> ## Documentation Index > Fetch the complete documentation index at: https://docs.dfns.co/llms.txt > Use this file to discover all available pages before exploring further. # Create Credential Challenge With Code > Part of the flow [Create Credential With Code](https://docs.dfns.co/api-reference/auth/credentials#create-credential-with-code-flow). Creates a credential challenge using a one time code-time-code. This challenge must then be signed by the new credential, before finalizing the flow. ## OpenAPI ````yaml /openapi.yaml post /auth/credentials/code/init openapi: 3.1.0 info: version: 1.807.0 title: Dfns servers: - url: https://api.dfns.io description: Default - Europe - url: https://api.uae.dfns.io description: UAE - url: https://api.dfns.ninja description: Staging security: [] paths: /auth/credentials/code/init: post: tags: - Auth summary: Create Credential Challenge With Code description: > Part of the flow [Create Credential With Code](https://docs.dfns.co/api-reference/auth/credentials#create-credential-with-code-flow). Creates a credential challenge using a one time code-time-code. This challenge must then be signed by the new credential, before finalizing the flow. requestBody: content: application/json: schema: type: object properties: credentialKind: type: string enum: - Fido2 - Key - Password - Totp - RecoveryKey - PasswordProtectedKey code: type: string minLength: 1 required: - credentialKind - code additionalProperties: false responses: '200': description: Success content: application/json: schema: oneOf: - type: object properties: kind: type: string enum: - Fido2 user: type: object properties: id: type: string displayName: type: string name: type: string required: - id - displayName - name challengeIdentifier: type: string challenge: type: string rp: type: object properties: id: type: string name: type: string required: - id - name authenticatorSelection: type: object properties: authenticatorAttachment: type: string enum: - platform - cross-platform residentKey: type: string enum: - required - preferred - discouraged requireResidentKey: type: boolean userVerification: type: string enum: - required - preferred - discouraged description: > Value indicating if the user should be prompted for a second factor. Can be one of the following values: * required to indicate the user must be prompted for their pin, biometrics, or another second factor option * preferred to indicate the user should be prompted for a second factor if it is supported * discouraged to indicate the user should not be prompted for their second factor unless the device requires it required: - residentKey - requireResidentKey - userVerification attestation: type: string enum: - none - indirect - direct - enterprise description: > Identifies the information needed to verify the user's signing certificate; can be one of the following: * none: indicates no attestation data is required * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA * direct: indicates the attestation data must be given and should be generated by the authenticator * enterprise: indicates the attestation data should include information to uniquely identify the user's device pubKeyCredParams: type: array items: type: object properties: type: type: string enum: - public-key alg: type: number required: - type - alg excludeCredentials: type: array items: type: object properties: type: type: string enum: - public-key description: Is always `public-key`. id: type: string minLength: 1 maxLength: 64 pattern: ^cr-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$ description: ID that identifies the credential. example: cr-6uunn-bm6ja-f6rmod5kqrk5rbel required: - type - id temporaryAuthenticationToken: type: string description: '@deprecated use challengeIdentifier instead' required: - kind - user - challengeIdentifier - challenge - authenticatorSelection - attestation - pubKeyCredParams - excludeCredentials - temporaryAuthenticationToken description: >- Fido2 Credential, also known as Passkeys or WebauthN credential. title: Fido2/Passkeys - type: object properties: kind: type: string enum: - Key user: type: object properties: id: type: string displayName: type: string name: type: string required: - id - displayName - name challengeIdentifier: type: string challenge: type: string rp: type: object properties: id: type: string name: type: string required: - id - name attestation: type: string enum: - none - indirect - direct - enterprise description: > Identifies the information needed to verify the user's signing certificate; can be one of the following: * none: indicates no attestation data is required * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA * direct: indicates the attestation data must be given and should be generated by the authenticator * enterprise: indicates the attestation data should include information to uniquely identify the user's device pubKeyCredParams: type: array items: type: object properties: type: type: string enum: - public-key alg: type: number required: - type - alg temporaryAuthenticationToken: type: string description: '@deprecated use challengeIdentifier instead' required: - kind - user - challengeIdentifier - challenge - attestation - pubKeyCredParams - temporaryAuthenticationToken description: '"raw" public/private keypair.' title: Public/Private key pair - type: object properties: kind: type: string enum: - PasswordProtectedKey user: type: object properties: id: type: string displayName: type: string name: type: string required: - id - displayName - name challengeIdentifier: type: string challenge: type: string rp: type: object properties: id: type: string name: type: string required: - id - name attestation: type: string enum: - none - indirect - direct - enterprise description: > Identifies the information needed to verify the user's signing certificate; can be one of the following: * none: indicates no attestation data is required * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA * direct: indicates the attestation data must be given and should be generated by the authenticator * enterprise: indicates the attestation data should include information to uniquely identify the user's device pubKeyCredParams: type: array items: type: object properties: type: type: string enum: - public-key alg: type: number required: - type - alg temporaryAuthenticationToken: type: string description: '@deprecated use challengeIdentifier instead' required: - kind - user - challengeIdentifier - challenge - attestation - pubKeyCredParams - temporaryAuthenticationToken description: 'Encrypted private key. ' title: Password-protected Key - type: object properties: kind: type: string enum: - RecoveryKey user: type: object properties: id: type: string displayName: type: string name: type: string required: - id - displayName - name challengeIdentifier: type: string challenge: type: string rp: type: object properties: id: type: string name: type: string required: - id - name attestation: type: string enum: - none - indirect - direct - enterprise description: > Identifies the information needed to verify the user's signing certificate; can be one of the following: * none: indicates no attestation data is required * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA * direct: indicates the attestation data must be given and should be generated by the authenticator * enterprise: indicates the attestation data should include information to uniquely identify the user's device pubKeyCredParams: type: array items: type: object properties: type: type: string enum: - public-key alg: type: number required: - type - alg temporaryAuthenticationToken: type: string description: '@deprecated use challengeIdentifier instead' required: - kind - user - challengeIdentifier - challenge - attestation - pubKeyCredParams - temporaryAuthenticationToken description: 'Use an recovery key. ' title: Recovery Credentials - type: object properties: kind: type: string enum: - Password user: type: object properties: id: type: string displayName: type: string name: type: string required: - id - displayName - name challengeIdentifier: type: string rp: type: object properties: id: type: string name: type: string required: - id - name temporaryAuthenticationToken: type: string description: '@deprecated use challengeIdentifier instead' required: - kind - user - challengeIdentifier - temporaryAuthenticationToken description: Not supported, will be removed in a future release. title: Password - type: object properties: kind: type: string enum: - Totp user: type: object properties: id: type: string displayName: type: string name: type: string required: - id - displayName - name challengeIdentifier: type: string rp: type: object properties: id: type: string name: type: string required: - id - name otpUrl: type: string temporaryAuthenticationToken: type: string description: '@deprecated use challengeIdentifier instead' required: - kind - user - challengeIdentifier - otpUrl - temporaryAuthenticationToken description: Not supported, will be removed in a future release. title: TOTP security: - {} ````