The gateway's self-published DID document.
Returns a W3C DID Core v1-compatible document with the gateway’s
Ed25519 public key under authentication[]. A2A peers that
accept did_signed requests fetch this to verify the gateway’s
outbound signatures.
Availability: only registered when the gateway has a DID
identity configured via env — BINDU_GATEWAY_DID_SEED,
BINDU_GATEWAY_AUTHOR, and BINDU_GATEWAY_NAME all set. When no
identity is loaded this endpoint returns 404.
Caching: the gateway’s DID is stable across process lifetime
(env-driven); responses carry Cache-Control: public, max-age=300
as a defense against bad caches that would otherwise hold the key
indefinitely.
Content-Type: application/did+json per W3C DID Core, not
plain application/json. Some DID resolvers enforce the media
type.
Auth: none. Well-known endpoints are public by spec — the whole point is that any peer can resolve the DID without credentials.
Response
DID document for the configured gateway identity.
W3C DID Core v1 document describing the gateway's identity.
Deliberately omits created — the gateway's identity is env-
driven and stateless, so there's no persisted "first published"
moment to report (W3C DID Core has created as optional).