Skip to main content
The validation gate is an optional feature for customers running MPC signers on their own infrastructure. When enabled, the signer sends an HTTP request to an endpoint you control before performing a signature or key export. If your handler returns 200 OK, the operation proceeds. Any other response rejects it. This gives you full control over which operations your signers are allowed to perform, based on your own business logic.

How it works

1

Signer receives a request

A signing or key export request reaches the signer through the normal Dfns flow.
2

Signer calls your validation gate handler

Before performing the operation, the signer sends an HTTP POST request with a JSON body to the URL you configured. The payload contains information about the operation (see Request payload below).
3

Your handler decides

Your handler inspects the payload and returns:
  • 200 OK to approve the operation
  • Any other status code to reject it
4

Signer acts on the response

If approved, the signer proceeds with the signing or key export. If rejected, the operation fails and the rejection is propagated back to the caller.

Request payload

Your handler receives a POST request with a JSON body.

signerInfo fields

The signerInfo object contains trusted information provided by the signer itself. These values are derived from the signer’s own state and are not user-supplied.
FieldTypeDescription
kind"Signing" or "KeyExport"The type of operation being performed.
key_idstringID of the key being used.
public_keystringHex-encoded public key associated with the key.
tx_hashstring (optional)Hex-encoded hash of the transaction to be signed. Present for signing requests, absent for key exports.
derivation_patharray of numbers (optional)HD derivation path, when the key uses hierarchical derivation.
child_public_keystring (optional)Hex-encoded child public key derived from the master key using the derivation_path. Present only when derivation_path is set.

Examples

Signing request with HD derivation: 
{
  "signerInfo": {
    "tx_hash": "a1b2c3d4e5f6...",
    "kind": "Signing",
    "key_id": "key-abc-123",
    "public_key": "04abcdef...",
    "derivation_path": [44, 60, 0, 0, 0],
    "child_public_key": "04fedcba..."
  }
}
Key export request: 
{
  "signerInfo": {
    "kind": "KeyExport",
    "key_id": "key-abc-123",
    "public_key": "04abcdef..."
  }
}

Response handling

Your handler must return 200 OK to approve the operation. The signer treats any other response as a rejection:
Your handler returnsSigner behavior
200 OKOperation approved. Signer proceeds.
400 Bad RequestRejected. Treated as an authentication error.
401 UnauthorizedRejected. Treated as an authentication error.
Any other non-200 statusRejected. Treated as permission denied.
Connection failureRejected. Treated as an internal error.
When your handler rejects a request, return a meaningful response body. The signer includes it in the error message propagated to the caller.

Setup

The validation gate is configured as part of the MPC signer deployment. For configuration options (CLI flags, environment variables) and security options (HMAC shared secret, mTLS), contact Dfns at https://support.dfns.co.
Last modified on April 9, 2026