Skip to main content
End-user wallets allow your application’s users to own and control their digital assets while you provide the wallet infrastructure. For background on the architecture and trade-offs, see delegated wallets.

What you’ll need

Start on a testnet network to test the full flow before going to production. Create wallets on any supported testnet — the delegation and signing flows work identically.

Components to configure

End-user registration

Register end users with Dfns so they can create a passkey. Two methods are available: delegated registration (your service account creates users — recommended for full control) or social registration (users authenticate with Google directly — simpler but less flexible).

Wallet creation and delegation

Create wallets and delegate them to your end users — either during registration or as a separate step. After delegation:
  • Only the end user can authorize transactions via their passkey
  • Your organization cannot move the funds
  • Your organization cannot apply policies or controls to the wallet
Policies do not apply to delegated wallets. By design, delegated wallets bypass the policy engine — the end user has full control without organizational approval requirements.

User login and actions

Authenticate returning users and let them perform transactions. Write operations require the user to sign with their passkey.

User recovery

End users may need to recover access if they lose their device. Implement recovery flows that allow users to register a new passkey.
See the implementing delegated wallets guide for step-by-step code examples covering all four components, and the recovery guide for recovery implementation.

Security best practices

Permissions, policies, and security controls

Payment processing

Deposits and transfers
Last modified on March 2, 2026