Request signing
All state-changing requests made to the Dfns API must be cryptographically signed. The SDK handles this automatically when you configure a signer.For a detailed explanation of request signing and User Action Challenges, see Signing requests.
Authentication tokens
BothDfnsClient and DfnsDelegatedClient require a valid auth_token. See Required headers for details on obtaining tokens.
KeySigner configuration
TheKeySigner signs challenges using your private key. It supports Ed25519, ECDSA (secp256k1, P-256), and RSA keys.
| Parameter | Description |
|---|---|
credential_id | ID of the credential registered with your token. Find it in the Dfns Dashboard under Settings > Service Accounts or Settings > Personal Access Tokens . |
private_key | PEM-formatted private key associated with the public key you registered when creating your PAT or Service Account. |
app_origin | The application origin (relying party) registered with your organization. Defaults to https://app.dfns.io. |
Available API domains
Both clients provide typed access to all Dfns API domains:| Domain | Description |
|---|---|
client.wallets | Wallet creation, listing, and management |
client.keys | Key management operations |
client.policies | Policy rules and approvals |
client.permissions | Access control and permissions |
client.webhooks | Webhook configuration |
client.signers | Signer management |
client.staking | Staking operations |
client.networks | Network information |
client.exchanges | Exchange integrations |
client.fee_sponsors | Fee sponsorship |
client.swaps | Token swap operations |
client.agreements | Agreement management |
client.allocations | Allocation management |
client.auth | Authentication helpers |
Delegated signing
For implementing delegated signing flows (user passkeys or external KMS), see:- Delegated wallets - Architecture and concepts
- End-user authentication - Implementation guide