Dfns recommends using services like AWS Secrets Manager or comparable services on other public cloud platforms to securely store and manage the private key and authentication tokens of Service Accounts.
Service Accounts
Service Accounts are special types of users that represent non-human actors or systems that need to interact with the Dfns API. They are typically used for server-to-server communication, automated tasks, or background processes.
As any user, they must sign their API requests (cf User Action Signing). So before creating a Service Account, an asymmetric keypair must be created. It will be used as the Service Account Credential. The public part of this key is passed during the Service Account creation.
When you create a Service Account, you will receive an authentication token that can be used to authenticate requests made by that account. This authentication token should be kept secret and not exposed to end users.
To create a Service Account, you can use the Create Service Account API endpoint. Once created, you can manage the Service Account’s permissions and access controls just like you would for a regular user.
⌘I