Skip to main content
POST
/
permissions
Create Permission
curl --request POST \
  --url https://api.dfns.io/permissions \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '
{
  "name": "<string>",
  "operations": [
    "Registry:Addresses:Create"
  ]
}
'
{
  "id": "<string>",
  "name": "<string>",
  "operations": [
    "<string>"
  ],
  "status": "Active",
  "isImmutable": true,
  "isArchived": true,
  "dateCreated": "<string>",
  "dateUpdated": "<string>"
}

Authentication

✅ Organization User (CustomerEmployee)
✅ Delegated User (EndUser)
✅ Service Account

Required Permissions

Permissions:Create: Always required.

Authorizations

Authorization
string
header
required

Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows

X-DFNS-USERACTION
string
header
required

User Action Signature: Used to sign the change-inducing API requests. More details how to generate the token: User Action Signing flows

Body

application/json
name
string
required
Minimum string length: 1
operations
enum<string>[]
required
Minimum array length: 1
Available options:
Registry:Addresses:Create,
Registry:Addresses:Delete,
Registry:Addresses:Read,
Registry:Addresses:Update,
Registry:ContractSchemas:Create,
Registry:ContractSchemas:Delete,
Registry:ContractSchemas:Read,
Auth:Logs:Read,
Auth:Users:Create,
Auth:Users:Read,
Auth:Users:Update,
Auth:Users:Activate,
Auth:Users:Deactivate,
Auth:Users:Delete,
Auth:ServiceAccounts:Create,
Auth:ServiceAccounts:Read,
Auth:ServiceAccounts:Update,
Auth:ServiceAccounts:Deactivate,
Auth:ServiceAccounts:Activate,
Auth:ServiceAccounts:Delete,
Auth:Pats:Create,
Auth:Register:Delegated,
Auth:Login:Delegated,
Auth:Recover:Delegated,
Agreements:Acceptance:Create,
Agreements:Acceptance:Read,
Events:Read,
Exchanges:Create,
Exchanges:Read,
Exchanges:Delete,
Exchanges:Deposits:Create,
Exchanges:Withdrawals:Create,
FeeSponsors:Create,
FeeSponsors:Read,
FeeSponsors:Update,
FeeSponsors:Delete,
FeeSponsors:Use,
Orgs:Read,
Orgs:Update,
Orgs:Settings:Read,
Orgs:Settings:Update,
Permissions:Archive,
Permissions:Create,
Permissions:Read,
Permissions:Update,
Permissions:Assign,
Permissions:Revoke,
Permissions:Assignments:Read,
Policies:Archive,
Policies:Create,
Policies:Read,
Policies:Update,
Policies:Approvals:Read,
Policies:Approvals:Approve,
Signers:ListSigners,
Stakes:Create,
Stakes:Read,
Stakes:Update,
Swaps:Create,
Swaps:Read,
Allocations:Create,
Allocations:Update,
Allocations:Read,
Keys:Create,
Keys:Delete,
Keys:Read,
Keys:Update,
Keys:Reuse,
Keys:Delegate,
Keys:Import,
Keys:Export,
Keys:Derive,
Keys:ChildKeys:Create,
Keys:Signatures:Create,
Keys:Signatures:Read,
KeyStores:Read,
Networks:CantonValidators:Create,
Networks:CantonValidators:Read,
Networks:CantonValidators:Update,
Networks:CantonValidators:Delete,
Wallets:Create,
Wallets:Read,
Wallets:Update,
Wallets:Tags:Add,
Wallets:Tags:Delete,
Wallets:Transactions:Create,
Wallets:Transactions:Read,
Wallets:Transfers:Create,
Wallets:Transfers:Read,
Wallets:Offers:Read,
Wallets:Offers:Settle,
Webhooks:Create,
Webhooks:Read,
Webhooks:Update,
Webhooks:Delete,
Webhooks:Ping,
Webhooks:Events:Read,
Billing:Read,
Billing:Write,
Analytics:Read

Response

200 - application/json

Success

id
string
required
name
string
required
operations
string[]
required
status
enum<string>
required
Available options:
Active
isImmutable
boolean
required
isArchived
boolean
required
dateCreated
string
required
dateUpdated
string
required