Skip to content
This repository has been archived by the owner on Aug 9, 2021. It is now read-only.


Repository files navigation

⚠️ ⚠️ Deprecated in favor of Ceramic ⚠️ ⚠️

3box.js and related tools built by 3Box Labs are deprecated and no loger supported. Developers are encurraged to build with which is a more secure and decentralized protocol for sovereign data.

3Box Verification service


This service allows to associate a service handle (twitter, github, etc) to a did. It outputs a did-jwt claim containing a link that serves as proof that the service handle is linked to the did.


Get DID document

This enables us to use have the issuer DID in the claims we create.

Endpoint: GET /.well-known/did.json

Response data

  "@context": "[](",
  "id": "",
  "publicKey": [{
    "id": "",
    "type": "Secp256k1VerificationKey2018",
    "owner": "",
    "ethereumAddress": "<ethereum address of private key>"
  "authentication": [{
    "type": "Secp256k1SignatureAuthentication2018",
    "publicKey": ""

Create twitter verification

Endpoint: POST /twitter


  did: <the DID of the user>,
  twitter_handle: <the twitter handle of the user>


The response data follows the jsend standard.

Response data

  status: 'success',
  data: {
    verification: <verification-claim>

Verification claim format

  iss: '',
  sub: <did of the user>,
  iat: <current timestamp in seconds>,
  claim: {
    twitter_handle: <twitter handle of user>,
    twitter_proof: <url of tweet containing users DID>

Verify email address

Endpoint: POST /send-email-verification

This endpoint sends an email to the email address in the body. This email contains the following:

  • A code C that consists of six randum digits
  • The name and image of the given DID.

Now the DID is saved along with the email address, code C, and a timestamp.


  did: <the DID of the user>,
  email_address: <the email address of the user>


The response data follows the jsend standard.

Response data

  status: 'success'

Endpoint: POST /email-verify

This endpoint takes a JWT as an input, which contains the code C, and verifies that:

  • The JWT signed by the saved DID
  • The code C in the JWT is the same as the saved code C
  • The stored timestamp is not older than 12h


  verification: <the input-verification-claim signed by the did of the user>

Input verification claim format

  iss: <the users DID>,
  sub: '',
  iat: <current timestamp in seconds>,
  claim: {
     code: <the 6 digit code>

Output verification claim format

  iss: '',
  sub: <the users DID>,
  iat: <current timestamp in seconds>,
  claim: {
    email_address: <the email address of the user>,
    code: <the 6 digit code>


The response data follows the jsend standard.

Response data

  status: 'success',
  data: {
    verification: <output-verification-claim>

