.ara/identities/cache

Generating Network Keys

The Ara Identity Resolver runs bound to an identity and a set of network keys that live in a network keyring. Before you can start a network node, you'll need an identity and network keys for it.

Creating an identity:

$ aid create # password is 'hello'

The identity created gave us this did did:ara:53f126d0380eddd5c15980c7b4a4ccd6245d4b3ae47c3c3eab375f0eef172754 which is what we'll need to create keys and a keyring next.

Keys and a keyring can be created with ank. The keyring is append only so you can keep writing to it, even if it already exists.

To use the node, a network name and secret must be created. The network name will be used in the node and the secret is token that gives the node access to the keyring.

Creating network keys:

$ ank --network \
    --identity did:ara:53f126d0380eddd5c15980c7b4a4ccd6245d4b3ae47c3c3eab375f0eef172754 \
    --keyring ./keyring \
    --secret 'SECRET'

This just created network keys for a network named secured in the ./keyring file. should also exist. The keyring and the keys are bound to the given identity. You should have been prompted for your password. Your password unlocked your secret key which was used to secure your keyring. is actually the shared or public version of the keyring which can be delegated to other interested partities.





See Also