Dfns API Documentation
  • 👋Welcome
  • Getting Started
    • Onboarding to Dfns
    • Dfns Environments
    • Core API Objects
    • Supported Assets
    • Postman
    • Dfns SDKs
    • Dashboard Videos
  • API Docs
    • Introduction
    • Authentication
      • Delegated Authentication
        • Delegated Registration
        • Delegated Registration Restart
        • Delegated Login
      • User Action Signing
        • Create User Action Signature Challenge
        • Create User Action Signature
      • Registration
        • Create User Registration Challenge
        • Complete User Registration
        • Complete End User Registration with Wallets
        • Resend Registration Code
        • Social Registration
      • Login
        • Create User Login Challenge
        • Complete User Login
        • Social Login
        • Logout
        • Send Login Code
      • Users
        • List Users
        • Create User
        • Get User
        • Activate User
        • Deactivate User
        • Archive User
      • Service Accounts
        • List Service Accounts
        • Create Service Account
        • Get Service Account
        • Update Service Account
        • Activate Service Account
        • Deactivate Service Account
        • Archive Service Account
      • Applications
        • List Applications
        • Create Application
        • Create Server-Signed Application
        • Get Application
        • Update Application
        • Activate Application
        • Deactivate Application
        • Archive Application
      • Personal Access Tokens
        • List Personal Access Tokens
        • Create Personal Access Token
        • Get Personal Access Token
        • Update Personal Access Token
        • Activate Personal Access Token
        • Deactivate Personal Access Token
        • Archive Personal Access Token
      • Credentials
        • Credentials Overview
        • API Reference
          • Create Credential Code
          • Create Credential Challenge
          • Create Credential Challenge With Code
          • Create Credential
          • Create Credential With Code
          • Deactivate Credential
          • Activate Credential
          • List Credentials
      • Recovery
        • Send Recovery Code Email
        • Create Recovery Challenge
        • Create Delegated Recovery Challenge
        • Recover User
    • Wallets
      • Create Wallet
      • Update Wallet
      • Delete Wallet
      • [deprecated] Delegate Wallet
      • Get Wallet by ID
      • List Wallets
      • Get Wallet Assets
      • Get Wallet NFTs
      • Get Wallet History
      • Tag Wallet
      • Untag Wallet
      • Transfer Asset
      • Get Transfer Request by ID
      • List Transfer Requests
      • Sign and Broadcast Transaction
        • Algorand
        • Aptos
        • Bitcoin / Litecoin
        • Canton
        • Cardano
        • EVM
        • Solana
        • Stellar
        • Tezos
        • TRON
        • XRP Ledger (Ripple)
      • Get Transaction Request by ID
      • List Transaction Requests
      • [deprecated] Generate Signature
      • Advanced Wallet APIs
        • Import Wallet
        • [deprecated] Export Wallet
    • Fee Sponsors
      • Create Fee Sponsor
      • Get Fee Sponsor
      • List Fee Sponsors
      • Activate Fee Sponsor
      • Deactivate Fee Sponsor
      • Delete Fee Sponsor
      • List Sponsored Fees
    • Keys
      • Create Key
      • Update Key
      • Delete Key
      • Delegate Key
      • Get Key by ID
      • List Keys
      • Generate Signature
        • Algorand
        • Aptos
        • Bitcoin / Litecoin
        • Cardano
        • Cosmos Appchain
        • EVM
        • Solana
        • Stellar
        • Substrate (Polkadot)
        • Tezos
        • TON
        • TRON
        • XRP Ledger (Ripple)
      • Get Signature Request by ID
      • List Signature Requests
      • Advanced Key APIs
        • Import Key
        • Export Key
        • Deterministic Derivation
    • Networks
      • Estimate fees
      • Read Contract
      • Validators
        • Create Validator
        • List Validators
    • Policy Engine
      • Policies Overview
      • API Reference
        • Create Policy
        • Get Policy
        • List Policies
        • Update Policy
        • Archive Policy
        • Get Approval
        • List Approvals
        • Create Approval Decision
    • Permissions
      • Permissions Overview
      • API Reference
        • Get Permission
        • List Permissions
        • Create Permission
        • Update Permission
        • Archive Permission
        • Assign Permission
        • Revoke Permission
        • List Permission Assignments
    • Webhooks
      • Create Webhook
      • Get Webhook
      • List Webhooks
      • Update Webhook
      • Delete Webhook
      • Ping Webhook
      • Get Webhook Event
      • List Webhook Events
    • Dfns Change Log
    • API Errors
  • Integrations
    • Exchanges
      • Kraken
      • Binance
      • Coinbase Prime
      • API Reference
        • Create Exchange
        • List Exchanges
        • Get Exchange
        • Delete Exchange
        • List Exchange Accounts
        • List Exchange Account Assets
        • Create Exchange Deposit
        • Create Exchange Withdrawal
    • AML / KYT
      • Chainalysis
    • Staking
      • API Reference
        • Create Stake
        • Create Stake Action
        • List Stakes
        • List Stake Actions
        • get Rewards
    • Fiat On/Off-Ramps
    • Account Abstraction on EVMs
  • Advanced Topics
    • Authentication
      • API Authentication
      • Request Headers
      • Credentials
        • Generate a Key Pair
        • User Credentials
        • Access Token Credentials
        • Storing WebAuthn Credentials in Password Managers
      • Request Signing
      • API objects
    • Delegated Signing
    • API Idempotency
    • FAQ
  • Guides
    • Passkey Settings - Migration guide
    • Keys & Multichain - Migration Guide
Powered by GitBook
On this page
  • Common Errors
  • 400 - Bad Request
  • 401 - Unauthorized
  • 403 - Forbidden
  • 500 - Internal Server Error
  • Application Management Errors
  • 400 - Bad Request
  • 404 - Not Found
  • Credential Management Errors
  • Delegated Authentication Errors
  • 400 - Bad Request
  • 401 - Unauthorized
  • User Login Errors
  • 400 - Bad Request
  • 401 - Unauthorized
  • 403 - Forbidden
  • Personal Access Token Management Errors
  • User Registration Errors
  • 400 - Bad Request
  • 401 - Unauthorized
  • Service Account Management Errors
  • User Action Signing Errors
  • 400 - Bad Request
  • 401 - Unauthorized
  • User Management Errors
  • User Recovery Errors
  • 401 - Unauthorized
  1. API Docs

API Errors

Last updated 3 months ago

Common Errors

400 - Bad Request

Nonce header is missing or invalid

All requests need to include an X-DFNS-NONCE header. See for more information.

{
  "error": {
    "message": "request nonce is missing or invalid",
  }
}
Nonce already used

The nonce specified in X-DFNS-NONCE was already used. The nonce should be uniquely generated for every request.

{
  "error": {
    "message": "request nonce has already been used"
  }
}
User Action Signature already used

The User Action Signature specified in X-DFNS-USERACTION was already used. User action signatures can only be used once.

{
  "error": {
    "message": "user action has already been used"
  }
}

401 - Unauthorized

Caller not authenticated

All requests to an authenticated endpoint need to include a JWT in the Authentication header. See for more information.

{
  "error": {
    "message": "user token is missing or invalid"
  }
}

403 - Forbidden

Caller not authenticated

Caller does not have access to the resource or endpoint

{
  "error": {
    "message": "CustomerEmployee us-24vwa-92s33-8tvqi1dg0a95megt is not authorized to perform operation (Auth:Apps:Update)"
  }
}
User Action Signature missing or invalid
{
  "error": {
    "message": "user action signature is missing or invalid"
  }
}

500 - Internal Server Error

Internal Server Error
{
  "error": {
    "message": "Internal Server Error"
  }
}

Application Management Errors

400 - Bad Request

Application cannot modify its own state

The application being deactivated needs to be different then the application specified in X-DFNS-APPID.

{
  "error": {
    "message": "application cannot modify its own state"
  }
}

404 - Not Found

Application not found

The specified application does not exist in the database.

{
  "error": {
    "message": "application not found"
  }
}

Credential Management Errors

Delegated Authentication Errors

400 - Bad Request

User account has been deactivated

The user is deactivated

{
  "error": {
    "message": "User account has been deactivated."
  }
}

401 - Unauthorized

User not found

The user cannot be found in the system

{
  "error": {
    "message": "User not found"
  }
}

User Login Errors

400 - Bad Request

User account has been deactivated

The user is deactivated

{
  "error": {
    "message": "User account has been deactivated."
  }
}

401 - Unauthorized

User not found

The user cannot be found in the system

{
  "error": {
    "message": "User not found"
  }
}
User does not have a credential that can be used for the application

There is no valid credential for the user for this application

{
  "error": {
    "message": "User does not have a credential that can be used for the application."
  }
}

403 - Forbidden

Invalid code

The One Time Code provided is invalid

{
  "error": {
    "message": "Invalid code"
  }
}

Personal Access Token Management Errors

User Registration Errors

400 - Bad Request

Registration code expired

The registration code being used is expired.

{
  "error": {
    "message": "Registration code expired"
  }
}

401 - Unauthorized

User already exists

The username used already exists in the system.

{
  "error": {
    "message": "User already exists."
  }
}

Service Account Management Errors

User Action Signing Errors

400 - Bad Request

User account has been deactivated

The user is deactivated

{
  "error": {
    "message": "User account has been deactivated."
  }
}
Challenge token is not valid

The token being used is not valid

{
  "error": {
    "message": "Challenge token is not valid."
  }
}

401 - Unauthorized

User not found

The user cannot be found in the system

{
  "error": {
    "message": "User not found"
  }
}
User does not have a credential that can be used for the application

There is no valid credential for the user for this application

{
  "error": {
    "message": "User does not have a credential that can be used for the application."
  }
}

User Management Errors

User Recovery Errors

401 - Unauthorized

Credential cannot be used as a recovery factor

The credential being used is not a recovery credential

{
  "error": {
    "message": "Credential cannot be used as a recovery factor."
  }
}

Mutating requests need to include a valid User Action Signature in the X-DFNS-USERACTION header. See for more information.

This is an unexpected error. Please try your request again. If the call continues to fail, please contact .

Errors specific to the endpoints.

Errors specific to the endpoints.

Errors specific to the endpoints.

Errors specific to the endpoints.

Errors specific to the endpoints.

Errors specific to the endpoints.

Errors specific to the endpoints.

Errors specific to the endpoints.

Errors specific to the endpoints.

Errors specific to the endpoints.

Request Headers
Request Headers
User Action Signing
support
Application Management
Credential Management
Delegated Authentication
User Login
Personal Access Token Management
User Registration
Service Account Management
User Action Signing
User Management
User Recovery