Delegate Key

curl --request POST \
  --url https://api.dfns.io/keys/{keyId}/delegate \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '
{
  "delegateTo": "<string>"
}
'

{
  "keyId": "<string>",
  "status": "Delegated"
}

Delegate Key

Only keys created with “delayDelegation: true” can then be delegated to an end-user. It means you need to know ahead of time that you’re creating a wallet meant to be delegated to an end-user later. This is a safety to prevent, for example, a treasury wallet from being unintentionally delegated to an end-user.

When a key is delegated to an end user, all wallets using this key as the signing key are also automatically delegated to the same end user. Key and wallet ownerships are guaranteed to be always consistent.

This operation is irreversible. The key ownership will be transferred to the end-user

In most cases, when you want to implement Wallet Delegation, simply create the wallet by directly delegating it to an end user, in which case it will the non-custodial from the start. There are some rare cases, however, where the key or wallet must be created before the user has accessed to the system. To accommodate this, we’ve added the ability to create a key or wallet in delay delegation mode, and then later delegate it (i.e.: transfer ownership of it) to an end user via this endpoint.

POST

keys

{keyId}

delegate

Delegate Key

curl --request POST \
  --url https://api.dfns.io/keys/{keyId}/delegate \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '
{
  "delegateTo": "<string>"
}
'

{
  "keyId": "<string>",
  "status": "Delegated"
}

Authentication

✅ Organization User (CustomerEmployee)
❌ Delegated User (EndUser)
✅ Service Account

Required Permissions

Keys:Delegate: Always required.

Authorizations

Authorization

string

header

required

Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows

X-DFNS-USERACTION

string

header

required

User Action Signature: Used to sign the change-inducing API requests. More details how to generate the token: User Action Signing flows

Path Parameters

keyId

string

required

Minimum string length: 1

Body

application/json

delegateTo

string

required

Minimum string length: 1

Response

200 - application/json

Success

keyId

string

required

status

enum<string>

required

Available options:

Delegated

Last modified on February 26, 2026

Create Key

Get Key

⌘I

API Authorization

Identity & Access Management

Wallets & Transactions

Management

Webhooks

Delegate Key

Authentication

Required Permissions

Authorizations

Path Parameters

Body

Response

API Authorization

Identity & Access Management

Wallets & Transactions

Management

Webhooks

​Authentication

​Required Permissions

Authorizations

Path Parameters

Body

Response

Authentication

Required Permissions