Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.dfns.co/llms.txt

Use this file to discover all available pages before exploring further.

Request signing

All state-changing requests made to the Dfns API must be cryptographically signed. The SDK handles this automatically when you configure a signer.
For a detailed explanation of request signing and User Action Challenges, see Signing requests.

Authentication tokens

The client requires a valid authToken. See Required headers for details on obtaining tokens.

KeySigner configuration

The KeySigner class provides factory methods for each supported key type. Each method takes a credential ID and the private key bytes: 
import co.dfns.sdk.auth.*;

// Ed25519 — raw 32-byte seed
Signer signer = KeySigner.fromEd25519PrivateKey("cr-...", ed25519Seed);

// ECDSA P-256 — PKCS#8 DER encoded
Signer signer = KeySigner.fromEcdsaP256PrivateKey("cr-...", p256DerBytes);

// secp256k1 — raw 32-byte big-endian scalar
Signer signer = KeySigner.fromSecp256k1PrivateKey("cr-...", secp256k1Bytes);

// RSA — PKCS#8 DER encoded
Signer signer = KeySigner.fromRsaPrivateKey("cr-...", rsaDerBytes);
ParameterDescription
credentialIdID of the credential registered with your token. Find it in the Dfns Dashboard under Settings > Service Accounts or Settings > Personal Access Tokens.
privateKeyBytesPrivate key bytes in the format expected by the factory method (see table below).
Factory methodKey format
fromEd25519PrivateKeyRaw 32-byte seed
fromEcdsaP256PrivateKeyPKCS#8 DER encoded
fromSecp256k1PrivateKeyRaw 32-byte big-endian scalar
fromRsaPrivateKeyPKCS#8 DER encoded
If you have a PEM file, strip the header/footer lines and Base64-decode the content to get the DER bytes.

Sync vs async clients

The SDK provides both synchronous and asynchronous clients: 
import co.dfns.sdk.*;

DfnsClientConfig config = DfnsClientConfig.builder()
    .authToken("your-auth-token")
    .signer(signer)
    .build();

// Synchronous
try (DfnsClient client = new DfnsClient(config)) {
    var wallets = client.wallets.listWallets(new co.dfns.sdk.wallets.model.ListWalletsQuery());
}

// Asynchronous — methods return CompletableFuture
try (DfnsAsyncClient asyncClient = new DfnsAsyncClient(config)) {
    var walletsFuture = asyncClient.wallets.listWallets(new co.dfns.sdk.wallets.model.ListWalletsQuery());
    var wallets = walletsFuture.join();
}

Available API domains

The client provides typed access to all Dfns API domains:
DomainDescription
client.walletsWallet creation, listing, and management
client.keysKey management operations
client.policiesPolicy rules and approvals
client.permissionsAccess control and permissions
client.webhooksWebhook configuration
client.signersSigner management
client.stakingStaking operations
client.networksNetwork information
client.exchangesExchange integrations
client.feeSponsorsFee sponsorship
client.swapsToken swap operations
client.agreementsAgreement management
client.allocationsAllocation management
client.authAuthentication helpers
client.payoutsPayout operations

Error handling

import co.dfns.sdk.*;

try {
    var wallet = client.wallets.getWallet("invalid-wallet-id");
} catch (DfnsException e) {
    System.out.printf("HTTP %d: %s (code: %s, requestId: %s)%n",
        e.getHttpStatus(),
        e.getErrorMessage(),
        e.getDfnsErrorCode(),
        e.getRequestId());
}
Last modified on May 15, 2026