API Authorization
Identity & Access Management
Wallets & Transactions
Management
Webhooks
Recover User
Copy
Ask AI
curl --request POST \
--url https://api.dfns.io/auth/recover/user \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"recovery": {
"kind": "RecoveryKey",
"credentialAssertion": {
"credId": "<string>",
"clientData": "<string>",
"signature": "<string>",
"algorithm": "<string>"
}
},
"newCredentials": {
"firstFactorCredential": {
"credentialKind": "Fido2",
"credentialInfo": {
"credId": "<string>",
"clientData": "<string>",
"attestationData": "<string>"
},
"credentialName": "<string>",
"challengeIdentifier": "<string>"
},
"secondFactorCredential": {
"credentialKind": "Fido2",
"credentialInfo": {
"credId": "<string>",
"clientData": "<string>",
"attestationData": "<string>"
},
"credentialName": "<string>",
"challengeIdentifier": "<string>"
},
"recoveryCredential": {
"credentialKind": "RecoveryKey",
"credentialInfo": {
"credId": "<string>",
"clientData": "<string>",
"attestationData": "<string>"
},
"credentialName": "<string>",
"challengeIdentifier": "<string>",
"encryptedPrivateKey": "<string>"
}
}
}
'Copy
Ask AI
{
"credential": {
"uuid": "<string>",
"kind": "Fido2",
"name": "<string>"
},
"user": {
"id": "<string>",
"username": "<string>",
"orgId": "<string>"
}
}Recover User
Recovers a user, using a recovery credential. After successfully recovering the user, all of the user’s previous credentials and personal access tokens will be invalidated.
This flow requires cryptographic validation of newly created credential(s) using a recovery credential. The recovery.credentialAssertion.clientData field’s challenge must be the base64url-encoded representation of the newCredential object.
The process is as follows:
- Construct the
newCredentialobject, using the challenge obtained from either the Create Recovery Challenge or Create Delegated Recovery Challenge endpoints. - Serialize the
newCredentialobject to JSON and then base64url-encode the resulting JSON string. This base64url-encoded string will serve as the challenge for therecovery.credentialAssertionobject. - Construct the
recovery.credentialAssertionobject, using the base64url-encoded string generated in step 2 as its challenge.
POST
/
auth
/
recover
/
user
Recover User
Copy
Ask AI
curl --request POST \
--url https://api.dfns.io/auth/recover/user \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"recovery": {
"kind": "RecoveryKey",
"credentialAssertion": {
"credId": "<string>",
"clientData": "<string>",
"signature": "<string>",
"algorithm": "<string>"
}
},
"newCredentials": {
"firstFactorCredential": {
"credentialKind": "Fido2",
"credentialInfo": {
"credId": "<string>",
"clientData": "<string>",
"attestationData": "<string>"
},
"credentialName": "<string>",
"challengeIdentifier": "<string>"
},
"secondFactorCredential": {
"credentialKind": "Fido2",
"credentialInfo": {
"credId": "<string>",
"clientData": "<string>",
"attestationData": "<string>"
},
"credentialName": "<string>",
"challengeIdentifier": "<string>"
},
"recoveryCredential": {
"credentialKind": "RecoveryKey",
"credentialInfo": {
"credId": "<string>",
"clientData": "<string>",
"attestationData": "<string>"
},
"credentialName": "<string>",
"challengeIdentifier": "<string>",
"encryptedPrivateKey": "<string>"
}
}
}
'Copy
Ask AI
{
"credential": {
"uuid": "<string>",
"kind": "Fido2",
"name": "<string>"
},
"user": {
"id": "<string>",
"username": "<string>",
"orgId": "<string>"
}
}Authentication
❌ Organization User (CustomerEmployee)❌ Delegated User (
EndUser)❌ Service Account
✅ Recovery Code
Required Permissions
No permission required.Authorizations
Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows
Body
application/json
Last modified on February 26, 2026
Was this page helpful?
⌘I
Assistant
Responses are generated using AI and may contain mistakes.