Skip to main content
POST
/
auth
/
credentials
Create Credential
curl --request POST \
  --url https://api.dfns.io/auth/credentials \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '
{
  "credentialKind": "Fido2",
  "credentialInfo": {
    "credId": "<string>",
    "clientData": "<string>",
    "attestationData": "<string>"
  },
  "credentialName": "<string>",
  "challengeIdentifier": "<string>"
}
'
{
  "kind": "Fido2",
  "credentialId": "<string>",
  "credentialUuid": "<string>",
  "dateCreated": "<string>",
  "isActive": true,
  "name": "<string>",
  "publicKey": "<string>",
  "relyingPartyId": "<string>",
  "origin": "<string>"
}

Authentication

✅ Organization User (CustomerEmployee)
✅ Delegated User (EndUser)
❌ Personal Access Token not allowed
❌ Service Account

Required Permissions

No permission required.

Authorizations

Authorization
string
header
required

Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows

X-DFNS-USERACTION
string
header
required

User Action Signature: Used to sign the change-inducing API requests. More details how to generate the token: User Action Signing flows

Body

application/json

Register a Fido2 Credential, also known as Passkeys or WebauthN credential.

credentialKind
enum<string>
required
Available options:
Fido2
credentialInfo
object
required
credentialName
string
required
Minimum string length: 1
challengeIdentifier
string
required
Minimum string length: 1

Response

200 - application/json

Success

kind
enum<string>
required
Available options:
Fido2,
Key,
Password,
Totp,
RecoveryKey,
PasswordProtectedKey
credentialId
string
required
credentialUuid
string
required
dateCreated
string
required
isActive
boolean
required
name
string
required
publicKey
string
required
relyingPartyId
string
required
origin
string
required
Last modified on February 26, 2026