Create User

curl --request POST \
  --url https://api.dfns.io/auth/users \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '{
  "email": "[email protected]",
  "kind": "CustomerEmployee",
  "publicKey": "<string>",
  "externalId": "<string>",
  "isSSORequired": false
}'

{
  "username": "<string>",
  "name": "<string>",
  "userId": "us-6b58p-r53sr-rlrd3l5cj3uc4ome",
  "kind": "CustomerEmployee",
  "credentialUuid": "<string>",
  "orgId": "<string>",
  "permissions": [
    "<string>"
  ],
  "isActive": true,
  "isServiceAccount": true,
  "isRegistered": true,
  "isSSORequired": true,
  "permissionAssignments": [
    {
      "permissionName": "<string>",
      "permissionId": "<string>",
      "assignmentId": "<string>",
      "operations": [
        "<string>"
      ]
    }
  ]
}

Create User

Invite a new user in the caller’s org. This will create the user and send a registration email to the created User’s email, with a registration code, and pointing him to complete his registration on Dfns Dashboard. The user is created without any permissions.

If you want the created User to not know about about Dfns, and don’t want him to receive the registration email from Dfns, you should rather use the Delegated Registration endpoint.

POST

auth

users

Create User

curl --request POST \
  --url https://api.dfns.io/auth/users \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '{
  "email": "[email protected]",
  "kind": "CustomerEmployee",
  "publicKey": "<string>",
  "externalId": "<string>",
  "isSSORequired": false
}'

{
  "username": "<string>",
  "name": "<string>",
  "userId": "us-6b58p-r53sr-rlrd3l5cj3uc4ome",
  "kind": "CustomerEmployee",
  "credentialUuid": "<string>",
  "orgId": "<string>",
  "permissions": [
    "<string>"
  ],
  "isActive": true,
  "isServiceAccount": true,
  "isRegistered": true,
  "isSSORequired": true,
  "permissionAssignments": [
    {
      "permissionName": "<string>",
      "permissionId": "<string>",
      "assignmentId": "<string>",
      "operations": [
        "<string>"
      ]
    }
  ]
}

Authentication

✅ Organization User (CustomerEmployee)
❌ Delegated User (EndUser)
❌ Personal Access Token not allowed
✅ Service Account

Required Permissions

Auth:Users:Create: Always required.

Authorizations

Authorization

string

header

required

X-DFNS-USERACTION

string

header

required

Body

application/json

string<email>

required

kind

enum<string>

required

Available options:

CustomerEmployee

publicKey

string

externalId

string

isSSORequired

boolean

default:false

Response

200 - application/json

username

string

required

name

string

required

userId

string

required

Required string length: 1 - 64

Example:

kind

enum<string>

required

Available options:

CustomerEmployee,

EndUser

credentialUuid

string

required

orgId

string

required

isActive

boolean

required

isServiceAccount

boolean

required

isRegistered

boolean

required

isSSORequired

boolean

required

permissionAssignments

object[]

required

Show child attributes

permissions

string[]

List Users

Get User

⌘I

API Authorization

Identity & Access Management

Wallets & Transactions

Management

Webhooks

Create User

Authentication

Required Permissions

Authorizations

Body

Response

API Authorization

Identity & Access Management

Wallets & Transactions

Management

Webhooks

​Authentication

​Required Permissions

Authorizations

Body

Response

Authentication

Required Permissions