ActivityPub/Primer/Object identifiers

Per the spec, object identifiers must be dereferenceable URIs or null.

If the identifier is not dereferenceable, a good fallback is to treat the object identifier as a unique string that can't be dereferenced.

Fragments

In URIs, a fragment is a string at the end of the URI that defines a part of the document retrieved by the full URI. The format of the fragment in an URL depends on the content media type. For example, in an HTML document, it is resolved using an element's id or name property.

In ActivityPub, fragments are sometimes used when the implementer wants to refer to a part of an object or collection without creating a fully dereferenceable URL for that part. For example, referring to the publicKey of an actor by <actor ID>#publicKey.

To resolve a fragment in a URI, an ActivityPub implementation should try the following:

1. Check whether the fragment is the name of a top-level property of the document. This is a common technique in ActivityPub.
2. Check whether the fragment is a standard path to a property in the document, for example using JSON Pointer or Linked Data Fragments.
3. If no resolution mechanism works, treat the object identifier as an opaque, unresolvable string.

Notable uses of fragments

• Mastodon uses fragments for key IDs in HTML signatures.
• Mastodon uses fragments for identifying Like activities.

Guidance for implementers

To improve interoperability, implementers should follow these guidelines:

1. Publishers should avoid using fragments in object identifiers for ActivityPub, because there is not a standard defined for dereferencing them. Usually it's possible to provide a first-class URI for every object, so unnecessary to use fragments.
2. Consumers should be aware that some object identifier URIs will include fragments. They should at least implement the technique of mapping a fragment to a property name.

HTTPS

As of this writing, in 2024, HTTPS is the standard for delivering HTTP data across the Web. Many systems require HTTPS and give warnings or errors if a bare HTTP URL is encountered. This is also true for the ActivityPub federation protocol and for the ActivityPub API.

Guidance for implementers

To improve interoperability, implementers should follow these guidelines:

1. Publishers should avoid using bare http:// URIs as identifiers or endpoints in ActivityPub.
2. Consumers should not accept bare http:// URIs as identifiers or endpoints except for explicitly allowlisted remote servers (for example, inside a firewall or virtual network).