Complete User Registration

curl --request POST \
  --url https://api.dfns.io/auth/registration \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "firstFactorCredential": {
    "credentialKind": "Fido2",
    "credentialInfo": {
      "credId": "<string>",
      "clientData": "<string>",
      "attestationData": "<string>"
    },
    "credentialName": "<string>"
  },
  "secondFactorCredential": {
    "credentialKind": "Fido2",
    "credentialInfo": {
      "credId": "<string>",
      "clientData": "<string>",
      "attestationData": "<string>"
    },
    "credentialName": "<string>"
  },
  "recoveryCredential": {
    "credentialKind": "RecoveryKey",
    "credentialInfo": {
      "credId": "<string>",
      "clientData": "<string>",
      "attestationData": "<string>"
    },
    "encryptedPrivateKey": "<string>",
    "credentialName": "<string>"
  }
}
'

{
  "credential": {
    "uuid": "<string>",
    "kind": "Fido2",
    "name": "<string>"
  },
  "user": {
    "id": "<string>",
    "username": "<string>",
    "orgId": "<string>"
  }
}

Complete User Registration

Completes the user registration process and creates the user’s initial credentials.

The type of credentials being registered is determined by the credentialKind field in the nested objects (firstFactorCredential , secondFactorCredential and RecoveryCredential). Supported credential kinds are:

Fido2: User action is signed by a user’s signing device using WebAuthn.
Key: User action is signed by a user’s, or token’s, private key.
PasswordProtectedKey: User action is signed by a user’s, or token’s, private key. The encrypted version of the private key is stored by Dfns and returns during the signing flow for the user to decrypt it.
RecoveryKey : Similar to PasswordProtectedKey, but this credential can only be used to recover an account not to sign an action or login. Once this credential is used all the other user’s credentials are invalidated.

POST

auth

registration

Complete User Registration

curl --request POST \
  --url https://api.dfns.io/auth/registration \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "firstFactorCredential": {
    "credentialKind": "Fido2",
    "credentialInfo": {
      "credId": "<string>",
      "clientData": "<string>",
      "attestationData": "<string>"
    },
    "credentialName": "<string>"
  },
  "secondFactorCredential": {
    "credentialKind": "Fido2",
    "credentialInfo": {
      "credId": "<string>",
      "clientData": "<string>",
      "attestationData": "<string>"
    },
    "credentialName": "<string>"
  },
  "recoveryCredential": {
    "credentialKind": "RecoveryKey",
    "credentialInfo": {
      "credId": "<string>",
      "clientData": "<string>",
      "attestationData": "<string>"
    },
    "encryptedPrivateKey": "<string>",
    "credentialName": "<string>"
  }
}
'

{
  "credential": {
    "uuid": "<string>",
    "kind": "Fido2",
    "name": "<string>"
  },
  "user": {
    "id": "<string>",
    "username": "<string>",
    "orgId": "<string>"
  }
}

Authentication

❌ Organization User (CustomerEmployee)
❌ Delegated User (EndUser)
❌ Service Account
✅ Registration Code

Required Permissions

No permission required.

Authorizations

Authorization

string

header

required

Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows

Body

application/json

firstFactorCredential

Fido2/Passkeys · object

required

Fido2/Passkeys
Public/Private key pair
<Deprecated> Password
Password-protected Key

Show child attributes

firstFactorCredential.credentialKind

enum<string>

required

Available options:

Fido2

firstFactorCredential.credentialInfo

object

required

Show child attributes

firstFactorCredential.credentialInfo.credId

string

required

Minimum string length: 1

firstFactorCredential.credentialInfo.clientData

string

required

Minimum string length: 1

firstFactorCredential.credentialInfo.attestationData

string

required

Minimum string length: 1

firstFactorCredential.credentialName

string

Minimum string length: 1

secondFactorCredential

Fido2/Passkeys · object

Fido2/Passkeys
Public/Private key pair
<Deprecated> TOTP
Password-protected Key

Show child attributes

secondFactorCredential.credentialKind

enum<string>

required

Available options:

Fido2

secondFactorCredential.credentialInfo

object

required

Show child attributes

secondFactorCredential.credentialInfo.credId

string

required

Minimum string length: 1

secondFactorCredential.credentialInfo.clientData

string

required

Minimum string length: 1

secondFactorCredential.credentialInfo.attestationData

string

required

Minimum string length: 1

secondFactorCredential.credentialName

string

Minimum string length: 1

recoveryCredential

Recovery Key · object

Show child attributes

recoveryCredential.credentialKind

enum<string>

required

Available options:

RecoveryKey

recoveryCredential.credentialInfo

object

required

Show child attributes

recoveryCredential.credentialInfo.credId

string

required

Minimum string length: 1

recoveryCredential.credentialInfo.clientData

string

required

Minimum string length: 1

recoveryCredential.credentialInfo.attestationData

string

required

Minimum string length: 1

recoveryCredential.encryptedPrivateKey

string

Minimum string length: 1

recoveryCredential.credentialName

string

Minimum string length: 1

Response

200 - application/json

Success

credential

object

required

Show child attributes

credential.uuid

string

required

credential.kind

enum<string>

required

Available options:

Fido2,

Key,

Password,

Totp,

RecoveryKey,

PasswordProtectedKey

credential.name

string

required

user

object

required

Show child attributes

user.id

string

required

user.username

string

required

user.orgId

string

required

Create Social Registration Challenge

Complete End User Registration with Wallets

⌘I

API Authorization

Identity & Access Management

Wallets & Transactions

Management

Webhooks

Complete User Registration

Authentication

Required Permissions

Authorizations

Body

Response

API Authorization

Identity & Access Management

Wallets & Transactions

Management

Webhooks

​Authentication

​Required Permissions

Authorizations

Body

Response

Authentication

Required Permissions