Platform Concepts
Trust Registry
Every artifact issued by DeepaData receives a certificate ID and a permanent registry entry. The registry enables independent verification without contacting DeepaData.
Overview
The Trust Registry is a permanent, queryable record of all DeepaData-issued certificates. Each entry records the issuer DID, subject VitaPass reference, profile, conformance level, timestamp, and cryptographic proof.
Key principle: The registry is the source of truth. Verification is a query, not a conversation. Anyone can verify a DeepaData-issued artifact against the registry without contacting DeepaData.
Registry Entry Structure
Each registry entry contains the following fields:
| Field | Type | Description |
|---|---|---|
| certificate_id | string | Unique certificate identifier (cert_...) |
| issuer_did | string | DID of the issuing authority |
| subject_vp_id | string | null | VitaPass subject identifier (if bound) |
| profile | string | essential | extended | full | partner:<profile_id> |
| conformance_level | string | sealed | certified |
| created_at | ISO 8601 | Timestamp of issuance |
| envelope_hash | string | SHA-256 hash of the sealed envelope |
| status | string | valid | revoked |
{
"certificate_id": "cert_01HZ3G7K...",
"issuer_did": "did:web:deepadata.com",
"subject_vp_id": "vp-01HZ3GKWP7...",
"profile": "extended",
"conformance_level": "sealed",
"created_at": "2026-03-13T10:30:00Z",
"envelope_hash": "sha256:a1b2c3d4...",
"status": "valid"
}Self-sealed vs Registry-listed
Both self-sealed and DeepaData-issued artifacts are cryptographically valid. The difference is the trust anchor.
Self-sealed
- Cryptographically tamper-evident
- Free. No API key required.
- No registry entry
- Cannot prove issuer accountability
Registry-listed
- Cryptographically tamper-evident
- Permanent registry entry
- DeepaData as accountable CA
- VitaPass binding automatic
Verification API
The registry provides a public verification endpoint. No API key required.
GET /api/v1/verify/{id}
Retrieve certificate details by certificate ID.
# Verify a certificate (no API key required)
curl https://www.deepadata.com/api/v1/verify/cert_01HZ3G7K...Response
{
"valid": true,
"registry_listed": true,
"conformance_level": "sealed",
"certificate": {
"id": "cert_01HZ3G7K...",
"issuer_did": "did:web:deepadata.com",
"subject_vp_id": "vp-01HZ3GKWP7...",
"profile": "extended",
"created_at": "2026-03-13T10:30:00Z",
"status": "valid"
}
}POST /api/v1/verify
Verify a .ddna envelope directly by submitting its contents.
# Verify an envelope (API key required)
curl -X POST https://www.deepadata.com/api/v1/verify \
-H "Authorization: Bearer dda_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{ "envelope": { ... } }'Certificate Permalink
Every DeepaData-issued certificate has a permanent public permalink.
https://deepadata.com/verify/{certificate_id}
This page displays certificate details, conformance level, certification checks (for Certified level), and the cryptographic proof. Designed for auditors and regulators.
VitaPass Integration
Every DeepaData-issued seal links to a VitaPass subject identifier when provided. The registry entry records this binding.
Subject Binding
When subject_vp_id or subject_ref is provided to /v1/issue, the registry entry includes the VitaPass reference. The subject can present their governed history to relying parties.
Rate Limits
The public verification endpoint is rate-limited to prevent abuse.
| Endpoint | Limit | Window |
|---|---|---|
| GET /api/v1/verify/{id} | 30 requests | per minute per IP |
| POST /api/v1/verify | 60 requests | per minute per API key |