> ## Documentation Index > Fetch the complete documentation index at: https://docs.dfns.co/llms.txt > Use this file to discover all available pages before exploring further. # Create Registration Challenge > Starts a user registration session. It returns a challenge that will need to be signed by a passkey and used to perform the step [Complete User Registration](/api-reference/auth/register) ## OpenAPI ````yaml /openapi.yaml post /auth/registration/init openapi: 3.1.0 info: version: 1.807.0 title: Dfns servers: - url: https://api.dfns.io description: Default - Europe - url: https://api.uae.dfns.io description: UAE - url: https://api.dfns.ninja description: Staging security: [] paths: /auth/registration/init: post: tags: - Auth summary: Create Registration Challenge description: >- Starts a user registration session. It returns a challenge that will need to be signed by a passkey and used to perform the step [Complete User Registration](/api-reference/auth/register) requestBody: content: application/json: schema: type: object properties: orgId: type: string minLength: 1 username: type: string minLength: 1 registrationCode: type: string minLength: 1 required: - orgId - username - registrationCode additionalProperties: false responses: '200': description: Success content: application/json: schema: type: object properties: user: type: object properties: id: type: string displayName: type: string name: type: string required: - id - displayName - name temporaryAuthenticationToken: type: string challenge: type: string rp: type: object properties: id: type: string name: type: string required: - id - name supportedCredentialKinds: type: object properties: firstFactor: type: array items: type: string enum: - Fido2 - Key - Password - Totp - RecoveryKey - PasswordProtectedKey secondFactor: type: array items: type: string enum: - Fido2 - Key - Password - Totp - RecoveryKey - PasswordProtectedKey required: - firstFactor - secondFactor authenticatorSelection: type: object properties: authenticatorAttachment: type: string enum: - platform - cross-platform residentKey: type: string enum: - required - preferred - discouraged requireResidentKey: type: boolean userVerification: type: string enum: - required - preferred - discouraged description: > Value indicating if the user should be prompted for a second factor. Can be one of the following values: * required to indicate the user must be prompted for their pin, biometrics, or another second factor option * preferred to indicate the user should be prompted for a second factor if it is supported * discouraged to indicate the user should not be prompted for their second factor unless the device requires it required: - residentKey - requireResidentKey - userVerification attestation: type: string enum: - none - indirect - direct - enterprise description: > Identifies the information needed to verify the user's signing certificate; can be one of the following: * none: indicates no attestation data is required * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA * direct: indicates the attestation data must be given and should be generated by the authenticator * enterprise: indicates the attestation data should include information to uniquely identify the user's device pubKeyCredParams: type: array items: type: object properties: type: type: string enum: - public-key alg: type: number required: - type - alg excludeCredentials: type: array items: type: object properties: type: type: string enum: - public-key description: Is always `public-key`. id: type: string minLength: 1 maxLength: 64 pattern: ^cr-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$ description: ID that identifies the credential. example: cr-6uunn-bm6ja-f6rmod5kqrk5rbel required: - type - id otpUrl: type: string required: - user - temporaryAuthenticationToken - challenge - supportedCredentialKinds - authenticatorSelection - attestation - pubKeyCredParams - excludeCredentials - otpUrl security: - {} ````