.well-known/wayid.toml
WayID uses the IETF RFC 8615 .well-known standard for website ownership verification. By placing a wayid.toml file at a well-known URI on your domain, you prove that you control the website.
How it works
Section titled “How it works”- On the WayID dashboard, add your website as a social link.
- WayID generates a verification token (format:
wayid-verify-{16-hex-chars}). - You create a file at
https://yourdomain.com/.well-known/wayid.tomlwith the token. - WayID fetches the file and confirms the token matches.
File format
Section titled “File format”Create a file named wayid.toml in the /.well-known/ directory of your website’s root:
# WayID domain verification file# See https://docs.way.je/verify-website for details
[wayid]version = 1verification_token = "wayid-verify-a1b2c3d4e5f6g7h8"| Field | Required | Description |
|---|---|---|
version | Yes | Must be 1 |
verification_token | Yes | The token provided by WayID during setup |
The [org] section namespace is used for organization domain verification; other namespaces are reserved for future use.
Verification rules
Section titled “Verification rules”WayID performs the following checks:
-
URL resolution — Your domain is normalized and tried in order:
https://{domain}https://www.{domain}http://{domain}
-
File fetch — WayID requests
{base}/.well-known/wayid.tomlfrom each candidate URL until one succeeds. -
Token match — The file contents must contain your exact verification token.
-
HTTP status — The server must return a 2xx status code.
Each fetch has a short timeout, and WayID retries a few times with exponential backoff before giving up. (Exact timeout, retry counts, and delays may change.)
Example
Section titled “Example”If your domain is example.com and your verification token is wayid-verify-a1b2c3d4e5f6g7h8, create this file:
URL: https://example.com/.well-known/wayid.toml
# WayID domain verification file# See https://docs.way.je/verify-website for details
[wayid]version = 1verification_token = "wayid-verify-a1b2c3d4e5f6g7h8"Token generation
Section titled “Token generation”Verification tokens are deterministic HMAC-SHA256 signatures derived from your user ID, the platform, the handle or URL, and the social link’s internal ID. The same token is regenerated each time you view your verification instructions — you don’t need to store it.
Common issues
Section titled “Common issues”File not found (404)
Ensure the file is served at the exact path /.well-known/wayid.toml. Some hosting platforms require explicit configuration to serve files from .well-known/ directories.
HTTPS required WayID tries HTTPS first. If your site only serves HTTP, verification will still work as a fallback, but HTTPS is strongly recommended.
CDN or proxy caching If you use a CDN, the file might be cached. Clear your CDN cache or wait for the TTL to expire before retrying verification.