Create Key

curl --request POST \
  --url https://api.dfns.io/keys \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '{
  "scheme": "EdDSA",
  "curve": "ed25519"
}'

{
  "id": "<string>",
  "scheme": "DH",
  "curve": "ed25519",
  "publicKey": "<string>",
  "masterKey": true,
  "derivedFrom": {
    "keyId": "key-01snl-t56gb-j8tsok0vn802p80i",
    "path": "<string>"
  },
  "name": "<string>",
  "status": "Active",
  "custodial": true,
  "dateCreated": "<string>",
  "imported": true,
  "exported": true,
  "dateExported": "<string>",
  "dateDeleted": "<string>"
}

POST

keys

curl --request POST \
  --url https://api.dfns.io/keys \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '{
  "scheme": "EdDSA",
  "curve": "ed25519"
}'

{
  "id": "<string>",
  "scheme": "DH",
  "curve": "ed25519",
  "publicKey": "<string>",
  "masterKey": true,
  "derivedFrom": {
    "keyId": "key-01snl-t56gb-j8tsok0vn802p80i",
    "path": "<string>"
  },
  "name": "<string>",
  "status": "Active",
  "custodial": true,
  "dateCreated": "<string>",
  "imported": true,
  "exported": true,
  "dateExported": "<string>",
  "dateDeleted": "<string>"
}

Authentication

✅ Organization User (CustomerEmployee)
✅ Delegated User (EndUser)
✅ Service Account

Required Permissions

Keys:Create: Always required
Keys:Delegate: Required if delegateTo is specified.
Keys:ChildKeys:Create: Required if deriveFrom is specified.

Authorizations

Authorization

string

header

required

Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows

X-DFNS-USERACTION

string

header

required

User Action Signature: Used to sign the change-inducing API requests. More details how to generate the token: User Action Signing flows

Body

application/json

scheme

enum<string>

required

Available options:

DH,

ECDSA,

EdDSA,

Schnorr

curve

enum<string>

required

Available options:

ed25519,

secp256k1,

stark

name

string

Maximum length: 100

masterKey

boolean

deriveFrom

object

Show child attributes

storeId

string

Minimum length: 1

delegateTo

string

Minimum length: 1

delayDelegation

boolean

Response

200 - application/json

Success

string

required

scheme

enum<string>

required

Available options:

DH,

ECDSA,

EdDSA,

Schnorr

curve

enum<string>

required

Available options:

ed25519,

secp256k1,

stark

publicKey

string

required

status

enum<string>

required

Available options:

Active,

Archived

custodial

boolean

required

dateCreated

string

required

masterKey

boolean

derivedFrom

object

Show child attributes

name

string

imported

boolean

exported

boolean

dateExported

string

dateDeleted

string

List Keys

Delegate Key

⌘I

API Authorization

Identity & Access Management

Wallets & Transactions

Management

Webhooks

Authentication

Required Permissions

Authorizations

Body

Response

API Authorization

Identity & Access Management

Wallets & Transactions

Management

Webhooks

​Authentication

​Required Permissions

Authorizations

Body

Response

Authentication

Required Permissions