What you’ll need
- A service account for backend operations
- WebAuthn configuration for passkey collection
- A recovery flow for users who lose their device. Without one, a lost passkey means a permanently inaccessible wallet.
Components to configure
End-user registration
Register end users with DFNS so they can create a passkey. Two methods are available: delegated registration (your service account creates users, recommended for full control) or social registration (users authenticate with Google directly, simpler but less flexible).Wallet creation and delegation
Create wallets and delegate them to your end users, either during registration or as a separate step. After delegation:- Only the end user can authorize transactions via their passkey
- Your organization cannot move the funds
- Your organization cannot apply policies or controls to the wallet
User login and actions
Authenticate returning users and let them perform transactions. Write operations require the user to sign with their passkey.User recovery
End users who lose their device cannot sign with their passkey anymore. Implement a recovery flow so they can register a new credential.See the implementing delegated wallets guide for step-by-step code examples covering all four components, and the recovery guide for recovery implementation.
Related solutions
Security best practices
Permissions, policies, and security controls
Automate deposits
Deposits and transfers