Import Key

curl --request POST \
  --url https://api.dfns.io/keys/import \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '
{
  "curve": "ed25519",
  "protocol": "CGGMP24",
  "minSigners": 123,
  "encryptedKeyShares": [
    {
      "signerId": "<string>",
      "encryptedKeyShare": "<string>"
    }
  ],
  "name": "<string>",
  "masterKey": true
}
'

{
  "id": "<string>",
  "scheme": "DH",
  "curve": "ed25519",
  "publicKey": "<string>",
  "status": "Active",
  "custodial": true,
  "dateCreated": "<string>",
  "masterKey": true,
  "derivedFrom": {
    "keyId": "key-01snl-t56gb-j8tsok0vn802p80i",
    "path": "<string>"
  },
  "name": "<string>",
  "imported": true,
  "exported": true,
  "dateExported": "<string>",
  "dateDeleted": "<string>"
}

Import Key

Dfns secures private keys by generating them as MPC key shares in our decentralized key management network. This happens by default when you create a key or wallet.

In some circumstances, however, you may need to import an existing private key into Dfns infrastructure, instead of creating a brand new wallet with Dfns and transfer funds to it. As an example, you might want to keep an existing wallet if its address is tied to a smart contract which you don’t want to re-deploy.

In such a case, Dfns exposes this key import API endpoint, which can be used in conjunction with our import SDK. Note this is intended to be used only to migrate wallets when first onboarding onto the Dfns platform.

Dfns can not guarantee the security of imported wallets, as we have no way to control who had access to the private key prior to import. For this reason, this feature is restricted to Enterprise customers who have signed a contractual addendum limiting our liability for imported keys. Please contact your sales representative for more information.

POST

keys

import

Import Key

curl --request POST \
  --url https://api.dfns.io/keys/import \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '
{
  "curve": "ed25519",
  "protocol": "CGGMP24",
  "minSigners": 123,
  "encryptedKeyShares": [
    {
      "signerId": "<string>",
      "encryptedKeyShare": "<string>"
    }
  ],
  "name": "<string>",
  "masterKey": true
}
'

{
  "id": "<string>",
  "scheme": "DH",
  "curve": "ed25519",
  "publicKey": "<string>",
  "status": "Active",
  "custodial": true,
  "dateCreated": "<string>",
  "masterKey": true,
  "derivedFrom": {
    "keyId": "key-01snl-t56gb-j8tsok0vn802p80i",
    "path": "<string>"
  },
  "name": "<string>",
  "imported": true,
  "exported": true,
  "dateExported": "<string>",
  "dateDeleted": "<string>"
}

Authentication

✅ Organization User (CustomerEmployee)
✅ Delegated User (EndUser)
✅ Service Account

Required Permissions

Keys:Import: Always required.

Authorizations

Authorization

string

header

required

Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows

X-DFNS-USERACTION

string

header

required

User Action Signature: Used to sign the change-inducing API requests. More details how to generate the token: User Action Signing flows

Body

application/json

curve

enum<string>

required

Available options:

ed25519,

secp256k1,

stark

protocol

required

Available options:

CGGMP24,

FROST,

FROST_BITCOIN,

GLOW20_DH,

KU23

minSigners

integer

required

encryptedKeyShares

object[]

required

Minimum array length: 1

Show child attributes

encryptedKeyShares.signerId

string

required

Minimum string length: 1

name

string

Maximum string length: 100

masterKey

boolean

Specify to create an extended master key for HD derivation

Response

200 - application/json

Success

string

required

scheme

enum<string>

required

Available options:

DH,

ECDSA,

EdDSA,

Schnorr

curve

enum<string>

required

Available options:

ed25519,

secp256k1,

stark

publicKey

string

required

status

enum<string>

required

Available options:

Active,

Archived

custodial

boolean

required

dateCreated

string

required

masterKey

boolean

derivedFrom

object

Show child attributes

derivedFrom.keyId

string

required

Key id.

Required string length: 1 - 64

Example:

"key-01snl-t56gb-j8tsok0vn802p80i"

derivedFrom.path

string

required

name

string

imported

boolean

exported

boolean

dateExported

string

dateDeleted

string

Export Key

Key created

⌘I

API Authorization

Identity & Access Management

Wallets & Transactions

Management

Webhooks

Import Key

Authentication

Required Permissions

Authorizations

Body

Response

API Authorization

Identity & Access Management

Wallets & Transactions

Management

Webhooks

​Authentication

​Required Permissions

Authorizations

Body

Response

Authentication

Required Permissions