Skip to main content
POST
/
auth
/
credentials
/
init
Create Credential Challenge
curl --request POST \
  --url https://api.dfns.io/auth/credentials/init \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "kind": "Fido2"
}'
{
  "kind": "Fido2",
  "user": {
    "id": "<string>",
    "displayName": "<string>",
    "name": "<string>"
  },
  "challengeIdentifier": "<string>",
  "challenge": "<string>",
  "rp": {
    "id": "<string>",
    "name": "<string>"
  },
  "authenticatorSelection": {
    "authenticatorAttachment": "platform",
    "residentKey": "required",
    "requireResidentKey": true,
    "userVerification": "required"
  },
  "attestation": "none",
  "pubKeyCredParams": [
    {
      "type": "public-key",
      "alg": 123
    }
  ],
  "excludeCredentials": [
    {
      "type": "public-key",
      "id": "cr-6uunn-bm6ja-f6rmod5kqrk5rbel"
    }
  ],
  "temporaryAuthenticationToken": "<string>"
}

Authentication

✅ Organization User (CustomerEmployee)
✅ Delegated User (EndUser)
❌ Personal Access Token not allowed
❌ Service Account

Required Permissions

No permission required.

Authorizations

Authorization
string
header
required

Body

application/json
kind
enum<string>
required
Available options:
Fido2,
Key,
RecoveryKey,
PasswordProtectedKey

Response

200 - application/json
  • Fido2/Passkeys
  • Public/Private key pair
  • Password-protected Key
  • Recovery Credentials
  • <Deprecated> Password
  • <Deprecated> TOTP
kind
enum<string>
required
Available options:
Fido2
user
object
required
challengeIdentifier
string
required
challenge
string
required
authenticatorSelection
object
required
attestation
enum<string>
required
Available options:
none,
indirect,
direct,
enterprise
pubKeyCredParams
object[]
required
excludeCredentials
object[]
required
temporaryAuthenticationToken
string
required
rp
object