Dfns API Documentation
  • 👋Welcome
  • Getting Started
    • Onboarding to Dfns
    • Dfns Environments
    • Core API Objects
    • Supported Assets
    • Postman
    • Dfns SDKs
    • Dashboard Videos
  • API Docs
    • Introduction
    • Authentication
      • Delegated Authentication
        • Delegated Registration
        • Delegated Registration Restart
        • Delegated Login
      • User Action Signing
        • Create User Action Signature Challenge
        • Create User Action Signature
      • Registration
        • Create User Registration Challenge
        • Complete User Registration
        • Complete End User Registration with Wallets
        • Resend Registration Code
        • Social Registration
      • Login
        • Create User Login Challenge
        • Complete User Login
        • Social Login
        • Logout
        • Send Login Code
      • Users
        • List Users
        • Create User
        • Get User
        • Activate User
        • Deactivate User
        • Archive User
      • Service Accounts
        • List Service Accounts
        • Create Service Account
        • Get Service Account
        • Update Service Account
        • Activate Service Account
        • Deactivate Service Account
        • Archive Service Account
      • Applications
        • List Applications
        • Create Application
        • Create Server-Signed Application
        • Get Application
        • Update Application
        • Activate Application
        • Deactivate Application
        • Archive Application
      • Personal Access Tokens
        • List Personal Access Tokens
        • Create Personal Access Token
        • Get Personal Access Token
        • Update Personal Access Token
        • Activate Personal Access Token
        • Deactivate Personal Access Token
        • Archive Personal Access Token
      • Credentials
        • Credentials Overview
        • API Reference
          • Create Credential Code
          • Create Credential Challenge
          • Create Credential Challenge With Code
          • Create Credential
          • Create Credential With Code
          • Deactivate Credential
          • Activate Credential
          • List Credentials
      • Recovery
        • Send Recovery Code Email
        • Create Recovery Challenge
        • Create Delegated Recovery Challenge
        • Recover User
    • Wallets
      • Create Wallet
      • Update Wallet
      • Delegate Wallet
      • Get Wallet by ID
      • List Wallets
      • Get Wallet Assets
      • Get Wallet NFTs
      • Get Wallet History
      • Tag Wallet
      • Untag Wallet
      • Transfer Asset from Wallet
      • Get Wallet Transfer Request by ID
      • List Wallet Transfer Requests
      • Sign and Broadcast Transaction from Wallet
        • Algorand: Broadcast Transaction
        • Bitcoin/Litecoin: Broadcast Transaction
        • Cardano: Broadcast Transaction
        • EVM: Broadcast Transaction
        • Polkadot: Broadcast Transaction
        • Solana: Broadcast Transaction
        • Stellar: Broadcast Transaction
        • Tezos: Broadcast Transaction
        • TRON: Broadcast Transaction
        • XRP Ledger (aka Ripple): Broadcast Transaction
      • Get Wallet Transaction Request by ID
      • List Wallet Transaction Requests
      • Generate Signature from Wallet
        • Algorand: Generate Signature
        • Aptos: Generate Signature
        • Bitcoin/Litecoin: Generate Signature
        • Cardano: Generate Signature
        • Cosmos Appchain: Generate Signature
        • EVM: Generate Signature
        • Polkadot: Generate Signature
        • Solana: Generate Signature
        • Stellar: Generate Signature
        • Tezos: Generate Signature
        • TRON: Generate Signature
        • TON: Generate Signature
        • XRP Ledger (aka Ripple): Generate Signature
        • Pseudo Networks (All other chains): Generate Signature
      • Get Wallet Signature Request by ID
      • List Wallet Signature Requests
      • Advanced Wallet APIs
        • Import Wallet
        • Export Wallet
    • Fee Sponsors
      • Create Fee Sponsor
    • Keys
      • Create Key
      • Get Key by ID
      • List Keys
    • Networks
      • Estimate fees
      • Read Contract
    • Policy Engine
      • Policies Overview
      • API Reference
        • Create Policy
        • Get Policy
        • List Policies
        • Update Policy
        • Archive Policy
        • Get Approval
        • List Approvals
        • Create Approval Decision
    • Permissions
      • Permissions Overview
      • API Reference
        • Get Permission
        • List Permissions
        • Create Permission
        • Update Permission
        • Archive Permission
        • Assign Permission
        • Revoke Permission
        • List Permission Assignments
    • Webhooks
      • Create Webhook
      • Get Webhook
      • List Webhooks
      • Update Webhook
      • Delete Webhook
      • Ping Webhook
      • Get Webhook Event
      • List Webhook Events
    • Dfns Change Log
    • API Errors
  • Integrations
    • Exchanges
      • Exchange Configuration
        • Kraken Setup
        • Binance Setup
        • Coinbase Prime Setup
      • API Reference
        • Create Exchange
        • List Exchanges
        • Get Exchange
        • Delete Exchange
        • List Exchange Accounts
        • List Exchange Account Assets
        • Create Exchange Deposit
        • Create Exchange Withdrawal
    • AML / KYT
      • Chainalysis
    • Staking
      • API Reference
        • Create Stake
        • Create Stake Action
        • List Stakes
        • List Stake Actions
        • get Rewards
    • Fiat On/Off-Ramps
    • Account Abstraction on EVMs
  • Advanced Topics
    • Authentication
      • API Authentication
      • Request Headers
      • Credentials
        • Generate a Key Pair
        • User Credentials
        • Access Token Credentials
        • Storing WebAuthn Credentials in Password Managers
      • Request Signing
      • API objects
    • Delegated Signing
    • API Idempotency
    • FAQ
  • Guides
    • Passkey Settings - Migration guide
Powered by GitBook
On this page
  • Terminology
  • Dfns-managed Permissions
  • DfnsFullAdminAccess
  • DfnsDefaultEndUserAccess
  • List of Operations
  1. API Docs
  2. Permissions

Permissions Overview

Permissions enable you to control access to the API on a granular basis (following the principle of least privilege). As an example, if you have an employee who needs to initiate payments, but shouldn't be able to manipulate policies, you can do that.

Start by Creating a Permission with some allowed operations in it, and Assign it to a User.

Terminology

  • Permission - a Permission contains a set of Operations, and can be assigned to users (or Service-Accounts, or Applications). When assigned to a user, a Permission allows him to perform these operations in our API. Each created Permission has a unique name, and unique ID. A Permission can be assigned to one user, or to multiple users, depending on what you need.

  • Operation - an operation can be added to a Permission, and grants access to one action in the API. There is a fixed list of operations (see below) that you can include in Permissions. Every API endpoint requires one (or several) operations to use it. Eg. the endpoint Create Wallet is the operation Wallets:Create.

  • Assignment - or "Permission Assignment", is the assignment of a given Permission to a given User (or Service-Account, or Application). A permission can be assigned to a User (aka "granted"), or un-assigned from him (aka "revoked").

Dfns-managed Permissions

When your Dfns organisation is created, some Permissions already exist in it. They are special, some of them are automatically assigned, and some of them are immutable (cannot be updated or archived).

DfnsFullAdminAccess

This Permission is automatically assigned to the first User of the Organisation. It includes all existing (and future) operations available in Dfns API. It's immutable, so you cannot update it or archive it. You can only assign it or revoke it.

DfnsDefaultEndUserAccess

This unique Permission is assigned by default to any new EndUser in your organisation, and comes with an initial set of operations (which you can update at any time) allowing any EndUser to "do stuff with the wallet he owns" by default. Here are the initial set of operations in this permission:

Keys:Read
Keys:Signatures:Create
Keys:Signatures:Read
Wallets:Read
Wallets:Transactions:Create
Wallets:Transactions:Read
Wallets:Transfers:Create
Wallets:Transfers:Read

Note: regardless of Permissions, by design, an EndUser can never access any wallet that he doesn't own. So this permission does not allow your end-users to access any of your org wallets (aka "custodial" wallets)

This permission is meant to facilitate end-user permission management. Since all your end users have this permission assigned by default, you don't necessarily need to explicitly grant them other permissions to allow them to use their wallets, and you only need to modify this one permission to affect all your end users at once.

This permission is not immutable, and you still have full-control over it (update operations in it, un-assign it, deactivate it, though these last two are probably edge-cases)

List of Operations

Here's a list of all operations available in Dfns API:

[
  'Auth:Action:Sign', // only needed for Apps, not for users
  'Auth:Apps:Create',
  'Auth:Apps:Read',
  'Auth:Apps:Update',
  'Auth:Creds:Create',  // only needed for Apps, not for users
  'Auth:Creds:Read',  // only needed for Apps, not for users
  'Auth:Creds:Update',
  'Auth:Creds:Code:Create',  // only needed for Apps, not for users
  'Auth:Types:Application',
  'Auth:Types:Employee',
  'Auth:Types:EndUser',
  'Auth:Types:Pat',
  'Auth:Types:ServiceAccount',
  'Auth:Users:Create',
  'Auth:Users:Delegate',
  'Auth:Users:Read',
  'Auth:Users:Update',
  'Exchanges:Create',
  'Exchanges:Read',
  'Exchanges:Delete',
  'Exchanges:Deposits:Create',
  'Exchanges:Withdrawals:Create',
  'FeeSponsors:Create',
  'FeeSponsors:Read',
  'FeeSponsors:Update',
  'FeeSponsors:Delete',
  'Orgs:Read',
  'Orgs:Update',
  'Orgs:Settings:Read',
  'Orgs:Settings:Update',
  'PermissionAssignments:Create',
  'PermissionAssignments:Read',
  'PermissionAssignments:Revoke',
  'PermissionPredicates:Archive',
  'PermissionPredicates:Create',
  'PermissionPredicates:Read',
  'PermissionPredicates:Update',
  'Permissions:Archive',
  'Permissions:Create',
  'Permissions:Read',
  'Permissions:Update',
  'Policies:Archive',
  'Policies:Create',
  'Policies:Read',
  'Policies:Update',
  'Policies:Approvals:Read',
  'Policies:Approvals:Approve',
  'Signers:ListSigners',
  'Stakes:Create',
  'Stakes:Read',
  'Stakes:Update',
  'Keys:Create',
  'Keys:Read',
  'Keys:Update',
  'Keys:Reuse',
  'Keys:Delegate',
  'Keys:Import',
  'Keys:Export',
  'Keys:Signatures:Create',
  'Keys:Signatures:Read',
  'Wallets:Create',
  'Wallets:Read',
  'Wallets:Update',
  'Wallets:Tags:Add',
  'Wallets:Tags:Delete',
  'Wallets:Transactions:Create',
  'Wallets:Transactions:Read',
  'Wallets:Transfers:Create',
  'Wallets:Transfers:Read',
  'Wallets:Delegate',
  'Wallets:Import',
  'Wallets:Export',
  'Wallets:GenerateSignature',
  'Wallets:ReadSignature',
  'Wallets:BroadcastTransaction',
  'Wallets:ReadTransaction',
  'Wallets:TransferAsset',
  'Wallets:ReadTransfer',
  'Webhooks:Create',
  'Webhooks:Read',
  'Webhooks:Update',
  'Webhooks:Delete',
  'Webhooks:Ping',
  'Webhooks:Events:Read',
  'Billing:Read',
  'Billing:Write',
]

Last updated 1 day ago