diff --git a/cmd/etracker/start.go b/cmd/etracker/start.go
index 4064628..6098819 100644
--- a/cmd/etracker/start.go
+++ b/cmd/etracker/start.go
@@ -14,7 +14,10 @@ import (
 	ucancap "github.com/storacha/go-libstoracha/capabilities/ucan"
 	"github.com/storacha/go-ucanto/core/delegation"
 	"github.com/storacha/go-ucanto/did"
+	"github.com/storacha/go-ucanto/principal"
 	ed25519 "github.com/storacha/go-ucanto/principal/ed25519/signer"
+	ed25519verifier "github.com/storacha/go-ucanto/principal/ed25519/verifier"
+	rsaverifier "github.com/storacha/go-ucanto/principal/rsa/verifier"
 	"github.com/storacha/go-ucanto/principal/signer"
 	"github.com/storacha/go-ucanto/ucan"
 
@@ -267,6 +270,21 @@ func startService(cmd *cobra.Command, args []string) error {
 	// Start consolidator in a goroutine
 	go cons.Start(ctx)
 
+	// Multi-format principal parser that supports both Ed25519 and RSA keys
+	parsePrincipal := func(str string) (principal.Verifier, error) {
+		// Try Ed25519 first
+		vf, err := ed25519verifier.Parse(str)
+		if err == nil {
+			return vf, nil
+		}
+		// Try RSA if Ed25519 fails
+		vf, err = rsaverifier.Parse(str)
+		if err == nil {
+			return vf, nil
+		}
+		return nil, fmt.Errorf("failed to parse principal as Ed25519 or RSA: %s", str)
+	}
+
 	// Create server
 	server, err := server.New(
 		id,
@@ -276,6 +294,7 @@ func startService(cmd *cobra.Command, args []string) error {
 		server.WithAdminCreds(cfg.AdminDashboardUser, cfg.AdminDashboardPassword),
 		server.WithPricing(cfg.ClientEgressUSDPerTiB, cfg.ProviderEgressUSDPerTiB),
 		server.WithPrincipalResolver(presolver),
+		server.WithPrincipalParser(parsePrincipal),
 		server.WithAuthorityProofs(authProofs...),
 	)
 	if err != nil {
diff --git a/deploy/app/external.tf b/deploy/app/external.tf
index fd6c792..35c4bbb 100644
--- a/deploy/app/external.tf
+++ b/deploy/app/external.tf
@@ -44,6 +44,7 @@ data "aws_iam_policy_document" "task_external_dynamodb_scan_query_document" {
     actions = [
       "dynamodb:Scan",
       "dynamodb:Query",
+      "dynamodb:GetItem",
     ]
     resources = [
       data.aws_dynamodb_table.storage_provider_table.arn,
diff --git a/internal/presets/principal_resolver.go b/internal/presets/principal_resolver.go
index c31dc42..6e02315 100644
--- a/internal/presets/principal_resolver.go
+++ b/internal/presets/principal_resolver.go
@@ -13,6 +13,8 @@ var principalMapping = map[string]string{
 	"did:web:staging.registrar.warm.storacha.network": "did:key:z6MkuQ8PfSMrzXCwZkbQv662nZC4FGGm1aucbH256HXXZyxo",
 	"did:web:indexer.forge.storacha.network":          "did:key:z6Mkj8WmJQRy5jEnFN97uuc2qsjFdsYCuD5wE384Z1AMCFN7",
 	"did:web:staging.indexer.warm.storacha.network":   "did:key:z6Mkr4QkdinnXQmJ9JdnzwhcEjR8nMnuVPEwREyh9jp2Pb7k",
+	"did:web:up.forge.storacha.network":               "did:key:z6MkgSttS3n3R56yGX2Eufvbwc58fphomhAsLoBCZpZJzQbr",
+	"did:web:staging.up.warm.storacha.network":        "did:key:z6MkpR58oZpK7L3cdZZciKT25ynGro7RZm6boFouWQ7AzF7v",
 }
 
 type resolver struct {
diff --git a/internal/server/server.go b/internal/server/server.go
index 154632e..af8a031 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -25,6 +25,7 @@ type config struct {
 	clientEgressUSDPerTiB   float64
 	providerEgressUSDPerTiB float64
 	principalResolver       validator.PrincipalResolver
+	principalParser         validator.PrincipalParserFunc
 	authProofs              []delegation.Delegation
 }
 
@@ -56,6 +57,12 @@ func WithPrincipalResolver(resolver validator.PrincipalResolver) Option {
 	}
 }
 
+func WithPrincipalParser(parser validator.PrincipalParserFunc) Option {
+	return func(c *config) {
+		c.principalParser = parser
+	}
+}
+
 func WithAuthorityProofs(authProofs ...delegation.Delegation) Option {
 	return func(c *config) {
 		c.authProofs = authProofs
@@ -81,6 +88,10 @@ func New(id principal.Signer, svc service.Service, cons *consolidator.Consolidat
 		ucantoOpts = append(ucantoOpts, ucanto.WithPrincipalResolver(cfg.principalResolver.ResolveDIDKey))
 	}
 
+	if cfg.principalParser != nil {
+		ucantoOpts = append(ucantoOpts, ucanto.WithPrincipalParser(cfg.principalParser))
+	}
+
 	ucantoOpts = append(ucantoOpts, ucanto.WithAuthorityProofs(cfg.authProofs...))
 
 	ucantoSrv, err := ucanto.NewServer(id, ucantoOpts...)
@@ -113,6 +124,28 @@ func (s *Server) ListenAndServe(addr string) error {
 		log.Warnf("Metrics endpoint is disabled")
 	}
 
+	// Wrap with CORS middleware
+	corsHandler := corsMiddleware(mux)
+
 	log.Infof("Listening on %s", addr)
-	return http.ListenAndServe(addr, mux)
+	return http.ListenAndServe(addr, corsHandler)
+}
+
+// corsMiddleware adds CORS headers to allow cross-origin requests
+func corsMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// Allow all origins
+		w.Header().Set("Access-Control-Allow-Origin", "*")
+		w.Header().Set("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
+		w.Header().Set("Access-Control-Allow-Headers", "*")
+		w.Header().Set("Access-Control-Max-Age", "86400") // 24 hours
+
+		// Handle preflight requests
+		if r.Method == "OPTIONS" {
+			w.WriteHeader(http.StatusOK)
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	})
 }