Skip to main content
POST
/
auth
/
credentials
Create Credential
curl --request POST \
  --url https://api.dfns.io/auth/credentials \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '
{
  "credentialInfo": {
    "credId": "<string>",
    "clientData": "<string>",
    "attestationData": "<string>"
  },
  "credentialName": "<string>",
  "challengeIdentifier": "<string>"
}
'
{
  "credentialId": "<string>",
  "credentialUuid": "<string>",
  "dateCreated": "2023-04-14T20:41:28.715Z",
  "isActive": true,
  "name": "<string>",
  "publicKey": "<string>",
  "relyingPartyId": "<string>",
  "origin": "<string>"
}

Authentication

✅ Organization User (CustomerEmployee)
✅ Delegated User (EndUser)
❌ Personal Access Token not allowed
❌ Service Account

Required Permissions

No permission required.

Authorizations

Authorization
string
header
required

Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows

X-DFNS-USERACTION
string
header
required

User Action Signature: Used to sign the change-inducing API requests. More details how to generate the token: User Action Signing flows

Body

application/json

Register a Fido2 Credential, also known as Passkeys or WebauthN credential.

credentialKind
enum<string>
required
Available options:
Fido2
credentialInfo
object
required
credentialName
string
required

Human-readable name of the credential.

Minimum string length: 1
challengeIdentifier
string
required

Challenge identifier returned by the create credential challenge endpoint.

Minimum string length: 1

Response

200 - application/json

Success

kind
enum<string>
required
Available options:
Fido2,
Key,
Password,
Totp,
RecoveryKey,
PasswordProtectedKey
credentialId
string
required

Credential ID from the WebAuthn authenticator (base64url).

credentialUuid
string
required

Dfns-internal UUID of the credential.

dateCreated
string<date-time>
required

ISO 8601 date (must be UTC). Date the credential was created.

Example:

"2023-04-14T20:41:28.715Z"

isActive
boolean
required

Whether the credential is active.

name
string
required

Human-readable name of the credential.

publicKey
string
required

Public key of the credential.

relyingPartyId
string
required

Relying party identifier associated with the credential.

origin
string
required

Origin where the credential was created.

Last modified on June 5, 2026