> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dfns.co/llms.txt
> Use this file to discover all available pages before exploring further.
# Import Key
> Dfns secures private keys by generating them as MPC key shares in our decentralized key management network. This happens by default when you create a [key](https://docs.dfns.co/api-reference/keys/create-key) or [wallet](https://docs.dfns.co/api-reference/wallets/create-wallet).
In some circumstances, however, you may need to import an existing private key into Dfns infrastructure, instead of creating a brand new wallet with Dfns and transfer funds to it. As an example, you might want to keep an existing wallet if its address is tied to a smart contract which you don't want to re-deploy.
In such a case, Dfns exposes this key import API endpoint, which can be used in conjunction with our [import SDK](https://github.com/dfns/dfns-sdk-ts/tree/m/examples/sdk/import-wallet). Note this is intended to be used only to migrate wallets when first onboarding onto the Dfns platform.
Dfns can not guarantee the security of imported wallets, as we have no way to control who had access to the private key prior to import. For this reason, this feature is restricted to Enterprise customers who have signed a contractual addendum limiting our liability for imported keys. Please contact your sales representative for more information.
#### Authentication
✅ Organization User (`CustomerEmployee`)\
✅ Delegated User (`EndUser`)\
✅ Service Account
#### Required Permissions
`Keys:Import`: Always required.
## OpenAPI
````yaml /openapi.yaml post /keys/import
openapi: 3.1.0
info:
version: 1.795.3
title: Dfns
servers:
- url: https://api.dfns.io
description: Default - Europe
- url: https://api.uae.dfns.io
description: UAE
- url: https://api.dfns.ninja
description: Staging
security: []
paths:
/keys/import:
post:
tags:
- Keys
summary: Import Key
description: >
Dfns secures private keys by generating them as MPC key shares in our
decentralized key management network. This happens by default when you
create a [key](https://docs.dfns.co/api-reference/keys/create-key) or
[wallet](https://docs.dfns.co/api-reference/wallets/create-wallet).
In some circumstances, however, you may need to import an existing
private key into Dfns infrastructure, instead of creating a brand new
wallet with Dfns and transfer funds to it. As an example, you might want
to keep an existing wallet if its address is tied to a smart contract
which you don't want to re-deploy.
In such a case, Dfns exposes this key import API endpoint, which can be
used in conjunction with our [import
SDK](https://github.com/dfns/dfns-sdk-ts/tree/m/examples/sdk/import-wallet).
Note this is intended to be used only to migrate wallets when first
onboarding onto the Dfns platform.
Dfns can not guarantee the security of imported wallets, as we have no
way to control who had access to the private key prior to import. For
this reason, this feature is restricted to Enterprise customers who have
signed a contractual addendum limiting our liability for imported keys.
Please contact your sales representative for more information.
requestBody:
content:
application/json:
schema:
type: object
properties:
name:
type: string
maxLength: 100
curve:
type: string
enum:
- ed25519
- secp256k1
- stark
protocol:
anyOf:
- type: string
enum:
- CGGMP24
- FROST
- FROST_BITCOIN
- GLOW20_DH
- KU23
- type: string
enum:
- CGGMP21
minSigners:
type: integer
exclusiveMinimum: 0
encryptedKeyShares:
type: array
items:
type: object
properties:
signerId:
type: string
minLength: 1
encryptedKeyShare:
type: string
minLength: 1
required:
- signerId
- encryptedKeyShare
minItems: 1
masterKey:
type: boolean
description: Specify to create an extended master key for HD derivation
required:
- curve
- protocol
- minSigners
- encryptedKeyShares
additionalProperties: false
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/Key'
security:
- authenticationToken: []
userActionSignature: []
components:
schemas:
Key:
type: object
properties:
id:
type: string
minLength: 1
maxLength: 64
pattern: ^key-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$
description: Unique identifier for the key.
example: key-01snl-t56gb-j8tsok0vn802p80i
scheme:
$ref: '#/components/schemas/KeyScheme'
curve:
$ref: '#/components/schemas/KeyCurve'
publicKey:
type: string
description: Hex-encoded public key.
masterKey:
type: boolean
description: Whether this key can be used as a master key for HD derivation.
derivedFrom:
type: object
properties:
keyId:
type: string
minLength: 1
maxLength: 64
pattern: ^key-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$
description: The master key this key was derived from.
example: key-01snl-t56gb-j8tsok0vn802p80i
path:
type: string
description: The derivation path used.
required:
- keyId
- path
description: Derivation info if this key was derived from a master key.
name:
type: string
description: Nickname for the key.
status:
type: string
enum:
- Active
- Archived
description: Current status of the key.
custodial:
type: boolean
description: >-
Whether the key is custodial (owned by organization) or
non-custodial (delegated to end user).
dateCreated:
type: string
format: date-time
description: >-
[ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) date (must be
UTC). When the key was created.
example: '2023-04-14T20:41:28.715Z'
imported:
type: boolean
description: Whether this key was imported.
exported:
type: boolean
description: Whether this key has been exported.
dateExported:
type: string
format: date-time
description: >-
[ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) date (must be
UTC). When the key was exported.
example: '2023-04-14T20:41:28.715Z'
dateDeleted:
type: string
format: date-time
description: >-
[ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) date (must be
UTC). When the key was deleted.
example: '2023-04-14T20:41:28.715Z'
required:
- id
- scheme
- curve
- publicKey
- status
- custodial
- dateCreated
KeyScheme:
type: string
description: The cryptographic scheme for the key.
enum:
- ECDSA
- EdDSA
- Schnorr
KeyCurve:
type: string
enum:
- ed25519
- secp256k1
- stark
description: The elliptic curve for the key.
securitySchemes:
authenticationToken:
type: http
scheme: bearer
bearerFormat: JWT
description: >-
**Bearer Token:** Used to authenticate API requests.
More details how to generate the token: [Authentication
flows](https://docs.dfns.co/api-reference/auth/login-flows)
userActionSignature:
type: apiKey
in: header
name: X-DFNS-USERACTION
description: >-
**User Action Signature:** Used to sign the change-inducing API
requests.
More details how to generate the token: [User Action Signing
flows](https://docs.dfns.co/api-reference/auth/signing-flows)
````