Skip to main content
You can find more details in the developers guides section.

Fido2 signing flow

This flow is for a human user interacting with a frontend (website, mobile app, etc) and signing the request using his passkey from that frontend. The authToken to use here is from that user, refer to the login flows for details how to obtain that token.
1

Prepare your endpoint call payload

For starting a signing session you need to prepare the API call you intend to make eventually.As an example let’s use Transfer Asset.
  • Method: POST
  • Path: /wallets/wa-12345-12345-12345678910/transfers
  • Payload: {"kind": "Native", "to": "0xe5a2ebc128e262ab1e3bd02bffbe16911adfbffb", "amount": "100000"}
2

Request a User Action Challenge

Use : Create User Action Challenge.This starts a user action signing session, returning a challenge that will be used to verify the user’s intent to perform an action. You need to provide details about the intended call:
3

Get the user to sign the challenge

You need to forward the challenge and associated information to the frontend (browser or app) to handle the signing operation using WebAuthn APIs.
4

Request a User Action token

Use . Refer to Create User Action Signature for endpoint details.Completes the user action signing process and provides a signing token that can be used to verify the user intended to perform the action.
5

Use the User Action token

Add the User Action token to the X-DFNS-USERACTION header of the original API call that requires user action signing.

Asymmetric Keys signing flow

This flow is for machine-to-machine interactions: a backend signs the request using an asymmetric key, there is no signing request to the user. The backend can login as a Service Account (machine user with its own identity), as a user using their Personal Access Token. Just provide the right token as authToken for all the following API calls. You should also have registered the public key when you created the Service Account or the user’s Personal Access Token. The Private Key will be used to sign the challenges, make sure you use the private key linked to the authToken you are using!
1

Prepare your endpoint call payload

For starting a signing session you need to prepare the API call you intend to make eventually.As an example let’s use Transfer Asset.
  • Method: POST
  • Path: /wallets/wa-12345-12345-12345678910/transfers
  • Payload: {"kind": "Native", "to": "0xe5a2ebc128e262ab1e3bd02bffbe16911adfbffb", "amount": "100000"}
2

Request a User Action Challenge

Use : Create User Action Challenge.This starts a user action signing session, returning a challenge that will be used to verify the user’s intent to perform an action. You need to provide details about the intended call:
3

Sign the challenge

Use a crypto library or a KMS to sign the challenge.
4

Request a User Action token

Use . Refer to Create User Action Signature for endpoint details.Completes the user action signing process and provides a signing token that can be used to verify the user intended to perform the action.
5

Use the User Action token

Add the User Action token to the X-DFNS-USERACTION header of the original API call that requires user action signing.
Last modified on June 8, 2026