API Authorization
Identity & Access Management
Wallets & Transactions
Management
Webhooks
curl --request POST \
--url https://api.dfns.io/auth/action \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"challengeIdentifier": "eyJ0e...fQNA",
"firstFactor": {
"kind": "Fido2",
"credentialAssertion": {
"credId": "c1QEdgnPLJargwzy3cbYKny4Q18u0hr97unXsF3DiE8",
"clientData": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiTVdNME1tWTVZVFEwTURSaU56ZGhOVEZoTnpZNU9EUXdOV0k1WlRRNFkyUmhPRFppTkRrM1pUWXpPVEU1T0dZeU1EY3haakJqWXprNE1tUTVZelkxTUEiLCJvcmlnaW4iOiJodHRwczovL2FwcC5kZm5zLm5pbmphIiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ",
"authenticatorData": "WT-zFZUBbJHfBkmhzTlPf49LTn7asLeTQKhm_riCvFgFAAAAAA",
"signature": "MEUCIQDJ8G9J1NTjdoKx0yloYw45bpn6fJhcqCoUGiZuOU1IAQIgAtPt7S8FHFYW9OMHh3S5FVAxk-lhli-2lX22bBNSDog",
"userHandle": "dXMtMmJhMGgtbHZwMnEtOHYxODYwcGNqMWJoNWlyaQ"
}
}
}
'
{
"userAction": "eyJ0eX...bzrQakA"
}Create User Action Signature
Completes the user action signing process and provides a signing token that can be used to verify the user intended to perform the action.
This is the first step of the User Action Signing flow.
The type of credentials used to sign the action is determined by the kind field in the nested objects (firstFactor and secondFactor). Supported credential kinds are:
Fido2: User action is signed by a user’s signing device usingWebAuthn.Key: User action is signed by a user’s, or token’s, private key.PasswordProtectedKey: Login challenge is signed by the decrypted user’s private key that was sent during Create User Action Signature Challenge step.
POST
/
auth
/
action
curl --request POST \
--url https://api.dfns.io/auth/action \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"challengeIdentifier": "eyJ0e...fQNA",
"firstFactor": {
"kind": "Fido2",
"credentialAssertion": {
"credId": "c1QEdgnPLJargwzy3cbYKny4Q18u0hr97unXsF3DiE8",
"clientData": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiTVdNME1tWTVZVFEwTURSaU56ZGhOVEZoTnpZNU9EUXdOV0k1WlRRNFkyUmhPRFppTkRrM1pUWXpPVEU1T0dZeU1EY3haakJqWXprNE1tUTVZelkxTUEiLCJvcmlnaW4iOiJodHRwczovL2FwcC5kZm5zLm5pbmphIiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ",
"authenticatorData": "WT-zFZUBbJHfBkmhzTlPf49LTn7asLeTQKhm_riCvFgFAAAAAA",
"signature": "MEUCIQDJ8G9J1NTjdoKx0yloYw45bpn6fJhcqCoUGiZuOU1IAQIgAtPt7S8FHFYW9OMHh3S5FVAxk-lhli-2lX22bBNSDog",
"userHandle": "dXMtMmJhMGgtbHZwMnEtOHYxODYwcGNqMWJoNWlyaQ"
}
}
}
'
{
"userAction": "eyJ0eX...bzrQakA"
}Authentication
✅ Organization User (CustomerEmployee)✅ Delegated User (
EndUser)✅ Service Account
Required Permissions
No permission required.Authorizations
Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows
Body
application/json
Temporary authentication token returned by the Create Challenge endpoint.
First factor credential used to sign the challenge.
- Fido2/Passkeys
- Public/Private key pair
- Password-protected Key
- <Deprecated> Password
Show child attributes
Show child attributes
Second factor credential used to authenticate a user.
- Fido2/Passkeys
- Public/Private key pair
- Password-protected Key
- <Deprecated> TOTP
Show child attributes
Show child attributes
Response
200 - application/json
Success
Last modified on April 9, 2026
Was this page helpful?
⌘I
Assistant
Responses are generated using AI and may contain mistakes.