Authentication Token to authenticate your application, and a User Action Signature to prove end-user consent.
🔑 Token 1: The Login Token
TheAuthentication Token is like your API key, proving that requests are coming from a legitimate source. You must include this token in the Authorization header for every API call.
How to Get It
Follow one of the authentication flows. The easiest way: create a service account and use it in your backend to call our API. This token answers the question: “Is my application allowed to talk to Dfns?”For a step-by-step guide on creating credentials and generating your first token, see the Dfns API using a service account tutorial.
✍️ Token 2: The User Action Signature
For any sensitive operation —like creating a key, initiating a transaction, or registering a wallet— you need a second token. TheUser Action Signature is a signed challenge that proves a user with a registered passkey has explicitly approved the action.
This token is sent in the X-DFNS-USERACTION header and is required for most POST, PUT, and DELETE requests.
Think of it like a bank transaction:
- The
Authentication Tokenis the bank teller’s ID, allowing them to access the banking system. - The
User Action Signatureis the customer’s signed withdrawal slip, authorizing a specific transaction.
To learn how to generate and use this signature, see the detailed User Action Signature Guide.
Next Steps & Resources
Now that you understand the core authentication concepts, you’re ready to dive in.Recommended Guides
Credentials
Learn how to register users and their passkeys with Dfns.
Wallet Delegation
Understand how you can offer non-custodial wallets to your end users.
Signing Requests
Generate User Action Signature.
Webhooks
Set up webhooks to receive real-time updates on your operations.