Create Credential
Last updated
Last updated
POST /auth/credentials
Part of the flow Create Credential Regular flow.
Adds a new credential to a user's account. See Credential Kinds for all supported credential types.
User action signature required. See User Action Signing for more information.
Request headers required. See Request Headers for more information.
Authentication required. See Authentication Headers for more information.
The permissions apply to the application only.
Name | Conditions |
---|---|
Field | Type | Description |
---|---|---|
See Common Errors for common errors.
See Credential Management Errors for credential management specific errors.
Success - an object describing the new credential
Auth:Creds:Create
Always Required
challengeIdentifier
*
String
Challenge identifier returned by the Create User Credential Challenge call
credentialName
*
String
Name the user is assigning to this credential
credentialKind
*
String
Kind of credential being registered (see Credential Kind)
credentialInfo
*
Object
An object containing information about the credential being registered
encryptedPrivateKey
String
Only for Password Protected Key and Recovery Key
credentialKind
*
String
will always be Fido2
credentialInfo
*
Object
See fields below
credentialInfo.credId
*
String
base64url encoded id of the credential
credentialInfo.clientData
*
String
base64url encoded client data object. The underlying object is the clientData object returned by the user's WebAuthn client
credentialInfo.attestationData
*
String
base64url encoded attestation data object. The underlying object is the attestationData object returned by the user's WebAuthn client
credentialKind
*
String
will always be Key
credentialInfo
*
Object
See fields below
credentialInfo.credId
*
String
base64url encoded id of the credential. Note: This can be any unique value that identifies the credential (eg. account+key ID on AWS, the key's database ID, or the path to the key on disk)
credentialInfo.clientData
*
String
base64url encoded Client Data JSON string object that was signed with the user's private key
credentialInfo.attestationData
*
String
base64url encoded Attestation Data JSON string object with the users signature and public key
credentialKind
*
String
will always be PasswordProtectedKey
credentialInfo
*
Object
See fields below
credentialInfo.credId
*
String
base64url encoded id of the credential. Note: This can be any unique value that identifies the credential (eg. account+key ID on AWS, the key's database ID, or the path to the key on disk)
credentialInfo.clientData
*
String
base64url encoded Client Data JSON string object that was signed with the user's private key
credentialInfo.attestationData
*
String
base64url encoded Attestation Data JSON string object with the users signature and public key
encryptedPrivateKey
String
Encrypted private key. The user should hold the secret to decrypting this value, and that secret should never be transmitted to Dfns
credentialKind
*
String
will always be RecoveryKey
credentialInfo
*
Object
See fields below
credentialInfo.credId
*
String
base64url encoded id of the credential
credentialInfo.clientData
*
String
base64url encoded Client Data JSON string object that was signed with the user's private key
credentialInfo.attestationData
*
String
base64url encoded Attestation Data JSON string object with the users signature and public key
encryptedPrivateKey
String
Encrypted private key. The user should hold the secret to decrypting this value, and that secret should never be transmitted to Dfns