Complete End User Registration with Wallets
Last updated
Last updated
POST /auth/registration/enduser
Completes the end user registration process and creates the user's initial credentials along with delegated wallets for the new end user.
The type of credentials being registered is determined by the credentialKind
field in the nested objects (firstFactorCredential
, secondFactorCredential
and RecoveryCredential
). Supported credential kinds are:
Fido2
: User action is signed by a user's signing device using WebAuthn
.
Key
: User action is signed by a user's, or token's, private key.
PasswordProtectedKey
: User action is signed by a user's, or token's, private key. The encrypted version of the private key is stored by Dfns and returns during the signing flow for the user to decrypt it.
The number of delegated wallets created and the wallet types are determined by the wallets
specifications. The end user is automatically assigned DfnsDefaultEndUserAccess
managed permission that grants the end user full access to the wallets.
Auth:Users:Create
Always Required
Auth:Types:EndUser
Always Required
Wallets:Create
Always Required
Keys:Create
Always Required
Keys:Delegate
Always Required
firstFactorCredential
*
Object
first factor credential that the end user is registering
secondFactorCredential
Object
Optional
second factor credential that the end user is registering
recoveryCredential
Object
Optional
recovery credential that can be used to recover the end user's account
wallets
Array
delegated wallets that the end user should have
credentialKind
*
String
will always be Fido2
credentialInfo
*
Object
credentialInfo.credId
*
String
base64url encoded id of the credential
credentialInfo.clientData
*
String
base64url encoded client data object. The underlying object is the clientData object returned by the user's WebAuthn client
credentialInfo.attestationData
*
String
base64url encoded attestation data object. The underlying object is the attestationData object returned by the user's WebAuthn client
credentialKind
*
String
will always be Key
credentialInfo
*
Object
credentialInfo.credId
*
String
base64url encoded id of the credential
credentialInfo.clientData
*
String
credentialInfo.attestationData
*
String
credentialKind
*
String
will always be PasswordProtectedKey
credentialInfo
*
Object
credentialInfo.credId
*
String
base64url encoded id of the credential
credentialInfo.clientData
*
String
credentialInfo.attestationData
*
String
encryptedPrivateKey
String
Encrypted private key. The user should hold the secret to decrypting this value, and that secret should never be transmitted to Dfns
credentialKind
*
String
will always be RecoveryKey
credentialInfo
*
Object
credentialInfo.credId
*
String
base64url encoded id of the credential
credentialInfo.clientData
*
String
credentialInfo.attestationData
*
String
encryptedPrivateKey
String
Optional
encrypted private key. The user should hold the secret to decrypting this value, and that secret should never be transmitted to Dfns
network
String
name
Object
Optional name given to the wallet
Success - an object describing the end user and the delegated wallets
JSON object, stringified and base64url-encoded
base64url encoded JSON string object with the users signature and public key
JSON object, stringified and base64url-encoded
base64url encoded JSON string object with the user's signature and public key
JSON object, stringified and base64url-encoded
base64url encoded JSON string object with the user's signature and public key
Network used for the wallet (See for possible values)
See for common errors.
See for user registration specific errors.