If you are using Postman, you can fork our Postman collection.

This collection includes:

  • Dfns api endpoints

  • An environment to fill out

  • A pre-request script that handles User Action Signing for you for every POST requests.

The purpose of the pre-request script is to populate some of the required headers for authentication. If you're interested in what it does and how it works, you can check the detail of the pre-request script in the collection itself, here:


To make calls within postman you need to:

1. Create a public / private key pair

The public private key pair will be used to sign user actions within the Dfns API.

# Generate a ECDSA Private Key and the public key pair
openssl ecparam -genkey -name prime256v1 -noout -out prime256v1.pem
openssl pkey -in prime256v1.pem -pubout -out prime256v1.public.pem
2. Create a Personal Access Token or Service Account in the Dfns Dashboard

Personal access tokens can be created in the Dfns dashboard under the Settings page.

When creating a new Personal Access Token, you will need to copy the public key (in prime256v1.public.pem) you create earlier into the Public Key.

Be sure to copy the JWT, after the Personal Access Token is created, as you will need it in the next step.

3. Populate the environment in Postman

On the left pane, you should see "Environments". If you go there, there are two Postman Environments available (one to work with authv2 and one for authv1(deprecated)).

Click on the one that you want to use (authv2 is recommended), and fill out the values in there (fill the Current Value column) with the values shown in the section below.

When you're done, set this environment as "Active" (meaning it will be used when you try endpoints) by clicking on the checkmark icon next to the environment name, or by selecting it in the dropdown selector in the top-right corner of Postman window.


  • dfnsApiDomain - Domain of Dfns API. or

  • authToken - User PAT (Personal Access Token), or Service Account token

  • credentialPrivateKey - Private key of the credentials registered during PAT/Service Account creation. Copy the key including all newlines into the variable

  • applicationId - ID of the Dfns Application used

  • applicationOrigin - The Expected Origin from your Dfns Application. Also found on the Applications page on the Dfns Dashboard.

  • useAuthV2: true

Last updated