> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dfns.co/llms.txt
> Use this file to discover all available pages before exploring further.
# Create Delegated Registration Challenge
>
Only a [Service Account](https://docs.dfns.co/api-reference/auth/service-accounts) can use this endpoint.
If you want to use your own authentication system, while still using `Delegated Signing`, you can use this endpoint to register a new End User in your organization, without your user needing to receive an email from Dfns.
This endpoint will:
1. Create a new User attached to your organization
2. Initiates a User Registration Challenge and returns the registration challenge.
On successful creation, the user's registration challenge will be returned. You will then need to call [Complete User Registration](https://docs.dfns.co/api-reference/auth/complete-user-registration) or [Complete End User Registration with Wallets](https://docs.dfns.co/api-reference/auth/complete-end-user-registration-with-wallets) to complete the user's registration.
## OpenAPI
````yaml /openapi.yaml post /auth/registration/delegated
openapi: 3.1.0
info:
version: 1.807.0
title: Dfns
servers:
- url: https://api.dfns.io
description: Default - Europe
- url: https://api.uae.dfns.io
description: UAE
- url: https://api.dfns.ninja
description: Staging
security: []
paths:
/auth/registration/delegated:
post:
tags:
- Auth
summary: Create Delegated Registration Challenge
description: >-
Only a [Service
Account](https://docs.dfns.co/api-reference/auth/service-accounts) can
use this endpoint.
If you want to use your own authentication system, while still using
`Delegated Signing`, you can use this endpoint to register a new End
User in your organization, without your user needing to receive an email
from Dfns.
This endpoint will:
1. Create a new User attached to your organization
2. Initiates a User Registration Challenge and returns the registration
challenge.
On successful creation, the user's registration challenge will be
returned. You will then need to call [Complete User
Registration](https://docs.dfns.co/api-reference/auth/complete-user-registration)
or [Complete End User Registration with
Wallets](https://docs.dfns.co/api-reference/auth/complete-end-user-registration-with-wallets)
to complete the user's registration.
requestBody:
content:
application/json:
schema:
type: object
properties:
email:
type: string
minLength: 1
kind:
type: string
enum:
- EndUser
externalId:
type: string
minLength: 1
required:
- email
- kind
additionalProperties: false
responses:
'200':
description: Success
content:
application/json:
schema:
type: object
properties:
user:
type: object
properties:
id:
type: string
displayName:
type: string
name:
type: string
required:
- id
- displayName
- name
temporaryAuthenticationToken:
type: string
challenge:
type: string
rp:
type: object
properties:
id:
type: string
name:
type: string
required:
- id
- name
supportedCredentialKinds:
type: object
properties:
firstFactor:
type: array
items:
type: string
enum:
- Fido2
- Key
- Password
- Totp
- RecoveryKey
- PasswordProtectedKey
secondFactor:
type: array
items:
type: string
enum:
- Fido2
- Key
- Password
- Totp
- RecoveryKey
- PasswordProtectedKey
required:
- firstFactor
- secondFactor
authenticatorSelection:
type: object
properties:
authenticatorAttachment:
type: string
enum:
- platform
- cross-platform
residentKey:
type: string
enum:
- required
- preferred
- discouraged
requireResidentKey:
type: boolean
userVerification:
type: string
enum:
- required
- preferred
- discouraged
description: >
Value indicating if the user should be prompted for a
second factor. Can be one of the following values:
* required to indicate the user must be prompted for
their pin, biometrics, or another second factor option
* preferred to indicate the user should be prompted
for a second factor if it is supported
* discouraged to indicate the user should not be
prompted for their second factor unless the device
requires it
required:
- residentKey
- requireResidentKey
- userVerification
attestation:
type: string
enum:
- none
- indirect
- direct
- enterprise
description: >
Identifies the information needed to verify the user's
signing certificate; can be one of the following:
* none: indicates no attestation data is required
* indirect: indicates the attestation data should be
given, but that it can be generated using an Anonymization
CA
* direct: indicates the attestation data must be given and
should be generated by the authenticator
* enterprise: indicates the attestation data should
include information to uniquely identify the user's device
pubKeyCredParams:
type: array
items:
type: object
properties:
type:
type: string
enum:
- public-key
alg:
type: number
required:
- type
- alg
excludeCredentials:
type: array
items:
type: object
properties:
type:
type: string
enum:
- public-key
description: Is always `public-key`.
id:
type: string
minLength: 1
maxLength: 64
pattern: ^cr-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$
description: ID that identifies the credential.
example: cr-6uunn-bm6ja-f6rmod5kqrk5rbel
required:
- type
- id
otpUrl:
type: string
required:
- user
- temporaryAuthenticationToken
- challenge
- supportedCredentialKinds
- authenticatorSelection
- attestation
- pubKeyCredParams
- excludeCredentials
- otpUrl
security:
- authenticationToken: []
userActionSignature: []
components:
securitySchemes:
authenticationToken:
type: http
scheme: bearer
bearerFormat: JWT
description: >-
**Bearer Token:** Used to authenticate API requests.
More details how to generate the token: [Authentication
flows](https://docs.dfns.co/api-reference/auth/login-flows)
userActionSignature:
type: apiKey
in: header
name: X-DFNS-USERACTION
description: >-
**User Action Signature:** Used to sign the change-inducing API
requests.
More details how to generate the token: [User Action Signing
flows](https://docs.dfns.co/api-reference/auth/signing-flows)
````