Skip to main content
Service Accounts are machine users for server-to-server communication, automated tasks, or background processes. Unlike human users who authenticate with passkeys, service accounts use a keypair to sign API requests.

Creating a service account

Step-by-step guide to create a service account and assign permissions

How service accounts work

  1. Keypair: You generate an asymmetric keypair. The public key is registered with Dfns, and you keep the private key to sign requests.
  2. Token: When you create the service account, you receive an authentication token for the Authorization header.
  3. Permissions: A new service account has no permissions by default. Assign a role after creation, or pass a permissionId at creation time (requires PermissionsAssign permission).
To create a Service Account via API, use the Create Service Account endpoint.
Dfns recommends using services like AWS Secrets Manager or comparable services on other cloud platforms to securely store and manage the private key and authentication tokens.
Last modified on April 16, 2026