> ## Documentation Index > Fetch the complete documentation index at: https://docs.dfns.co/llms.txt > Use this file to discover all available pages before exploring further. # Complete User Registration > Completes the user registration process and creates the user's initial credentials. The type of credentials being registered is determined by the `credentialKind` field in the nested objects (`firstFactorCredential` , `secondFactorCredential` and `RecoveryCredential`). Supported credential kinds are: * `Fido2`: User action is signed by a user's signing device using `WebAuthn`. * `Key`: User action is signed by a user's, or token's, private key. * `PasswordProtectedKey`: User action is signed by a user's, or token's, private key. The encrypted version of the private key is stored by Dfns and returns during the signing flow for the user to decrypt it. * `RecoveryKey` : Similar to `PasswordProtectedKey`, but this credential can only be used to recover an account not to sign an action or login. Once this credential is used all the other user's credentials are invalidated. ## OpenAPI ````yaml /openapi.yaml post /auth/registration openapi: 3.1.0 info: version: 1.807.0 title: Dfns servers: - url: https://api.dfns.io description: Default - Europe - url: https://api.uae.dfns.io description: UAE - url: https://api.dfns.ninja description: Staging security: [] paths: /auth/registration: post: tags: - Auth summary: Complete User Registration description: > Completes the user registration process and creates the user's initial credentials. The type of credentials being registered is determined by the `credentialKind` field in the nested objects (`firstFactorCredential` , `secondFactorCredential` and `RecoveryCredential`). Supported credential kinds are: * `Fido2`: User action is signed by a user's signing device using `WebAuthn`. * `Key`: User action is signed by a user's, or token's, private key. * `PasswordProtectedKey`: User action is signed by a user's, or token's, private key. The encrypted version of the private key is stored by Dfns and returns during the signing flow for the user to decrypt it. * `RecoveryKey` : Similar to `PasswordProtectedKey`, but this credential can only be used to recover an account not to sign an action or login. Once this credential is used all the other user's credentials are invalidated. requestBody: content: application/json: schema: type: object properties: firstFactorCredential: $ref: '#/components/schemas/FirstFactorAttestation' secondFactorCredential: $ref: '#/components/schemas/SecondFactorAttestation' recoveryCredential: allOf: - $ref: '#/components/schemas/RecoveryKeyAttestation' - properties: credentialKind: type: string enum: - RecoveryKey credentialInfo: type: object properties: credId: type: string minLength: 1 clientData: type: string minLength: 1 attestationData: type: string minLength: 1 required: - credId - clientData - attestationData additionalProperties: false encryptedPrivateKey: type: string minLength: 1 credentialName: type: string minLength: 1 required: - credentialKind - credentialInfo required: - firstFactorCredential additionalProperties: false responses: '200': description: Success content: application/json: schema: type: object properties: credential: type: object properties: uuid: type: string kind: type: string enum: - Fido2 - Key - Password - Totp - RecoveryKey - PasswordProtectedKey name: type: string required: - uuid - kind - name user: type: object properties: id: type: string username: type: string orgId: type: string required: - id - username - orgId required: - credential - user security: - authenticationToken: [] components: schemas: FirstFactorAttestation: oneOf: - allOf: - $ref: '#/components/schemas/Fido2Attestation' - properties: credentialKind: type: string enum: - Fido2 credentialInfo: type: object properties: credId: type: string minLength: 1 clientData: type: string minLength: 1 attestationData: type: string minLength: 1 required: - credId - clientData - attestationData additionalProperties: false credentialName: type: string minLength: 1 required: - credentialKind - credentialInfo - allOf: - $ref: '#/components/schemas/KeyAttestation' - properties: credentialKind: type: string enum: - Key credentialInfo: type: object properties: credId: type: string minLength: 1 clientData: type: string minLength: 1 attestationData: type: string minLength: 1 required: - credId - clientData - attestationData additionalProperties: false credentialName: type: string minLength: 1 required: - credentialKind - credentialInfo - allOf: - $ref: '#/components/schemas/PasswordAttestation' - properties: credentialKind: type: string enum: - Password credentialInfo: type: object properties: password: type: string minLength: 1 required: - password additionalProperties: false credentialName: type: string minLength: 1 required: - credentialKind - credentialInfo - allOf: - $ref: '#/components/schemas/PasswordProtectedKeyAttestation' - properties: credentialKind: type: string enum: - PasswordProtectedKey credentialInfo: type: object properties: credId: type: string minLength: 1 clientData: type: string minLength: 1 attestationData: type: string minLength: 1 required: - credId - clientData - attestationData additionalProperties: false encryptedPrivateKey: type: string minLength: 1 credentialName: type: string minLength: 1 required: - credentialKind - credentialInfo - encryptedPrivateKey discriminator: propertyName: credentialKind mapping: Fido2: $ref: '#/components/schemas/Fido2Attestation' Key: $ref: '#/components/schemas/KeyAttestation' Password: $ref: '#/components/schemas/PasswordAttestation' PasswordProtectedKey: $ref: '#/components/schemas/PasswordProtectedKeyAttestation' SecondFactorAttestation: oneOf: - allOf: - $ref: '#/components/schemas/Fido2Attestation' - properties: credentialKind: type: string enum: - Fido2 credentialInfo: type: object properties: credId: type: string minLength: 1 clientData: type: string minLength: 1 attestationData: type: string minLength: 1 required: - credId - clientData - attestationData additionalProperties: false credentialName: type: string minLength: 1 required: - credentialKind - credentialInfo - allOf: - $ref: '#/components/schemas/KeyAttestation' - properties: credentialKind: type: string enum: - Key credentialInfo: type: object properties: credId: type: string minLength: 1 clientData: type: string minLength: 1 attestationData: type: string minLength: 1 required: - credId - clientData - attestationData additionalProperties: false credentialName: type: string minLength: 1 required: - credentialKind - credentialInfo - allOf: - $ref: '#/components/schemas/TotpAttestation' - properties: credentialKind: type: string enum: - Totp credentialInfo: type: object properties: otpCode: type: string minLength: 1 required: - otpCode additionalProperties: false credentialName: type: string minLength: 1 required: - credentialKind - credentialInfo - allOf: - $ref: '#/components/schemas/PasswordProtectedKeyAttestation' - properties: credentialKind: type: string enum: - PasswordProtectedKey credentialInfo: type: object properties: credId: type: string minLength: 1 clientData: type: string minLength: 1 attestationData: type: string minLength: 1 required: - credId - clientData - attestationData additionalProperties: false encryptedPrivateKey: type: string minLength: 1 credentialName: type: string minLength: 1 required: - credentialKind - credentialInfo - encryptedPrivateKey discriminator: propertyName: credentialKind mapping: Fido2: $ref: '#/components/schemas/Fido2Attestation' Key: $ref: '#/components/schemas/KeyAttestation' Totp: $ref: '#/components/schemas/TotpAttestation' PasswordProtectedKey: $ref: '#/components/schemas/PasswordProtectedKeyAttestation' RecoveryKeyAttestation: type: object properties: credentialKind: type: string enum: - RecoveryKey credentialInfo: type: object properties: credId: type: string minLength: 1 clientData: type: string minLength: 1 attestationData: type: string minLength: 1 required: - credId - clientData - attestationData additionalProperties: false encryptedPrivateKey: type: string minLength: 1 credentialName: type: string minLength: 1 challengeIdentifier: type: string minLength: 1 required: - credentialKind - credentialInfo - credentialName - challengeIdentifier additionalProperties: false description: >- Register a recovery key. See [Account Recovery](https://docs.dfns.co/api-reference/auth/account-recovery) for more details. title: Recovery Key Fido2Attestation: type: object properties: credentialKind: type: string enum: - Fido2 credentialInfo: type: object properties: credId: type: string minLength: 1 clientData: type: string minLength: 1 attestationData: type: string minLength: 1 required: - credId - clientData - attestationData additionalProperties: false credentialName: type: string minLength: 1 challengeIdentifier: type: string minLength: 1 required: - credentialKind - credentialInfo - credentialName - challengeIdentifier additionalProperties: false description: >- Register a Fido2 Credential, also known as Passkeys or WebauthN credential. title: Fido2/Passkeys KeyAttestation: type: object properties: credentialKind: type: string enum: - Key credentialInfo: type: object properties: credId: type: string minLength: 1 clientData: type: string minLength: 1 attestationData: type: string minLength: 1 required: - credId - clientData - attestationData additionalProperties: false credentialName: type: string minLength: 1 challengeIdentifier: type: string minLength: 1 required: - credentialKind - credentialInfo - credentialName - challengeIdentifier additionalProperties: false description: >- Register a "raw" public/private keypair, mostly meant to be used by Service Accounts. See [Generate a Key Pair](https://docs.dfns.co/developers/guides/generate-a-key-pair) for more details. title: Public/Private key pair PasswordAttestation: type: object properties: credentialKind: type: string enum: - Password credentialInfo: type: object properties: password: type: string minLength: 1 required: - password additionalProperties: false credentialName: type: string minLength: 1 challengeIdentifier: type: string minLength: 1 required: - credentialKind - credentialInfo - credentialName - challengeIdentifier additionalProperties: false description: Not supported, will be removed in a future release. title: Password PasswordProtectedKeyAttestation: type: object properties: credentialKind: type: string enum: - PasswordProtectedKey credentialInfo: type: object properties: credId: type: string minLength: 1 clientData: type: string minLength: 1 attestationData: type: string minLength: 1 required: - credId - clientData - attestationData additionalProperties: false encryptedPrivateKey: type: string minLength: 1 credentialName: type: string minLength: 1 challengeIdentifier: type: string minLength: 1 required: - credentialKind - credentialInfo - encryptedPrivateKey - credentialName - challengeIdentifier additionalProperties: false description: >- Register an encrypted private key. Note that Dfns only stores the encrypted private key and should not have access to the password to decrypt it! title: Password-protected Key TotpAttestation: type: object properties: credentialKind: type: string enum: - Totp credentialInfo: type: object properties: otpCode: type: string minLength: 1 required: - otpCode additionalProperties: false credentialName: type: string minLength: 1 challengeIdentifier: type: string minLength: 1 required: - credentialKind - credentialInfo - credentialName - challengeIdentifier additionalProperties: false description: Not supported, will be removed in a future release. title: TOTP securitySchemes: authenticationToken: type: http scheme: bearer bearerFormat: JWT description: >- **Bearer Token:** Used to authenticate API requests. More details how to generate the token: [Authentication flows](https://docs.dfns.co/api-reference/auth/login-flows) ````