A handle is a human-friendly identifier for user accounts, similar to usernames in other social media platforms within the AT Protocol. While Decentralized Identifiers (DIDs) serve as the permanent technical identifiers for accounts, handles provide a more memorable and user-friendly way to reference accounts. As such, handles facilitate user discovery, allowing users to use domains they control for their identity and maintain that same public identity while changing service providers.
Handles in the AT Protocol are structured as domain names, following the format:
username.tld
username.domain.tld
For example,
alice.bsky.social
andbob.example.com
are both valid handles.
This domain-based approach allows users to maintain their identity under domains they control, aiming to provide a robust DNS-based account verification mechanism at the protocol level.
Handles support Internationalized Domain Names (IDNs), allowing non-ASCII characters through Punycode encoding. For example, the handle xn--ls8h.test
would display as 💩.test
in supporting applications.
For handles to function in the AT Protocol, they must resolve to a Decentralized Identifier (DID). This resolution happens through one of two methods:
_atproto.{handle}
containing the DIDhttps://{handle}/.well-known/atproto-did
returning the DIDThis resolution system ensures that only those with control over a domain can claim handles on that domain.
The link between a handle and a DID must be verified bidirectionally. This means the handle must resolve to the DID, and, conversely, the DID document must list the handle in its alsoKnownAs
field. This two-way verification prevents unauthorized handle claims.