Create Registration Challenge

curl --request POST \
  --url https://api.dfns.io/auth/registration/init \
  --header 'Content-Type: application/json' \
  --data '
{
  "orgId": "<string>",
  "username": "<string>",
  "registrationCode": "<string>"
}
'

{
  "user": {
    "id": "<string>",
    "displayName": "<string>",
    "name": "<string>"
  },
  "temporaryAuthenticationToken": "<string>",
  "challenge": "<string>",
  "supportedCredentialKinds": {
    "firstFactor": [
      "Fido2"
    ],
    "secondFactor": [
      "Fido2"
    ]
  },
  "authenticatorSelection": {
    "residentKey": "required",
    "requireResidentKey": true,
    "userVerification": "required",
    "authenticatorAttachment": "platform"
  },
  "attestation": "none",
  "pubKeyCredParams": [
    {
      "type": "public-key",
      "alg": 123
    }
  ],
  "excludeCredentials": [
    {
      "type": "public-key",
      "id": "cr-6uunn-bm6ja-f6rmod5kqrk5rbel"
    }
  ],
  "otpUrl": "<string>",
  "rp": {
    "id": "<string>",
    "name": "<string>"
  }
}

POST

auth

registration

init

Create Registration Challenge

curl --request POST \
  --url https://api.dfns.io/auth/registration/init \
  --header 'Content-Type: application/json' \
  --data '
{
  "orgId": "<string>",
  "username": "<string>",
  "registrationCode": "<string>"
}
'

{
  "user": {
    "id": "<string>",
    "displayName": "<string>",
    "name": "<string>"
  },
  "temporaryAuthenticationToken": "<string>",
  "challenge": "<string>",
  "supportedCredentialKinds": {
    "firstFactor": [
      "Fido2"
    ],
    "secondFactor": [
      "Fido2"
    ]
  },
  "authenticatorSelection": {
    "residentKey": "required",
    "requireResidentKey": true,
    "userVerification": "required",
    "authenticatorAttachment": "platform"
  },
  "attestation": "none",
  "pubKeyCredParams": [
    {
      "type": "public-key",
      "alg": 123
    }
  ],
  "excludeCredentials": [
    {
      "type": "public-key",
      "id": "cr-6uunn-bm6ja-f6rmod5kqrk5rbel"
    }
  ],
  "otpUrl": "<string>",
  "rp": {
    "id": "<string>",
    "name": "<string>"
  }
}

Authentication

No authentication required.

Required Permissions

No authentication required.

Body

application/json

orgId

string

required

Minimum string length: 1

username

string

required

Minimum string length: 1

registrationCode

string

required

Minimum string length: 1

Response

200 - application/json

Success

user

object

required

Show child attributes

temporaryAuthenticationToken

string

required

challenge

string

required

supportedCredentialKinds

object

required

Show child attributes

authenticatorSelection

object

required

Show child attributes

attestation

enum<string>

required

Identifies the information needed to verify the user's signing certificate; can be one of the following:

none: indicates no attestation data is required
indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
direct: indicates the attestation data must be given and should be generated by the authenticator
enterprise: indicates the attestation data should include information to uniquely identify the user's device

Available options:

none,

indirect,

direct,

enterprise

pubKeyCredParams

object[]

required

Show child attributes

excludeCredentials

object[]

required

Show child attributes

otpUrl

string

required

object

Show child attributes

Last modified on February 26, 2026

Registration flows

Create Delegated Registration Challenge

⌘I

API Authorization

Identity & Access Management

Wallets & Transactions

Management

Webhooks

Create Registration Challenge

Authentication

Required Permissions

Body

Response

API Authorization

Identity & Access Management

Wallets & Transactions

Management

Webhooks

​Authentication

​Required Permissions

Body

Response

Authentication

Required Permissions