End-user wallets allow your application’s users to own and control their digital assets while you provide the wallet infrastructure. This solution covers delegated wallet architecture, user onboarding, and wallet delegation.
What you’ll need
- Understanding of delegated signing
- Service account for backend operations
- WebAuthn implementation for passkey collection
End-user registration
Register end users with Dfns using delegated registration flows. Users authenticate through your application and create their own passkey. See the authentication guide and WebAuthn configuration.
Wallet creation
Create wallets that will be owned by end users. Your service account creates the wallet, then delegates control to the user. See the wallet creation guide and API reference.
Wallet delegation
Transfer wallet control to the end user. After delegation:
- The end user owns the wallet
- Only the end user can sign transactions
- Your organization cannot access the funds
See the delegation guide and delegated signing architecture.
Policies do not apply to delegated wallets. By design, delegated wallets bypass the policy engine - the end user has full control without organizational approval requirements.
User recovery
End users may need to recover access if they lose their device. Implement recovery flows that allow users to register a new passkey. See the recovery guide.
Architecture overview
The delegated wallet flow involves three parties:
- Your backend - Authenticates users and proxies requests to Dfns
- Your frontend - Collects passkey signatures from users
- Dfns - Manages the distributed key infrastructure
Transaction flow
When users want to transact with their delegated wallet:
Wallet model comparison
| Aspect | Org-managed | Delegated (user-managed) |
|---|
| Transaction signing | Your organization | End user |
| Policy enforcement | Yes | No |
| Recovery | You can help | User-dependent |
| User experience | Simpler | Requires passkey |
Security considerations
Your responsibilities
Even with delegated wallets, you have security responsibilities:
- Protect your service account credentials
- Secure your backend infrastructure
- Verify user identity before allowing wallet operations
User responsibilities
Users are responsible for:
- Protecting their passkeys
- Verifying transaction details
- Understanding that they control their wallet
Passkey backup
Help users understand backup options:
- iCloud Keychain (Apple devices)
- Google Password Manager (Android/Chrome)
- Hardware security keys as backup
See storing WebAuthn credentials.
