> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dfns.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Development

> Architecture and usage patterns for the server-side Dfns TypeScript SDK, including authentication, signers, wallets, transfers, and Node.js setup.

<Note>
  Checkout these autogenerated [SDK docs](https://dfns.github.io/dfns-sdk-ts/) detailing classes, methods, and types available.
</Note>

## Request signing

All state-changing requests made to the Dfns API must be cryptographically signed. The SDK handles this automatically when you configure a signer. See [backend SDK concepts](/sdks/backend#request-signing) for details.

## AsymmetricKeySigner

`AsymmetricKeySigner` in the `@dfns/sdk-keysigner` package implements `CredentialSigner` for **server-side** use.

```ts theme={null}
import { AsymmetricKeySigner } from '@dfns/sdk-keysigner'

const keySigner = new AsymmetricKeySigner({
  credId: 'X2ktMzhxaTEtZTF1bTgtOXY1cG9yY2tkZDe1dG1jYg', // Credential ID
  privateKey: process.env.DFNS_PRIVATE_KEY!, // Credential private key
})
```

| Parameter    | Description                                                                                                                                                    |
| ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `credId`     | ID of the credential registered with your token. Find it in the Dfns Dashboard under `Settings` > `Service Accounts` or `Settings` > `Personal Access Tokens`. |
| `privateKey` | PEM-formatted private key associated with the public key you registered when creating your PAT or Service Account.                                             |

## DfnsApiClient

`DfnsApiClient` is the main client for [direct signing](/sdks/backend#direct-signing). It handles the full signing flow internally.

```ts theme={null}
import { DfnsApiClient } from '@dfns/sdk'

const dfns = new DfnsApiClient({
  baseUrl: 'https://api.dfns.io',
  orgId: 'or-...',
  authToken: '...',
  signer, // an AsymmetricKeySigner
})

const wallet = await dfns.wallets.createWallet({
  body: { network: 'EthereumSepolia' },
})

const { assets } = await dfns.wallets.getWalletAssets({ walletId: wallet.id })
```

## DfnsDelegatedApiClient

`DfnsDelegatedApiClient` is the client for [delegated signing](/sdks/backend#delegated-signing). Use it when users sign from their own device using passkeys.

The difference with `DfnsApiClient`:

* No `CredentialSigner` in the constructor (signing happens externally)
* Every state-changing method is split into `init` and `complete` steps

```ts theme={null}
import { DfnsDelegatedApiClient } from '@dfns/sdk'

const dfnsDelegated = new DfnsDelegatedApiClient({
  baseUrl: 'https://api.dfns.io',
  orgId: 'or-...',
  authToken: userAuthToken,
})

const challenge = await dfnsDelegated.wallets.createWalletInit(payload)

// ... send challenge to frontend, user signs with passkey ...

const wallet = await dfnsDelegated.wallets.createWalletComplete(payload, signedChallenge)
```

## BaseAuthApi

`BaseAuthApi` provides special auth-related methods, including unauthenticated endpoints for login and registration flows.

```ts theme={null}
import { BaseAuthApi } from '@dfns/sdk/baseAuthApi'

BaseAuthApi.createUserActionChallenge()
BaseAuthApi.signUserActionChallenge()
BaseAuthApi.createUserLoginChallenge()
BaseAuthApi.createUserLogin()
BaseAuthApi.createUserRegistrationChallenge()
BaseAuthApi.createUserRegistration()
```