Last updated
Last updated
All mutating requests need to be signed with a user/token credential.
When signing with a private key you need to:
Get a signing challenge from the Dfns API
Sign the challenge
Exchange the signed challenge for a user action signature with the Dfns API
Complete the original request
A signing challenge is returned from a call to:
/auth/action/init
You will recieve an object with the following properties (additional properties exist for signing with WebAuthn):
The user signs the challenge to verify they want to perform the requested action.
After creating this object, the user will convert the object to a JSON string and sign the string.
When returning the signature to the server, the user will base64url encode the signature and the client data along with the ID of the credential that was used.
The user needs to format the challenge into a.
challenge
A string that will be signed with your private key
challengeIdentifier
A JWT that identifies the signing session
allowCredentials.key
The list of private key credentials that are enabled for the user