Dfns API Documentation
  • 👋Welcome
  • Getting Started
    • Onboarding to Dfns
    • Dfns Environments
    • Core API Objects
    • Supported Assets
    • Postman
    • Dfns SDKs
    • Dashboard Videos
  • API Docs
    • Introduction
    • Authentication
      • Delegated Authentication
        • Delegated Registration
        • Delegated Registration Restart
        • Delegated Login
      • User Action Signing
        • Create User Action Signature Challenge
        • Create User Action Signature
      • Registration
        • Create User Registration Challenge
        • Complete User Registration
        • Complete End User Registration with Wallets
        • Resend Registration Code
        • Social Registration
      • Login
        • Create User Login Challenge
        • Complete User Login
        • Social Login
        • Logout
        • Send Login Code
      • Users
        • List Users
        • Create User
        • Get User
        • Activate User
        • Deactivate User
        • Archive User
      • Service Accounts
        • List Service Accounts
        • Create Service Account
        • Get Service Account
        • Update Service Account
        • Activate Service Account
        • Deactivate Service Account
        • Archive Service Account
      • Applications
        • List Applications
        • Create Application
        • Create Server-Signed Application
        • Get Application
        • Update Application
        • Activate Application
        • Deactivate Application
        • Archive Application
      • Personal Access Tokens
        • List Personal Access Tokens
        • Create Personal Access Token
        • Get Personal Access Token
        • Update Personal Access Token
        • Activate Personal Access Token
        • Deactivate Personal Access Token
        • Archive Personal Access Token
      • Credentials
        • Credentials Overview
        • API Reference
          • Create Credential Code
          • Create Credential Challenge
          • Create Credential Challenge With Code
          • Create Credential
          • Create Credential With Code
          • Deactivate Credential
          • Activate Credential
          • List Credentials
      • Recovery
        • Send Recovery Code Email
        • Create Recovery Challenge
        • Create Delegated Recovery Challenge
        • Recover User
    • Wallets
      • Create Wallet
      • Update Wallet
      • Delegate Wallet
      • Get Wallet by ID
      • List Wallets
      • Get Wallet Assets
      • Get Wallet NFTs
      • Get Wallet History
      • Tag Wallet
      • Untag Wallet
      • Transfer Asset from Wallet
      • Get Wallet Transfer Request by ID
      • List Wallet Transfer Requests
      • Sign and Broadcast Transaction from Wallet
        • Algorand: Broadcast Transaction
        • Bitcoin/Litecoin: Broadcast Transaction
        • Cardano: Broadcast Transaction
        • EVM: Broadcast Transaction
        • Polkadot: Broadcast Transaction
        • Solana: Broadcast Transaction
        • Stellar: Broadcast Transaction
        • Tezos: Broadcast Transaction
        • TRON: Broadcast Transaction
        • XRP Ledger (aka Ripple): Broadcast Transaction
      • Get Wallet Transaction Request by ID
      • List Wallet Transaction Requests
      • Generate Signature from Wallet
        • Algorand: Generate Signature
        • Aptos: Generate Signature
        • Bitcoin/Litecoin: Generate Signature
        • Cardano: Generate Signature
        • Cosmos Appchain: Generate Signature
        • EVM: Generate Signature
        • Polkadot: Generate Signature
        • Solana: Generate Signature
        • Stellar: Generate Signature
        • Tezos: Generate Signature
        • TRON: Generate Signature
        • TON: Generate Signature
        • XRP Ledger (aka Ripple): Generate Signature
        • Pseudo Networks (All other chains): Generate Signature
      • Get Wallet Signature Request by ID
      • List Wallet Signature Requests
      • Advanced Wallet APIs
        • Import Wallet
        • Export Wallet
    • Fee Sponsors
      • Create Fee Sponsor
    • Keys
      • Create Key
      • Get Key by ID
      • List Keys
    • Networks
      • Estimate fees
      • Read Contract
    • Policy Engine
      • Policies Overview
      • API Reference
        • Create Policy
        • Get Policy
        • List Policies
        • Update Policy
        • Archive Policy
        • Get Approval
        • List Approvals
        • Create Approval Decision
    • Permissions
      • Permissions Overview
      • API Reference
        • Get Permission
        • List Permissions
        • Create Permission
        • Update Permission
        • Archive Permission
        • Assign Permission
        • Revoke Permission
        • List Permission Assignments
    • Webhooks
      • Create Webhook
      • Get Webhook
      • List Webhooks
      • Update Webhook
      • Delete Webhook
      • Ping Webhook
      • Get Webhook Event
      • List Webhook Events
    • Dfns Change Log
    • API Errors
  • Integrations
    • Exchanges
      • Exchange Configuration
        • Kraken Setup
        • Binance Setup
        • Coinbase Prime Setup
      • API Reference
        • Create Exchange
        • List Exchanges
        • Get Exchange
        • Delete Exchange
        • List Exchange Accounts
        • List Exchange Account Assets
        • Create Exchange Deposit
        • Create Exchange Withdrawal
    • AML / KYT
      • Chainalysis
    • Staking
      • API Reference
        • Create Stake
        • Create Stake Action
        • List Stakes
        • List Stake Actions
        • get Rewards
    • Fiat On/Off-Ramps
    • Account Abstraction on EVMs
  • Advanced Topics
    • Authentication
      • API Authentication
      • Request Headers
      • Credentials
        • Generate a Key Pair
        • User Credentials
        • Access Token Credentials
        • Storing WebAuthn Credentials in Password Managers
      • Request Signing
      • API objects
    • Delegated Signing
    • API Idempotency
    • FAQ
  • Guides
    • Passkey Settings - Migration guide
Powered by GitBook
On this page
  • Required Permissions
  • Request body
  • Fido2 Credential
  • Key Credential and Password Protected Key Credential
  • Responses
  1. API Docs
  2. Authentication
  3. User Action Signing

Create User Action Signature

POST /auth/action

Completes the user action signing process and provides a signing token that can be used to verify the user intended to perform the action.

The type of credentials used to sign the action is determined by the kind field in the nested objects (firstFactor and secondFactor). Supported credential kinds are:

  • Fido2: User action is signed by a user's signing device using WebAuthn.

  • Key: User action is signed by a user's, or token's, private key.

  • PasswordProtectedKey: Login challenge is signed by the decrypted user's private key that was sent during Create User Action Signature Challenge step.

  • Request headers required. See Request Headers for more information.

  • Authentication required. See Authentication Headers for more information.

Required Permissions

The permissions apply to the application only.

Name
Conditions

Auth:Action:Sign

Always Required

Request body

challengeIdentifier *

String

firstFactor *

Object

first factor credential used to sign the user action

secondFactor

Object

Optional second factor credential used to authenticate a user

Fido2 Credential

kind *

String

will always be Fido2

credentialAssertion *

Object

credentialAssertion.credId *

String

base64url encoded id of the credential returned by the user's WebAuthn client

credentialAssertion.clientData *

String

base64url encoded client data object returned by the user's WebAuthn client

credentialAssertion.authenticatorData *

String

base64url encoded authenticator data object returned by the user's WebAuthn client

credentialAssertion.signature *

String

base64url encoded signature returned by the user's WebAuthn client

credentialAssertion.userHandle *

String

base64url encoded userHandle returned by the user's WebAuthn client

Example:

{
  "challengeIdentifier":"eyJ0e...fQNA",
  "firstFactor":{
    "kind":"Fido2",
    "credentialAssertion":{
      "credId":"c1QEdgnPLJargwzy3cbYKny4Q18u0hr97unXsF3DiE8",
      "clientData":"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiTVdNME1tWTVZVFEwTURSaU56ZGhOVEZoTnpZNU9EUXdOV0k1WlRRNFkyUmhPRFppTkRrM1pUWXpPVEU1T0dZeU1EY3haakJqWXprNE1tUTVZelkxTUEiLCJvcmlnaW4iOiJodHRwczovL2FwcC5kZm5zLm5pbmphIiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ",
      "authenticatorData":"WT-zFZUBbJHfBkmhzTlPf49LTn7asLeTQKhm_riCvFgFAAAAAA",
      "signature":"MEUCIQDJ8G9J1NTjdoKx0yloYw45bpn6fJhcqCoUGiZuOU1IAQIgAtPt7S8FHFYW9OMHh3S5FVAxk-lhli-2lX22bBNSDog",
      "userHandle":"dXMtMmJhMGgtbHZwMnEtOHYxODYwcGNqMWJoNWlyaQ"
    }
  }
}

Key Credential and Password Protected Key Credential

kind *

String

Key or PasswordProtectedKey

credentialAssertion *

Object

credentialAssertion.credId *

String

base64url encoded id of the credential

credentialAssertion.clientData *

String

credentialAssertion.signature *

String

base64url encoded signature generated by signing the clientData JSON string object

Example:

{
  "challengeIdentifier":"eyJ0e...fQNA",
  "firstFactor":{
    "kind":"Key", // can be "PasswordProtectedKey" as well
    "credentialAssertion":{
      "credId":"6Ca6tAOFTx2odyJBnCoRO-gPvfpfy0EOoOcEaxfxIOk",
      "clientData":"eyJ0eXBlIjoia2V5LmdldCIsImNoYWxsZW5nZSI6Ik1XTTBNbVk1WVRRME1EUmlOemRoTlRGaE56WTVPRFF3TldJNVpUUTRZMlJoT0RaaU5EazNaVFl6T1RFNU9HWXlNRGN4WmpCall6azRNbVE1WXpZMU1BIiwib3JpZ2luIjoiaHR0cHM6Ly9hcHAuZGZucy5uaW5qYSIsImNyb3NzT3JpZ2luIjpmYWxzZX0",
      "signature":"owt8WtpJT_6eEuw4UwdIX2HMMwENgk0SrI-RoCMPhx_9YMVpNKJGmJfHUusf_R1Mor9a_hinQVuXj4_XRdeJFSY2AySXSUk",
    }
  }
}

Responses

  • See Common Errors for common errors.

  • See User Action Signing Errors for user action signing specific errors.

Success - a token that will be passed in the X-DFNS-USERACTION header

{
  "userAction": "eyJ0eX...bzrQakA"
}

Last updated 8 months ago

temporary authentication token returned by the

JSON object, stringified and base64url-encoded

Create User Action Signature Challenge
Client Data