Skip to main content
POST
/
auth
/
service-accounts
Create Service Account
curl --request POST \
  --url https://api.dfns.io/auth/service-accounts \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '
{
  "name": "<string>",
  "publicKey": "<string>",
  "permissionId": "pm-37vj4-jkr4l-lc9945spfftkne57",
  "externalId": "<string>",
  "daysValid": 123
}
'
{
  "userInfo": {
    "username": "<string>",
    "name": "<string>",
    "userId": "us-6b58p-r53sr-rlrd3l5cj3uc4ome",
    "credentialUuid": "<string>",
    "isActive": true,
    "isServiceAccount": true,
    "isRegistered": true,
    "permissionAssignments": [
      {
        "permissionName": "<string>",
        "permissionId": "pm-37vj4-jkr4l-lc9945spfftkne57",
        "assignmentId": "as-1vcmc-qrek0-6b4vii9pln60907e",
        "operations": [
          "<string>"
        ]
      }
    ],
    "orgId": "or-30tnh-itmjs-s235s5ontr3r23h2",
    "accountId": "acct-24hka-dhili-9hgvdlvr1ohpibp4",
    "permissions": [
      "<string>"
    ]
  },
  "accessTokens": [
    {
      "dateCreated": "2023-04-14T20:41:28.715Z",
      "credId": "<string>",
      "isActive": true,
      "linkedUserId": "us-6b58p-r53sr-rlrd3l5cj3uc4ome",
      "linkedAppId": "ap-2a9in-tt2a1-983lho480p35ejd0",
      "name": "<string>",
      "orgId": "or-30tnh-itmjs-s235s5ontr3r23h2",
      "permissionAssignments": [
        {
          "permissionName": "<string>",
          "permissionId": "pm-37vj4-jkr4l-lc9945spfftkne57",
          "assignmentId": "as-1vcmc-qrek0-6b4vii9pln60907e",
          "operations": [
            "<string>"
          ]
        }
      ],
      "publicKey": "<string>",
      "tokenId": "to-202a0-cdo33-o65mbt6q758lvvnt",
      "accessToken": "<string>"
    }
  ]
}

Authentication

✅ Organization User (CustomerEmployee)
❌ Delegated User (EndUser)
❌ Personal Access Token not allowed
❌ Service Account

Required Permissions

Auth:ServiceAccounts:Create: Always required.

Authorizations

Authorization
string
header
required

Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows

X-DFNS-USERACTION
string
header
required

User Action Signature: Used to sign the change-inducing API requests. More details how to generate the token: User Action Signing flows

Body

application/json
name
string
required

Human-readable name of the Service Account.

Minimum string length: 1
publicKey
string
required
Pattern: ^-----BEGIN (RSA )?PUBLIC KEY-----[A-Za-z0-9+/=\n\r\\]+-----END (RSA )?PUBLIC KEY-----\s?$
permissionId
string

ID of the permission (also referred to as "role" in the dashboard).

Required string length: 1 - 64
Pattern: ^pm-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$
Example:

"pm-37vj4-jkr4l-lc9945spfftkne57"

externalId
string

Value that can be used to correlate the entity with an external system.

daysValid
integer

Number of days the service account will be valid for.

Response

200 - application/json

Success

userInfo
object
required
accessTokens
object[]
required
Last modified on June 18, 2026