API Authorization
Identity & Access Management
Wallets & Transactions
Management
Webhooks
Create Recovery Challenge
curl --request POST \
--url https://api.dfns.io/auth/recover/user/init \
--header 'Content-Type: application/json' \
--data '
{
"username": "<string>",
"verificationCode": "<string>",
"orgId": "<string>",
"credentialId": "<string>"
}
'{
"user": {
"id": "<string>",
"displayName": "<string>",
"name": "<string>"
},
"temporaryAuthenticationToken": "<string>",
"challenge": "<string>",
"supportedCredentialKinds": {
"firstFactor": [
"Fido2"
],
"secondFactor": [
"Fido2"
]
},
"authenticatorSelection": {
"residentKey": "required",
"requireResidentKey": true,
"userVerification": "required",
"authenticatorAttachment": "platform"
},
"attestation": "none",
"pubKeyCredParams": [
{
"type": "public-key",
"alg": 123
}
],
"excludeCredentials": [
{
"type": "public-key",
"id": "cr-6uunn-bm6ja-f6rmod5kqrk5rbel"
}
],
"otpUrl": "<string>",
"allowedRecoveryCredentials": [
{
"id": "<string>",
"encryptedRecoveryKey": "<string>"
}
],
"rp": {
"id": "<string>",
"name": "<string>"
}
}Create Recovery Challenge
Starts a user recovery session, returning a challenge that will be used to verify the user’s identity.
POST
/
auth
/
recover
/
user
/
init
Create Recovery Challenge
curl --request POST \
--url https://api.dfns.io/auth/recover/user/init \
--header 'Content-Type: application/json' \
--data '
{
"username": "<string>",
"verificationCode": "<string>",
"orgId": "<string>",
"credentialId": "<string>"
}
'{
"user": {
"id": "<string>",
"displayName": "<string>",
"name": "<string>"
},
"temporaryAuthenticationToken": "<string>",
"challenge": "<string>",
"supportedCredentialKinds": {
"firstFactor": [
"Fido2"
],
"secondFactor": [
"Fido2"
]
},
"authenticatorSelection": {
"residentKey": "required",
"requireResidentKey": true,
"userVerification": "required",
"authenticatorAttachment": "platform"
},
"attestation": "none",
"pubKeyCredParams": [
{
"type": "public-key",
"alg": 123
}
],
"excludeCredentials": [
{
"type": "public-key",
"id": "cr-6uunn-bm6ja-f6rmod5kqrk5rbel"
}
],
"otpUrl": "<string>",
"allowedRecoveryCredentials": [
{
"id": "<string>",
"encryptedRecoveryKey": "<string>"
}
],
"rp": {
"id": "<string>",
"name": "<string>"
}
}Documentation Index
Fetch the complete documentation index at: https://docs.dfns.co/llms.txt
Use this file to discover all available pages before exploring further.
Authentication
No authentication required.Required Permissions
No authentication required.Body
application/json
Response
200 - application/json
Success
Show child attributes
Show child attributes
Show child attributes
Show child attributes
Show child attributes
Show child attributes
Identifies the information needed to verify the user's signing certificate; can be one of the following:
- none: indicates no attestation data is required
- indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
- direct: indicates the attestation data must be given and should be generated by the authenticator
- enterprise: indicates the attestation data should include information to uniquely identify the user's device
Available options:
none, indirect, direct, enterprise Show child attributes
Show child attributes
Show child attributes
Show child attributes
Show child attributes
Show child attributes
Show child attributes
Show child attributes
Last modified on May 11, 2026
Was this page helpful?
⌘I
Assistant
Responses are generated using AI and may contain mistakes.