Skip to main content
POST
/
permissions
Create Permission
curl --request POST \
  --url https://api.dfns.io/permissions \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '
{
  "name": "<string>",
  "operations": [
    "Registry:Addresses:Create"
  ]
}
'
{
  "id": "pm-37vj4-jkr4l-lc9945spfftkne57",
  "name": "<string>",
  "operations": [
    "<string>"
  ],
  "status": "Active",
  "isImmutable": true,
  "isArchived": true,
  "dateCreated": "2023-04-14T20:41:28.715Z",
  "dateUpdated": "2023-04-14T20:41:28.715Z"
}

Authentication

✅ Organization User (CustomerEmployee)
✅ Delegated User (EndUser)
✅ Service Account

Required Permissions

Permissions:Create: Always required.

Authorizations

Authorization
string
header
required

Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows

X-DFNS-USERACTION
string
header
required

User Action Signature: Used to sign the change-inducing API requests. More details how to generate the token: User Action Signing flows

Body

application/json
name
string
required

Human-readable name for the permission (role).

Required string length: 1 - 100
operations
enum<string>[]
required

List of API operations this permission grants access to. See Permissions List for available operations.

Minimum array length: 1
Available options:
Registry:Addresses:Create,
Registry:Addresses:Delete,
Registry:Addresses:Read,
Registry:Addresses:Update,
Registry:ContractSchemas:Create,
Registry:ContractSchemas:Delete,
Registry:ContractSchemas:Read,
Auth:Logs:Read,
Auth:Users:Create,
Auth:Users:Read,
Auth:Users:Update,
Auth:Users:Activate,
Auth:Users:Deactivate,
Auth:Users:Delete,
Auth:ServiceAccounts:Create,
Auth:ServiceAccounts:Read,
Auth:ServiceAccounts:Update,
Auth:ServiceAccounts:Deactivate,
Auth:ServiceAccounts:Activate,
Auth:ServiceAccounts:Delete,
Auth:Pats:Create,
Auth:Register:Delegated,
Auth:Login:Delegated,
Auth:Recover:Delegated,
Agreements:Acceptance:Create,
Agreements:Acceptance:Read,
Events:Read,
Exchanges:Create,
Exchanges:Read,
Exchanges:Delete,
Exchanges:Deposits:Create,
Exchanges:Withdrawals:Create,
FeeSponsors:Create,
FeeSponsors:Read,
FeeSponsors:Update,
FeeSponsors:Delete,
FeeSponsors:Use,
Orgs:Read,
Orgs:Update,
Orgs:Settings:Read,
Orgs:Settings:Update,
Permissions:Archive,
Permissions:Create,
Permissions:Read,
Permissions:Update,
Permissions:Assign,
Permissions:Revoke,
Permissions:Assignments:Read,
Policies:Archive,
Policies:Create,
Policies:Read,
Policies:Update,
Policies:Approvals:Read,
Policies:Approvals:Approve,
Signers:ListSigners,
Stakes:Create,
Stakes:Read,
Stakes:Update,
Swaps:Create,
Swaps:Read,
Payouts:Create,
Payouts:Read,
Payouts:Write,
Allocations:Create,
Allocations:Update,
Allocations:Read,
Keys:Create,
Keys:Delete,
Keys:Read,
Keys:Update,
Keys:Reuse,
Keys:Delegate,
Keys:Import,
Keys:Export,
Keys:Derive,
Keys:ChildKeys:Create,
Keys:Signatures:Create,
Keys:Signatures:Read,
KeyStores:Read,
Networks:CantonValidators:Create,
Networks:CantonValidators:Read,
Networks:CantonValidators:Update,
Networks:CantonValidators:Delete,
Wallets:Create,
Wallets:Read,
Wallets:Update,
Wallets:Tags:Add,
Wallets:Tags:Delete,
Wallets:Transactions:Create,
Wallets:Transactions:Read,
Wallets:Transactions:Abort,
Wallets:Transfers:Create,
Wallets:Transfers:Read,
Wallets:Transfers:Abort,
Wallets:Offers:Read,
Wallets:Offers:Settle,
Vaults:Create,
Vaults:Read,
Vaults:Update,
Vaults:Tags:Add,
Vaults:Tags:Delete,
Webhooks:Create,
Webhooks:Read,
Webhooks:Update,
Webhooks:Delete,
Webhooks:Ping,
Webhooks:Events:Read,
Billing:Read,
Billing:Write,
Analytics:Read

Response

200 - application/json

Success

id
string
required

ID of the permission (also referred to as "role" in the dashboard).

Required string length: 1 - 64
Pattern: ^pm-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$
Example:

"pm-37vj4-jkr4l-lc9945spfftkne57"

name
string
required

Human-readable name of the permission (role).

operations
string[]
required

List of API operations this permission grants access to. See Permissions List for available operations.

status
enum<string>
required

Current status of the permission.

Available options:
Active
isImmutable
boolean
required

Whether this permission is system-managed and cannot be modified.

isArchived
boolean
required

Whether this permission has been archived (soft-deleted).

dateCreated
string<date-time>
required

ISO 8601 date (must be UTC). Date the permission was created.

Example:

"2023-04-14T20:41:28.715Z"

dateUpdated
string<date-time>
required

ISO 8601 date (must be UTC). Date the permission was last updated.

Example:

"2023-04-14T20:41:28.715Z"

Last modified on April 2, 2026