Complete User Registration
POST /auth/registration
Completes the user registration process and creates the user's initial credentials.
The type of credentials being registered is determined by the credentialKind
field in the nested objects (firstFactorCredential
, secondFactorCredential
and RecoveryCredential
). Supported credential kinds are:
Fido2
: User action is signed by a user's signing device usingWebAuthn
.Key
: User action is signed by a user's, or token's, private key.PasswordProtectedKey
: User action is signed by a user's, or token's, private key. The encrypted version of the private key is stored by Dfns and returns during the signing flow for the user to decrypt it.RecoveryKey
: Similar toPasswordProtectedKey
, but this credential can only be used to recover an account not to sign an action or login. Once this credential is used all the other user's credentials are invalidated.
Request headers required. See Request Headers for more information.
Temporary authentication token required. See Registration Headers for more information.
Required Permissions
Since this endpoint is not authenticated, the permissions apply to the application only.
Auth:Users:Create
Always Required
Auth:Types:Employee
When kind
is CustomerEmployee
Auth:Types:EndUser
When kind
is EndUser
Request body
firstFactorCredential
*
Object
first factor credential that the user is registering
secondFactorCredential
Object
Optional
second factor credential that the user is registering
recoveryCredential
Object
Optional
recovery credential that can be used to recover the user's account
Fido2 Credential
credentialKind
*
String
will always be Fido2
credentialInfo
*
Object
credentialInfo.credId
*
String
base64url encoded id of the credential
credentialInfo.clientData
*
String
base64url encoded client data object. The underlying object is the clientData object returned by the user's WebAuthn client
credentialInfo.attestationData
*
String
base64url encoded attestation data object. The underlying object is the attestationData object returned by the user's WebAuthn client
Example
Key Credential
credentialKind
*
String
will always be Key
credentialInfo
*
Object
credentialInfo.credId
*
String
base64url encoded id of the credential
credentialInfo.clientData
*
String
credentialInfo.attestationData
*
String
Example
Password Protected Key Credential
credentialKind
*
String
will always be PasswordProtectedKey
credentialInfo
*
Object
credentialInfo.credId
*
String
base64url encoded id of the credential
credentialInfo.clientData
*
String
credentialInfo.attestationData
*
String
encryptedPrivateKey
String
Encrypted private key. The user should hold the secret to decrypting this value, and that secret should never be transmitted to Dfns
Example
Recovery Credential
credentialKind
*
String
will always be RecoveryKey
credentialInfo
*
Object
credentialInfo.credId
*
String
base64url encoded id of the credential
credentialInfo.clientData
*
String
credentialInfo.attestationData
*
String
encryptedPrivateKey
String
Optional
encrypted private key. The user should hold the secret to decrypting this value, and that secret should never be transmitted to Dfns
Example
Responses
See Common Errors for common errors.
See User Registration Errors for user registration specific errors.
Success - an object describing the user
Last updated