Non-custody 1/2: Dfns API using a service account

Building your own app? Learn how to consume the Dfns APIs using a Service Account.

Once you have registered in your Dfns org and invited your Users, the next step is to create a Service Account, which you can think of as a machine user.

For more details on what service accounts are and when to use them, please refer to Service Accounts.

Prepare a key pair

Your service account will need its own key pair to sign its requests.

The easiest way to create a Public / Private Key pair is from the command line. You can use the commands shown below or see our documentation on key generation:

# Generate RSA Private Key
openssl genrsa -out rsa2048.pem 2048
# Generate the Public Key
openssl pkey -in rsa2048.pem -pubout -out rsa2048.public.pem

Create the Service Account

Navigate to Settings > Developers > Service Accounts and click "New Service Account".

Name the Service Account, copy in the public key (including begin/end lines like -----BEGIN PUBLIC KEY-----), click “Create” and 🔑 sign the action with your passkey.

Store your Service Account authentication token

The last page shows the masked Service Account JWT. Copy it to a secure location before leaving the page.

The token will not be shown later!

Use the Service Account

You now have:

A Service Account Token: use it for authentication in all your API requests.
A Private/Public key pair: use it to sign your action requests.

Congratulations! You can now make server-side API calls using your service account. Now start building your app using our Typescript SDK and specifically the Service Account sample app.

This service account will next be used to log your customers (end-users) in and let them create their own wallets on your organization.

Non-custody 2/2: customer login and delegated wallets

Last updated 9 days ago