Product
API and GUI
How do Dfns APIs work?
Dfns provides a comprehensive range of RESTful APIs, seamlessly integrated into developer-friendly SDKs.
Our roadmap includes the development of GraphQL and SWIFT APIs, while we continuously enhance our SDKs by introducing support for new programming languages on a monthly basis. For more details, check out our API documentation
Does Dfns provide IP allowlisting?
Certainly! During the customer onboarding process, it is possible to establish a comprehensive organization-wide allowlist.
Does Dfns provide a dashboard/GUI?
Yes, find the dashboard of our production environment at dashboard.dfns.io and our testing environment at dashboard.dfns.ninja
Does Dfns ensure feature parity between API and GUI?
Not today, though we intend to by Q1 2024. Presently, the dashboard offers a comprehensive array of features, including wallet creation, payment initiation, transaction viewing, public key generation, WalletConnect sessions, and policy approvals.
Do I need to build my UI to use Dfns?
Dfns offers a dashboard, but the majority of our clients opt to seamlessly integrate us into their products using our APIs.
Is Dfns a white-label solution?
Yes. Most clients seamlessly integrate our API into their products, which gives them total freedom to build the UX/UI they desire.
_____________________________________________________________
Are all features accessible via API, or are some tasks still manual in the admin panel?
Our platform offers comprehensive functionality accessible via our API. This aligns perfectly with our product philosophy as a developer tool, where commands and configurations are entirely programmatic and fully editable by clients through our API. When collaborating with Dfns, you get the power to customize and control the user experience you want to provide.
_____________________________________________________________
Can I get access to the Postman collection to try the Dfns APIs?
Yes, our Postman collection is online.
Note
Our Postman collection is available here
Is the Dfns dashboard code available?
Not currently, but we have a sample app you can use.
Note
Our sample app is available here
Do clients share the same Dfns dashboard, or is it specific to each customer?
Clients get their specific dashboard. The dashboard is multi-tenant like the API.
Does Dfns provide any SDKs?
Yes, we currently have well-documented and exemplified Typescript SDK. More SDKs are scheduled on the roadmap, starting with Python.
Note
Our SDK is available here
Does Dfns provide an authentication widget?
Yes, Dfns offers different UIs including authentication widgets.
Does the system use HTTPS?
Yes, all of our APIs are accessible over HTTPS and HTTP access has been disabled.
Wallets
How do I get my wallet address and balance?
Wallet addresses are returned from GetWallet. Balances are available via GetAssets
Wallet API
Get Wallet by ID
Get Wallet Assets
Can I export my wallets with Dfns?
Yes, private key export is an available feature though we do not expose it on our public API documentation for security reasons.
Can I import my wallets with Dfns?
Yes, private key import is also available for our clients, but it is not documented in our public API documentation for security reasons. Please note that we always encourage creating new keys, but if necessary, we offer a secure import path that can only be taken in presence of the client.
What does migrating to Dfns look like?
For enhanced security, Dfns strongly advises against importing private keys, as we cannot guarantee the absence of external copies beyond our zero-trust security model. In case a client insists on importing, a highly specific, semi-automated procedure will be enforced. However, the details of this process cannot be disclosed publicly. Moreover, the client will be required to sign a legal discharge absolving Dfns from any responsibility related to safeguarding those keys against unauthorized transactions. Please email sales@dfns.co to get more information.
Contact
Please email sales@dfns.co to get more information.
Can I delete, archive, and unarchive wallets?
Due to the cryptography underpinning blockchains, wallet keys are permanent and cannot be “deleted”. Any vendor claiming to offer wallet (or key) deletion should provide verifiable proof of such action. Wallet archiving and unarchiving functionalities are part of our upcoming roadmap.
What digital assets can I store with Dfns?
Cryptocurrencies (see list here), ERC20s, NFTs, tokenized real-world assets (e.g. ERC3643), and any other blockchain-based token.
Note
Dfns API Enumerated Types
How do I transfer funds with Dfns?
Start by using Dfns API endpoints like TransferAssets
Wallets & NFTs API
Transfer Assets from Wallet
Can I create multiple addresses for the same wallet?
Yes, the public key linked to a specific wallet has the capability to accommodate addresses for any blockchain network that supports the underlying elliptic curve utilized to generate the key pair. Create the wallet using “keyECDSA” or “keyEdDSA” for the network, then use GenerateSignature
Wallets & NFTs API
Generate Signature from Wallet
What is the difference between segregated and omnibus wallets?
Omnibus wallets are a type of wallet that combines and commingles customer funds into a single blockchain key pair. Instead of creating separate key pairs for each customer, these wallets use an internal ledger to keep track of individual ownership of assets. While they offer operational efficiency, they may pose challenges in providing transparent ownership of assets.
Segregated wallets, on the other hand, are a more secure and transparent approach to wallet management. In this method, each customer is allocated a unique on-chain key pair for their funds, ensuring complete separation and traceability of assets. By maintaining individualized accounts, segregated wallets enhance security, privacy, and offer a clear audit trail for each customer's holdings.
Dfns recommends using segregated wallets to uphold the highest standards of asset protection and accountability.
Do you provide both segregated and omnibus wallets?
Dfns can be used to create both segregated and omnibus wallets, though we recommend using fully segregated wallets whenever possible.
.png)
How many wallets can I generate with Dfns?
The organization's capacity to generate wallets is determined by the chosen subscription plan (see here). Dfns offers virtually limitless opportunities for creating wallets.
Pricing Plan
See our pricing
How fast can I generate a wallet using Dfns?
The time required to create a wallet varies by the underlying elliptical curve signature scheme used by the target blockchain. Dfns strives to always generate wallets sub-second.
Do Dfns provide support for cold wallets?
Our Key Management System does not offer cold wallets (aka keys stored offline) by default. This is because our utilization of MPC and TSS eliminates the need for offline security measures, rendering them redundant and at times counterproductive. That said, clients opting for our Enterprise Plans can request support for the addition of air-gapped hardware.
How do I create unique addresses for my clients using Dfns?
Create a wallet for each target chain and share the corresponding addresses with your users, enabling them to deposit funds effortlessly. Display the deposited balance within your UI, and users can also verify it through any blockchain explorer on the public chain.
Wallets & NFTs API
Create a Wallet
How and when do I pay for gas fees?
We follow standard blockchain protocols, wherein gas fees for transactions that mutate the chain are supported by the calling wallet.
Do Dfns have a gas station feature?
We plan to introduce an automation framework in the near future which will include a “gas station” feature to ensure wallets remain sufficiently funded to execute transactions.
Do Dfns have a token price API?
For Basic and Pro Plan subscribers, our default token price data provider is Coingecko, while we rely on Kaiko for Enterprise Plan subscribers. Nevertheless, we maintain flexibility and remain agnostic to our clients' preferred market data provider. We can readily support additional providers to cater to specific client preferences if there is demand.
Can I get the transaction history?
Yes, via the Wallet History API
Wallets & NFTs API
Get Wallet History
Are there any limits to the number of API requests?
Dfns offers unlimited API calls, providing you with unrestricted access to our services.
Does Dfns offer transaction alerting and risk notifications?
Not currently, but Dfns seamlessly integrates with a wide range of anti-fraud and transaction alerting tools, including Hypernative, Hexagate, Lockchain, and more.
Does Dfns calculate gas fees?
Our API automatically estimates the gas fees required to execute transactions on Ethereum / EVMs, and incorporates them into all transactions that we send out to the blockchain.
Signing
Do Dfns provide raw signing via API?
Yes, see Generate Signature
Wallets & NFTs API
Generate signature from Wallet
Must I broadcast the signature on-chain or can Dfns do it?
We provide a BroadcastTransaction endpoint but you can also do it yourself.
Wallets & NFTs API
Broadcast Transaction from Wallet
How does Generate Signature work?
It only accepts the wallet ID and hash as parameters. Additionally, we offer a variant with EIP-712 support as shown here
Wallets & NFTs API
Generate Signature from Wallet
Can users authorize key pair sharing for signing within the same organization?
Yes. Signing authority can be shared between users, enabling a user to grant it to another through the activation of role-based permission predicates.
Permissions
Permissions Overview
Are users able to use wallets from Dfns on any Dapp?
You can use BroadcastTransaction to integrate with any smart contract function. Additionally we will support WalletConnect via a frontend proxy shortly.
Wallets & NFTs API
Broadcast Transaction from Wallet
Delegated Signing
Can I sign on behalf of end-users by authenticating with a PAT through WebAuthn?
.png)
Personal Access Tokens (PAT) cannot possess permissions surpassing those of the end-user they belong to. This contrasts with Dfns’s service accounts, equivalent to a user in the system. Nonetheless, in essence, PATs serve as supplementary credentials enabling users to perform actions programmatically.
Wallets & NFTs API
Delegated Signing
Smart Contracts
Do you provide smart contract address allowlisting?
This feature is not available today, but it's a key element on our roadmap for 2023.
What EIP/ERC Do Dfns support?
Our API offers support for ERC-20, ERC-712, ERC-1155, ERC-3643, and ERC-4337.
Do Dfns provide smart contract wallets?
No, not yet. While Dfns wallets can be used to interact with smart contract wallets like Gnosis Safe, we do not implement chain-specific smart contracts today. Dfns is a multichain wallet API.
Authentication
How does authentication work with Dfns?
Discover more about configuring Dfns's authentication service and capabilities here
API Authentication
Do Dfns support two factor authentication?
Yes, 2FA is required to authenticate to our production environment.
What login methods Do Dfns support?
Accessing the Dfns API and UI is made secure with various authentication options. You can choose from passwordless WebAuthn passkeys, face or fingerprint biometrics, Yubikeys, PIN codes, or passwords (although we generally advise against the latter for enhanced security).
Do I need to authenticate for every signature or can I enable sessions?
Authentication is mandatory for all sensitive actions (e.g. signing, wallet creation, address allowlisting, etc.). Dfns treats digital assets with the utmost security, adopting best practices akin to stringent measures used in banking. Similar to how two-factor authentication is obligatory for critical banking operations like wire transfers and adding beneficiaries, we ensure the same level of protection for sensitive actions within our environment.
If your users have easy access to biometrics, we recommend sticking with this secure method as it surpasses password entry convenience. For users without biometrics, PIN codes can serve as a fallback option on most devices.
Important to note that WebAuthn (and passkey-based authentication) does not handle sessions. It focuses on user authentication, while session management is handled separately by the web application using other methods. However, by issuing a long-lived authentication token (e.g. JWT or PAT) after the initial WebAuthn authentication, users can reduce the need for frequent re-authentication and benefit from a session-like experience. When issuing long-lived tokens, proper security measures should be implemented to prevent unauthorized access to the tokens.
Can I use other authentication providers with Dfns?
Yes. Dfns remains completely agnostic to the authentication service you opt for to grant access to your product. We seamlessly integrate with leading providers such as Auth0, Okta, Stytch, and more. It's important to note that while the chosen authentication provider will handle the creation of application-level accounts (or "user account"), the wallet creation process is exclusive to Dfns's authentication service. In other words, wallets can only be created through Dfns’s dedicated authentication service but nothing prevents you from adding authentication methods such as social login or email OTP prior to the wallet creation process to accelerate the onboarding process of your users/clients.
How do users know that I didn’t register credentials without their knowledge?
You would be responsible for building the interface to enable the user to generate credentials. However, this does not give you the ability to act on their behalf. As a service, you have the option to disclose the relationship with Dfns to your users and enable them to directly query the Dfns API to verify the information – such as listing credentials and accessing the audit log once it's available. This way, when the request originates from their browser, they can ensure that the information hasn't been tampered with by your application.
Which API initiates the transmission of a registration code to the end-user?
If you employ delegated registration/authentication for your users, they won't receive a registration code. Instead, they will encounter a registration challenge as a response to the call. You will need to share this challenge with your users, prompting them to create their credentials on their FIDO2 device. Once the challenge is signed on their device, you can then pass the signed challenge to the registered user endpoint.
What prevents me from registering my credentials instead of the end-user’s?
Nothing. You have the freedom to register a credential instead of your user, and they would rely on your good faith. That said, we maintain an audit log of all actions. In the future, it will be accessible to all allowing users to verify the registered device and confirm your actions. We are also exploring ways to prevent this form of impersonation through permissions-based controls.
Can users access their wallet only through the device on which it was created?
WebAuthn inherently supports cross-device signing, allowing users to seamlessly register and create credentials on one device, such as a mobile device, securely stored in its enclave. Later, when logging into a product via Chrome on a Mac for instance, users can easily transfer assets using WebAuthn's convenient option to sign from a different device. A quick QR code scan and a simple click for signing streamline the process, making it both user-friendly and highly secure.
Comparatively, this approach surpasses the security of solutions like Google Authenticator, which ties one-time codes to specific devices. With WebAuthn, customers gain the flexibility to create multiple credentials across various devices. For example, they can opt to sign transactions using a PIN code on their phone or leverage their laptop's fingerprint authentication for enhanced convenience and security. WebAuthn offers an innovative and adaptable solution that enhances user experience while prioritizing top-notch security measures.
How does the passkey work during login and signing?
WebAuthn and passkey-based authentication do not assume a device has biometric capabilities. Instead, they utilize the device's most secure authentication capability that is exposed, unlocking secrets in the TPM chip of the device. Dfns did not code the authentication module as it is native to the WebAuthn protocol and the device's OS.
Authorization
What is a “User” and an “End-User”?
• Users are employees or collaborators working for an Organization.
• End-users are individuals utilizing the services provided by the Organization.
How long can authorized users remain logged in?
1 day for the production environment, 30 days for the test environment.
How do I set access permissions for employees within my organization?
With our permission settings, you have full control over granting API access to your employees. Tailor access levels precisely as needed, allowing you to assign custom API permissions to individual employees based on their roles and responsibilities. Additionally, setting no access for an employee is conveniently available as the default option, ensuring you can easily manage access privileges across your organization.
Permission
Create Permission
Are end-users able to access Dfns’s dashboard?
The dashboard is exclusively accessible to Dfns users (aka founders, employees, and collaborators affiliated with the organization client of Dfns). In most instances, end-users should remain unaware of Dfns's existence.
Can a user in an organization enable another user to sign using a shared wallet?
Though not currently available, this capability can be easily added to our permissions model.
Can end-users create and link policies to their wallet without the organization?
This is not available at the moment, but we are working on it. Reach out to our CPO josh@dfns.co for more information.
Reach out to our CPO josh@dfns.co for more information.
Policy Engine
Do Dfns provide multisignatures?
We fully support multisignatures (or multisig) through our policy engine, allowing flexible configuration to mandate m out of n signatures within specified timeframes. It's important to note that this process occurs off-chain, while all data is securely recorded in immutable logs."
Policy Engine
Policy Engine Overview
How do I create an approval workflow for transactions?
The Dfns policy engine enables customers to create multiple policies and set up workflows emulating multisig transactions for instance.
Policies
Create Policy
What types of policies Do Dfns enable?
The Dfns policy engine enables clients to create workflows which emulate multisig transactions. These can be predicated on rules such as:
• Number of approvals
• Transaction amount limits
• Wallet amount limits
• Transaction frequency
• Token price
• Gas fees
Callbacks
Do Dfns enable webhooks?
Yes. More information can be found here
Callbacks
Callback Overview
Can I get notified for outside deposits?
Yes, using the PaymentReceived and PaymentConfirmed callback types. Note this is currently limited to Ethereum mainnet but we expect to add support for more chains going forward.
Callback Subscriptions
Create Callback Subscription
Blockchains
How many blockchains does Dfns support?
Dfns supports more than 30 blockchains, making it one of the most comprehensive multi-chain wallet providers. You can explore the full list of supported blockchains on our integrations page.
Blockchains Integrations
See the complete list here
What does blockchain support mean for Dfns?
Dfns supports a tiered integration strategy based on the market demand for each blockchain. For high-demand chains like Ethereum or Polygon, we implement a comprehensive "Tier 1" integration. This involves full chain indexing and direct NFT support, among other features.
In contrast, we designate as "Tier 2" or “Tier 3” chains that may not currently experience the same level of demand.
For more information, check out our SLA and Wallet API docs
For more information
Check out our SLA and Wallet API docs
What are the next blockchains on the roadmap?
Our approach is dynamic and continuously evolving due to clients frequently expressing interest in a particular blockchain and later changing their preferences. To maintain flexibility, we refrain from publicly releasing a roadmap that could lead to firm commitments.
Tokens
How many assets does Dfns support?
Dfns supports over 30 blockchains and thousands of ERC20 tokens.
Tokens integrations
See the complete list here
How fast can Dfns integrate new EVM tokens?
Integrating ERC20 tokens can be achieved within a single day.
For other EVM-native tokens that adhere to the ERC20 standard, the team needs to conduct an investigation but it typically takes only a couple of weeks, depending on the overall customer request queue.
Services
Is staking available through Dfns?
Yes, simply GenerateSignature, format, and broadcast the staking transaction on-chain.
Wallets & NFTs API
GenerateSignature
Would it be possible to stake via staking providers?
Yes. We collaborate with a wide array of staking providers, including Kiln, Figment, and more, aiming to facilitate seamless integration for our valued customers. While we work towards streamlining the process, note that the Staking API is an upcoming feature on our roadmap.
Contact
Contact sales@dfns.co to get more information.
Can I access DeFi protocols with Dfns wallets?
Yes, with GenerateSignature, you get a raw signature and can gain access to any DeFi protocol on any chain as long as it’s based on a supported elliptic curve.
For more convenience, you can also opt for BroadcastTransaction to effortlessly engage on-chain with various protocols right away (this endpoint is currently only accessible on Ethereum, EVMs and Solana, with additional chain support coming soon).
Wallets & NFTs API
GenerateSignature
What fiat on/off-ramp providers does Dfns integrate with?
Dfns seamlessly integrates with most fiat on/off ramp providers. You can find integration guides specifically for Mt Pelerin, Sardine, Ramp and more in our documentation
Integration guide
Fiat On/Offboarding
Which KYT providers does Dfns integrate with?
Dfns collaborates with leading KYT providers such as Chainalysis and Elliptic, bolstering our commitment to robust compliance measures. As part of our roadmap, we aim to further integrate these services directly into our existing transaction execution calls.
Contact
Contact sales@dfns.co to get more information.
Which KYC/B providers does Dfns integrate with?
Dfns works side-by-side with most KYC/B providers such as Onfido, Refinitiv and Trulioo. We can integrate additional vendors on demand.
Contact
Contact sales@dfns.co to get more information.
Which DeFi protocols does Dfns integrate with?
Using CreateSignature, you can access any DeFi protocol on any chain that supports our elliptic curves. Alternatively, you can use BroadcastTransaction to interact with any protocol on an EVM compatible chain today with additional chain support coming soon.
Which exchanges does Dfns integrate with?
Dfns wallets seamlessly enable fund transfers to and from all major exchanges. That said, our API currently only integrates exchange accounts with Binance, Coinbase, and Kraken. Looking ahead, our roadmap outlines further exchange integrations and we can also accommodate additional integrations upon request.
Contact
Contact sales@dfns.co to get more information.
Which NFT marketplaces does Dfns integrate with?
Dfns wallets seamlessly enable NFT transfers to and from all major marketplaces. That said, our API currently only integrates exchange accounts with OpenSea, Blur, and MagicEden. Looking ahead, our roadmap outlines further NFT marketplace integrations and we can also accommodate additional integrations upon request.
