The DomainAttest Hub aggregates every participating registrar behind a single API. A relying party registers one client_id, integrates one authorization flow, and gains ownership verification against all connected registrars — current and future — with no per-registrar work.
Hub mode is defined in Section 5 of the specification. The hub proxies discovery and redirection to the domain’s sponsoring registrar; the attestation returned to the relying party is the registrar-signed JWT, unmodified. The hub adds no signature and cannot forge attestations — validation is identical to direct mode, so hub and direct participants interoperate without coordination.
GET /domainattest/hub/authorize discovery + redirect to the domain's registrar
POST /domainattest/hub/token code exchange, proxied to the issuing registrar
(include the domain parameter so the hub can route)
The hub API base is https://www.atom.com/domainattest/hub. Everything the hub returns is registrar-signed and independently verifiable against the issuing registrar’s published keys.
client_id and redirect URIs once with the hub by emailing service@atom.com. v1 uses static registration per spec section 8.The hub is free to use and implements the open specification. Attestations remain signed by the registrar of record and independently verifiable.