Skip to main content
Permissions enable you to control access to the API on a granular basis (following the principle of least privilege). As an example, if you have an employee who needs to initiate payments, but shouldn’t be able to manipulate policies, you can do that. Start by Creating a Permission with some allowed operations in it, and Assign it to a User.

​
Terminology

  • Permission - a Permission contains a set of Operations, and can be assigned to users (or Service-Accounts). When assigned to a user, a Permission allows him to perform these operations in our API. Each created Permission has a unique name, and unique ID. A Permission can be assigned to one user, or to multiple users, depending on what you need.
  • Operation - an operation can be added to a Permission, and grants access to one action in the API. There is a fixed list of operations (see below) that you can include in Permissions. Every API endpoint requires one (or several) operations to use it. Eg. the endpoint Create Wallet is the operation Wallets:Create.
  • Assignment - or β€œPermission Assignment”, is the assignment of a given Permission to a given User (or Service Account). A permission can be assigned to a User (aka β€œgranted”), or un-assigned from him (aka β€œrevoked”).

​
Dfns-managed Permissions

When your Dfns organisation is created, some Permissions already exist in it. They are special, some of them are automatically assigned, and some of them are immutable (cannot be updated or archived).

​
ManagedFullAdminAccess

This Permission is automatically assigned to the first User of the Organisation. It includes all existing (and future) operations available in Dfns API. It’s immutable, so you cannot update it or archive it. You can only assign it or revoke it.

​
ManagedDefaultEndUserAccess

This unique Permission is assigned by default to any new EndUser in your organisation, and comes with an initial set of operations (which you can update at any time) allowing any EndUser to β€œdo stuff with the wallet he owns” by default. Here are the initial set of operations in this permission: 
Keys:Read
Keys:Signatures:Create
Keys:Signatures:Read
Wallets:Read
Wallets:Transactions:Create
Wallets:Transactions:Read
Wallets:Transfers:Create
Wallets:Transfers:Read
Regardless of Permissions, by design, an EndUser can never access any wallet that he doesn’t own. So this permission does not allow your end-users to access any of your org wallets (aka β€œcustodial” wallets)
This permission is meant to facilitate end-user permission management. Since all your end users have this permission assigned by default, you don’t necessarily need to explicitly grant them other permissions to allow them to use their wallets, and you only need to modify this one permission to affect all your end users at once. This permission is not immutable, and you still have full-control over it (update operations in it, un-assign it, deactivate it, though these last two are probably edge-cases)

​
List of Permission Operations

​
Agreements:Acceptance:Create

  • Record agreement acceptance (POST/agreements/{agreementId}/accept – doc)

​
Agreements:Acceptance:Read

  • Get latest unaccepted agreement (GET/agreements/latest-unaccepted – doc)

​
Allocations:Create

  • Create allocation (POST/allocations – doc)

​
Allocations:Read

  • List allocations (GET/allocations – doc)
  • List allocation actions (GET/allocations/{allocationId}/actions – doc)
  • Get allocation (GET/allocations/{allocationId} – doc)

​
Allocations:Update

  • Create allocation action (POST/allocations/{allocationId}/actions – doc)

​
Auth:Login:Delegated

  • Delegated login (POST/auth/login/delegated – doc)

​
Auth:Logs:Read

  • List audit logs (GET/auth/action/logs – doc)
  • Get audit log (GET/auth/action/logs/{id} – doc)

​
Auth:Pats:Create

  • Create personal access token (POST/auth/pats – doc)

​
Auth:Recover:Delegated

  • Create delegated recovery challenge (POST/auth/recover/user/delegated – doc)

​
Auth:Register:Delegated

  • Create delegated registration challenge (POST/auth/registration/delegated – doc)

​
Auth:ServiceAccounts:Activate

  • Activate service account (PUT/auth/service-accounts/{serviceAccountId}/activate – doc)

​
Auth:ServiceAccounts:Create

  • Create service account (POST/auth/service-accounts – doc)

​
Auth:ServiceAccounts:Deactivate

  • Deactivate service account (PUT/auth/service-accounts/{serviceAccountId}/deactivate – doc)

​
Auth:ServiceAccounts:Delete

  • Delete service account (DEL/auth/service-accounts/{serviceAccountId} – doc)

​
Auth:ServiceAccounts:Read

  • List service accounts (GET/auth/service-accounts – doc)
  • Get service account (GET/auth/service-accounts/{serviceAccountId} – doc)

​
Auth:ServiceAccounts:Update

  • Update service account (PUT/auth/service-accounts/{serviceAccountId} – doc)

​
Auth:Users:Activate

  • Activate user (PUT/auth/users/{userId}/activate – doc)

​
Auth:Users:Create

  • Create user (POST/auth/users – doc)

​
Auth:Users:Deactivate

  • Deactivate user (PUT/auth/users/{userId}/deactivate – doc)

​
Auth:Users:Delete

  • Delete user (DEL/auth/users/{userId} – doc)

​
Auth:Users:Read

  • Get user (GET/auth/users/{userId} – doc)
  • List users (GET/auth/users – doc)

​
Auth:Users:Update

  • Update user (PUT/auth/users/{userId} – doc)

​
Exchanges:Create

  • Create exchange (POST/exchanges – doc)

​
Exchanges:Delete

  • Delete exchange (DEL/exchanges/{exchangeId} – doc)

​
Exchanges:Deposits:Create

  • Create exchange deposit (POST/exchanges/{exchangeId}/accounts/{accountId}/deposits – doc)

​
Exchanges:Read

  • Get exchange (GET/exchanges/{exchangeId} – doc)
  • List exchanges (GET/exchanges – doc)
  • List accounts (GET/exchanges/{exchangeId}/accounts – doc)
  • List account assets (GET/exchanges/{exchangeId}/accounts/{accountId}/assets – doc)
  • List asset withdrawal networks (GET/exchanges/{exchangeId}/accounts/{accountId}/assets/{asset}/withdrawal-networks – doc)

​
Exchanges:Withdrawals:Create

  • Create exchange withdrawal (POST/exchanges/{exchangeId}/accounts/{accountId}/withdrawals – doc)

​
FeeSponsors:Create

  • Create fee sponsor (POST/fee-sponsors – doc)

​
FeeSponsors:Delete

  • Delete fee sponsor (DEL/fee-sponsors/{feeSponsorId} – doc)

​
FeeSponsors:Read

  • List fee sponsors (GET/fee-sponsors – doc)
  • Get fee sponsor (GET/fee-sponsors/{feeSponsorId} – doc)
  • List sponsored fees (GET/fee-sponsors/{feeSponsorId}/fees – doc)

​
FeeSponsors:Update

  • Deactivate fee sponsor (PUT/fee-sponsors/{feeSponsorId}/deactivate – doc)
  • Activate fee sponsor (PUT/fee-sponsors/{feeSponsorId}/activate – doc)

​
FeeSponsors:Use

  • Sign and broadcast transaction (POST/wallets/{walletId}/transactions – doc) Required if feeSponsorId is specified
  • Transfer asset (POST/wallets/{walletId}/transfers – doc) Required if feeSponsorId is specified

​
KeyStores:Read

  • List key stores (GET/key-stores – doc)

​
Keys:ChildKeys:Create

  • Create key (POST/keys – doc) Required if deriveFrom is specified

​
Keys:Create

  • Create key (POST/keys – doc)
  • Create wallet (POST/wallets – doc) Required if wallet creation also creates a new Key entity. This is the default behavior

​
Keys:Delegate

  • Create key (POST/keys – doc) Required if delegateTo is specified
  • Delegate key (POST/keys/{keyId}/delegate – doc)
  • Create wallet (POST/wallets – doc) Required if delegateTo is specified
  • Delegate wallet (POST/wallets/{walletId}/delegate – deprecated)

​
Keys:Delete

  • Delete key (DEL/keys/{keyId} – doc)

​
Keys:Derive

  • Derive key (POST/keys/{keyId}/derive – doc)

​
Keys:Export

  • Export key (POST/keys/{keyId}/export – doc)
  • Export wallet (POST/wallets/{walletId}/export – deprecated)

​
Keys:Import

  • Import key (POST/keys/import – doc)
  • Import wallet (POST/wallets/import – doc)

​
Keys:Read

  • List keys (GET/keys – doc)
  • Get key (GET/keys/{keyId} – doc)

​
Keys:Reuse

  • Create wallet (POST/wallets – doc) Required if signingKey.id is specified. Wallet will reuse an existing key instead of creating a new one

​
Keys:Signatures:Create

  • Generate signature (POST/keys/{keyId}/signatures – doc)
  • Generate signature (POST/wallets/{walletId}/signatures – deprecated)

​
Keys:Signatures:Read

  • List signatures (GET/keys/{keyId}/signatures – doc)
  • Get signature (GET/keys/{keyId}/signatures/{signatureId} – doc)
  • List signatures (GET/wallets/{walletId}/signatures – deprecated)
  • Get signature (GET/wallets/{walletId}/signatures/{signatureId} – deprecated)

​
Keys:Update

  • Update key (PUT/keys/{keyId} – doc)

​
Networks:CantonValidators:Create

  • Create canton validator (POST/networks/{network}/validators – doc)

​
Networks:CantonValidators:Delete

  • Delete canton validator (DEL/networks/{network}/validators/{validatorId} – doc)

​
Networks:CantonValidators:Read

  • Get canton validator (GET/networks/{network}/validators/{validatorId} – doc)
  • List canton validators (GET/networks/{network}/validators – doc)

​
Networks:CantonValidators:Update

  • Update canton validator (PUT/networks/{network}/validators/{validatorId} – doc)

​
Permissions:Archive

  • Delete permission (PUT/permissions/{permissionId}/archive – doc)

​
Permissions:Assign

  • Assign permission (POST/permissions/{permissionId}/assignments – doc)

​
Permissions:Assignments:Read

  • List permission assignments (GET/permissions/{permissionId}/assignments – doc)

​
Permissions:Create

  • Create permission (POST/permissions – doc)

​
Permissions:Read

  • List permissions (GET/permissions – doc)
  • Get permission (GET/permissions/{permissionId} – doc)

​
Permissions:Revoke

  • Revoke permission (DEL/permissions/{permissionId}/assignments/{assignmentId} – doc)

​
Permissions:Update

  • Update permission (PUT/permissions/{permissionId} – doc)

​
Policies:Approvals:Approve

  • Create approval decision (POST/v2/policy-approvals/{approvalId}/decisions – doc)

​
Policies:Approvals:Read

  • Get approval (GET/v2/policy-approvals/{approvalId} – doc)
  • List approvals (GET/v2/policy-approvals – doc)

​
Policies:Archive

  • Delete policy (DEL/v2/policies/{policyId} – doc)

​
Policies:Create

  • Create policy (POST/v2/policies – doc)

​
Policies:Read

  • Get policy (GET/v2/policies/{policyId} – doc)
  • List policies (GET/v2/policies – doc)

​
Policies:Update

  • Update policy (PUT/v2/policies/{policyId} – doc)

​
Signers:ListSigners

  • List signers (GET/signers – doc)

​
Stakes:Create

  • Create stake (POST/staking/stakes – doc)

​
Stakes:Read

  • List stakes (GET/staking/stakes – doc)
  • List stake actions (GET/staking/stakes/{stakeId}/actions – doc)
  • Get stakes (GET/staking/stakes/{stakeId} – doc)
  • Get stake rewards (GET/staking/stakes/{stakeId}/rewards – doc)

​
Stakes:Update

  • Create stake action (POST/staking/stakes/{stakeId}/actions – doc)

​
Swaps:Create

  • Create swap (POST/swaps – doc)

​
Swaps:Read

  • List swaps (GET/swaps – doc)
  • Get swap (GET/swaps/{swapId} – doc)

​
Wallets:Create

  • Activate wallet (POST/wallets/{walletId}/activate – doc)
  • Create wallet (POST/wallets – doc)
  • Import wallet (POST/wallets/import – doc)

​
Wallets:Offers:Read

  • Get offer (GET/wallets/{walletId}/offers/{offerId} – doc)
  • List offers (GET/wallets/{walletId}/offers – doc)

​
Wallets:Offers:Settle

  • Accept offer (PUT/wallets/{walletId}/offers/{offerId}/accept – doc)
  • Reject offer (PUT/wallets/{walletId}/offers/{offerId}/reject – doc)

​
Wallets:Read

  • List wallets (GET/wallets – doc)
  • Get wallet (GET/wallets/{walletId} – doc)
  • Get wallet assets (GET/wallets/{walletId}/assets – doc)
  • Get wallet history (GET/wallets/{walletId}/history – doc)
  • Get wallet nfts (GET/wallets/{walletId}/nfts – doc)
  • List org wallet history (GET/wallets/all/history – doc)

​
Wallets:Tags:Add

  • Create wallet (POST/wallets – doc) Required if tags are specified
  • Tag wallet (PUT/wallets/{walletId}/tags – doc)

​
Wallets:Tags:Delete

  • Untag wallet (DEL/wallets/{walletId}/tags – doc)

​
Wallets:Transactions:Create

  • Sign and broadcast transaction (POST/wallets/{walletId}/transactions – doc)

​
Wallets:Transactions:Read

  • List transactions (GET/wallets/{walletId}/transactions – doc)
  • Get transaction (GET/wallets/{walletId}/transactions/{transactionId} – doc)

​
Wallets:Transfers:Create

  • Create exchange deposit (POST/exchanges/{exchangeId}/accounts/{accountId}/deposits – doc)
  • Transfer asset (POST/wallets/{walletId}/transfers – doc)

​
Wallets:Transfers:Read

  • Get transfer (GET/wallets/{walletId}/transfers/{transferId} – doc)
  • List transfers (GET/wallets/{walletId}/transfers – doc)

​
Wallets:Update

  • Update wallet (PUT/wallets/{walletId} – doc)

​
Webhooks:Create

  • Create webhook (POST/webhooks – doc)

​
Webhooks:Delete

  • Delete webhook (DEL/webhooks/{webhookId} – doc)

​
Webhooks:Events:Read

  • Get webhook event (GET/webhooks/{webhookId}/events/{webhookEventId} – doc)
  • List webhook events (GET/webhooks/{webhookId}/events – doc)

​
Webhooks:Ping

  • Ping webhook (POST/webhooks/{webhookId}/ping – doc)

​
Webhooks:Read

  • List webhooks (GET/webhooks – doc)
  • Get webhook (GET/webhooks/{webhookId} – doc)

​
Webhooks:Update

  • Update webhook (PUT/webhooks/{webhookId} – doc)