Authentication Token
to authenticate your application, and a User Action Signature
to prove end-user consent.
🔑 Token 1: The Login Token
TheAuthentication Token
is like your API key, proving that requests are coming from a legitimate source. You must include this token in the Authorization
header for every API call.
How to Get It
Follow one of the authentication flows. The easiest way: create a service account and use it in your backend to call our API. This token answers the question: “Is my application allowed to talk to Dfns?”For a step-by-step guide on creating credentials and generating your first token, see the Dfns API using a service account tutorial.
✍️ Token 2: The User Action Signature
For any sensitive operation —like creating a key, initiating a transaction, or registering a wallet— you need a second token. TheUser Action Signature
is a signed challenge that proves a user with a registered passkey has explicitly approved the action.
This token is sent in the X-DFNS-USERACTION
header and is required for most POST
, PUT
, and DELETE
requests.
Think of it like a bank transaction:
- The
Authentication Token
is the bank teller’s ID, allowing them to access the banking system. - The
User Action Signature
is the customer’s signed withdrawal slip, authorizing a specific transaction.
To learn how to generate and use this signature, see the detailed User Action Signature Guide.
Next Steps & Resources
Now that you understand the core authentication concepts, you’re ready to dive in.Recommended Guides
User Credentials
Learn how to register users and their passkeys with Dfns.
Wallet Delegation
Understand how you can offer non-custodial wallets to your end users.
Signing Requests
Generate User Action Signature.
Webhooks
Set up webhooks to receive real-time updates on your operations.