1. Get an authentication token
Login and obtain an Authentication tokens (also referred to as token) to present when calling our API.| Header | Description |
|---|---|
Authorization: Bearer <token> | Authentication token (see Authentication flows) |
- as a User (human 👨)
- Follow the Login flow. You’ll get a authentication token at the end of this flow, which expires after a relatively short period of time.
- Create a Personal Access Token (PAT) ⚠️1, which is a long-lived authentication token for the User, and that you can use as an authentication token directly.
- as a Service Account (machine 🤖)
- Create a Service Account Token ⚠️1, which is a long-lived authentication token for the Service Account, and that you can use as an authentication token directly.
Authorization header for the next step of the registration (example).
2. Sign API requests (User Action Signing)
Sign a User Action Challenge using a cryptographic key that you own (referred to Credential Key or just Credentials). This is only required for actions which mutate state (non-readonly API calls). We call that process: “User Action Signing”.| Header | Description |
|---|---|
X-DFNS-USERACTION: <user-action-signature> | One time signature (see User Action Signing flows) |
- You tell Dfns “I want to perform this exact request”
- Dfns sends you back a challenge to be signed with your Credential.
- You sign the challenge with your Credentials, and send it to Dfns.
- Dfns gives you back a “user action signature”, which you’ll need include in the headers when you perform the actual request (
X-DFNS-USERACTIONheader)