API Authorization
Identity & Access Management
Wallets & Transactions
Management
Webhooks
Create Credential Challenge
Copy
Ask AI
curl --request POST \
--url https://api.dfns.io/auth/credentials/init \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"kind": "Fido2"
}
'Copy
Ask AI
{
"kind": "Fido2",
"user": {
"id": "<string>",
"displayName": "<string>",
"name": "<string>"
},
"challengeIdentifier": "<string>",
"challenge": "<string>",
"authenticatorSelection": {
"residentKey": "required",
"requireResidentKey": true,
"userVerification": "required",
"authenticatorAttachment": "platform"
},
"attestation": "none",
"pubKeyCredParams": [
{
"type": "public-key",
"alg": 123
}
],
"excludeCredentials": [
{
"type": "public-key",
"id": "cr-6uunn-bm6ja-f6rmod5kqrk5rbel"
}
],
"temporaryAuthenticationToken": "<string>",
"rp": {
"id": "<string>",
"name": "<string>"
}
}Create Credential Challenge
Part of the flow Create Credential Regular flow.
Starts a create user credential session, returning a challenge that will be used to verify the user’s identity.
POST
/
auth
/
credentials
/
init
Create Credential Challenge
Copy
Ask AI
curl --request POST \
--url https://api.dfns.io/auth/credentials/init \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"kind": "Fido2"
}
'Copy
Ask AI
{
"kind": "Fido2",
"user": {
"id": "<string>",
"displayName": "<string>",
"name": "<string>"
},
"challengeIdentifier": "<string>",
"challenge": "<string>",
"authenticatorSelection": {
"residentKey": "required",
"requireResidentKey": true,
"userVerification": "required",
"authenticatorAttachment": "platform"
},
"attestation": "none",
"pubKeyCredParams": [
{
"type": "public-key",
"alg": 123
}
],
"excludeCredentials": [
{
"type": "public-key",
"id": "cr-6uunn-bm6ja-f6rmod5kqrk5rbel"
}
],
"temporaryAuthenticationToken": "<string>",
"rp": {
"id": "<string>",
"name": "<string>"
}
}Authentication
✅ Organization User (CustomerEmployee)✅ Delegated User (
EndUser)❌ Personal Access Token not allowed
❌ Service Account
Required Permissions
No permission required.Authorizations
Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows
Body
application/json
The kind of credential.
Available options:
Fido2, Key, RecoveryKey, PasswordProtectedKey Response
200 - application/json
Success
- Fido2/Passkeys
- Public/Private key pair
- Password-protected Key
- Recovery Credentials
- <Deprecated> Password
- <Deprecated> TOTP
Fido2 Credential, also known as Passkeys or WebauthN credential.
Available options:
Fido2 Show child attributes
Show child attributes
Show child attributes
Show child attributes
Identifies the information needed to verify the user's signing certificate; can be one of the following:
- none: indicates no attestation data is required
- indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
- direct: indicates the attestation data must be given and should be generated by the authenticator
- enterprise: indicates the attestation data should include information to uniquely identify the user's device
Available options:
none, indirect, direct, enterprise Show child attributes
Show child attributes
Show child attributes
Show child attributes
@deprecated use challengeIdentifier instead
Show child attributes
Show child attributes
Last modified on February 26, 2026
Was this page helpful?
⌘I
Assistant
Responses are generated using AI and may contain mistakes.