> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dfns.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Development

> Architecture and usage patterns for the Dfns Python SDK, including authentication, wallets, transfers, signing, and dependency setup.

## Request signing

All state-changing requests made to the Dfns API must be cryptographically signed. The SDK handles this automatically when you configure a signer.

<Info>
  For a detailed explanation of request signing and User Action Challenges, see [Signing requests](/guides/developers/signing-requests).
</Info>

## Authentication tokens

Both `DfnsClient` and `DfnsDelegatedClient` require a valid `auth_token`. See [Required headers](/api-reference/auth) for details on obtaining tokens.

## KeySigner configuration

The `KeySigner` signs challenges using your private key. It supports Ed25519, ECDSA (secp256k1, P-256), and RSA keys.

```python theme={null}
from dfns_sdk import KeySigner

signer = KeySigner(
    credential_id="cr-...",
    private_key=open("/path/to/private-key.pem").read(),
    app_origin="https://your-app.example.com"
)
```

| Parameter       | Description                                                                                                                                                     |
| --------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `credential_id` | ID of the credential registered with your token. Find it in the Dfns Dashboard under `Settings` > `Service Accounts` or `Settings` > `Personal Access Tokens` . |
| `private_key`   | PEM-formatted private key associated with the public key you registered when creating your PAT or Service Account.                                              |
| `app_origin`    | The application origin (relying party) registered with your organization. Defaults to `https://app.dfns.io`.                                                    |

## Available API domains

Both clients provide typed access to all Dfns API domains:

| Domain                | Description                              |
| --------------------- | ---------------------------------------- |
| `client.wallets`      | Wallet creation, listing, and management |
| `client.keys`         | Key management operations                |
| `client.policies`     | Policy rules and approvals               |
| `client.permissions`  | Access control and permissions           |
| `client.webhooks`     | Webhook configuration                    |
| `client.signers`      | Signer management                        |
| `client.staking`      | Staking operations                       |
| `client.networks`     | Network information                      |
| `client.exchanges`    | Exchange integrations                    |
| `client.fee_sponsors` | Fee sponsorship                          |
| `client.swaps`        | Token swap operations                    |
| `client.agreements`   | Agreement management                     |
| `client.allocations`  | Allocation management                    |
| `client.auth`         | Authentication helpers                   |

## Delegated signing

For implementing delegated signing flows (user passkeys or external KMS), see:

* [Delegated wallets](/advanced/delegated-wallets) - Architecture and concepts
* [Implementing delegated wallets](/guides/developers/delegated-wallets) - Implementation guide