Skip to main content
Service Accounts are machine users for server-to-server communication, automated tasks, or background processes. Unlike human users who authenticate with passkeys, service accounts use a keypair to sign API requests.

Creating a service account

Step-by-step guide to create a service account and assign permissions

How service accounts work

  1. Keypair: You generate an asymmetric keypair. The public key is registered with Dfns, and you keep the private key to sign requests.
  2. Token: When you create the service account, you receive an authentication token for the Authorization header.
  3. Permissions: A service account inherits all permissions from the user who creates it. You can scope down its permissions after creation, or limit it to a single permission at creation time by passing a permissionId.
To create a Service Account via API, use the Create Service Account endpoint.
Dfns recommends using services like AWS Secrets Manager or comparable services on other cloud platforms to securely store and manage the private key and authentication tokens.
Last modified on March 2, 2026