# Complete User Registration `POST /auth/registration` Completes the user registration process and creates the user's initial credentials. The type of credentials being registered is determined by the `credentialKind` field in the nested objects (`firstFactorCredential` , `secondFactorCredential` and `RecoveryCredential`). Supported credential kinds are: * `Fido2`: User action is signed by a user's signing device using `WebAuthn`. * `Key`: User action is signed by a user's, or token's, private key. * `PasswordProtectedKey`: User action is signed by a user's, or token's, private key. The encrypted version of the private key is stored by Dfns and returns during the signing flow for the user to decrypt it. * `RecoveryKey` : Similar to `PasswordProtectedKey`, but this credential can only be used to recover an account not to sign an action or login. Once this credential is used all the other user's credentials are invalidated. {% hint style="info" %} * Request headers required. See [Request Headers](/d/advanced-topics/authentication/request-headers.md) for more information. * Temporary authentication token required. See [Registration Headers](/d/advanced-topics/authentication/request-headers.md#registration-headers) for more information. {% endhint %} ## Required Permissions None ## Request body | | | | | ---------------------------------------------------------- | -------- | ----------------------------------------------------------------------------- | | `firstFactorCredential` \* | `Object` | first factor credential that the user is registering | | `secondFactorCredential` | `Object` | `Optional` second factor credential that the user is registering | | `recoveryCredential` | `Object` | `Optional` recovery credential that can be used to recover the user's account | ### Fido2 Credential | | | | | ------------------------------------------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------- | | `credentialKind` \* | `String` | will always be `Fido2` | | `credentialInfo` \* | `Object` | | | `credentialInfo.credId` \* | `String` | base64url encoded id of the credential | | `credentialInfo.clientData` \* | `String` | base64url encoded client data object. The underlying object is the clientData object returned by the user's WebAuthn client | | `credentialInfo.attestationData` \* | `String` | base64url encoded attestation data object. The underlying object is the attestationData object returned by the user's WebAuthn client | #### Example ```json { "firstFactorCredential":{ "credentialKind":"Fido2", "credentialInfo":{ "credId":"c1QEdgnPLJargwzy3cbYKny4Q18u0hr97unXsF3DiE8", "clientData":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiTVdNME1tWTVZVFEwTURSaU56ZGhOVEZoTnpZNU9EUXdOV0k1WlRRNFkyUmhPRFppTkRrM1pUWXpPVEU1T0dZeU1EY3haakJqWXprNE1tUTVZelkxTUEiLCJvcmlnaW4iOiJodHRwczovL2FwcC5kZm5zLm5pbmphIiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ", "attestationData":"WT-zFZUBbJHfBkmhzTlPf49LTn7asLeTQKhm_riCvFgFAAAAAA" } } } ``` ### Key Credential
credentialKind *Stringwill always be Key
credentialInfo *Object
credentialInfo.credId *Stringbase64url encoded id of the credential
credentialInfo.clientData *StringClient Data JSON object, stringified and base64url-encoded
credentialInfo.attestationData *Stringbase64url encoded Attestation Data JSON string object with the users signature and public key
#### Example ```json { "firstFactorCredential":{ "credentialKind":"Key", "credentialInfo":{ "credId":"b215MVzsyKahdGIvTQm3kQhzxB_sN5sFPLdPBRocxOA=", "clientData":"eyJjaGFsbGVuZ2UiOiJZMmd0Tm1Oc2RHTXRiV05sWTNZdE9XRTRPV2QxYnpKd1lqYzBOVEp4Y2ciLCJjcm9zc09yaWdpbiI6ZmFsc2UsIm9yaWdpbiI6Imh0dHBzOi8vYXBwLmRmbnMud3RmIiwidHlwZSI6ImtleS5jcmVhdGUifQ==", "attestationData":"eyJjaGFsbGVuZ2UiOiJZMmd0Tm1Oc2RHTXRiV05sWTNZdE9XRTRPV2QxYnpKd1lqYzBOVEp4Y2ciLCJjcm9zc09yaWdpbiI6ZmFsc2UsIm9yaWdpbiI6Imh0dHBzOi8vYXBwLmRmbnMud3RmIiwidHlwZSI6ImtleS5jcmVhdGUifQ==" } } } ``` ### Password Protected Key Credential | | | | | ------------------------------------------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `credentialKind` \* | `String` | will always be `PasswordProtectedKey` | | `credentialInfo` \* | `Object` | | | `credentialInfo.credId` \* | `String` | base64url encoded id of the credential | | `credentialInfo.clientData` \* | `String` | [Client Data](/d/advanced-topics/authentication/api-objects.md#key-credential) JSON object, stringified and base64url-encoded | | `credentialInfo.attestationData` \* | `String` | base64url encoded [Attestation Data](/d/advanced-topics/authentication/api-objects.md#key-credential-1) JSON string object with the user's signature and public key | | `encryptedPrivateKey` | `String` | Encrypted private key. The user should hold the secret to decrypting this value, and that secret should never be transmitted to Dfns | #### Example ```json { "firstFactorCredential":{ "credentialKind":"PasswordProtectedKey", "credentialInfo":{ "credId":"b215MVzsyKahdGIvTQm3kQhzxB_sN5sFPLdPBRocxOA=", "clientData":"eyJjaGFsbGVuZ2UiOiJZMmd0Tm1Oc2RHTXRiV05sWTNZdE9XRTRPV2QxYnpKd1lqYzBOVEp4Y2ciLCJjcm9zc09yaWdpbiI6ZmFsc2UsIm9yaWdpbiI6Imh0dHBzOi8vYXBwLmRmbnMud3RmIiwidHlwZSI6ImtleS5jcmVhdGUifQ==", "attestationData":"eyJjaGFsbGVuZ2UiOiJZMmd0Tm1Oc2RHTXRiV05sWTNZdE9XRTRPV2QxYnpKd1lqYzBOVEp4Y2ciLCJjcm9zc09yaWdpbiI6ZmFsc2UsIm9yaWdpbiI6Imh0dHBzOi8vYXBwLmRmbnMud3RmIiwidHlwZSI6ImtleS5jcmVhdGUifQ==" }, "encryptedPrivateKey":"LsXVskHYqqrKKxBC9KvqStLEmxak5Y7NaboDDlRSIW7evUJpQTT1AYvx0EsFskmriaVb3AjTCGEv7gqUKokml1USL7+dVmrUVhV+cNWtS5AorvRuZr1FMGVKFkW1pKJhFNH2e2O661UhpyXsRXzcmksA7ZN/V37ZK7ITue0gs6I=" } } ``` ### Recovery Credential | | | | | ------------------------------------------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `credentialKind` \* | `String` | will always be `RecoveryKey` | | `credentialInfo` \* | `Object` | | | `credentialInfo.credId` \* | `String` | base64url encoded id of the credential | | `credentialInfo.clientData` \* | `String` | [Client Data](/d/advanced-topics/authentication/api-objects.md#key-credential) JSON object, stringified and base64url-encoded | | `credentialInfo.attestationData` \* | `String` | base64url encoded [Attestation Data](/d/advanced-topics/authentication/api-objects.md#key-credential-1) JSON string object with the user's signature and public key | | `encryptedPrivateKey` | `String` | `Optional` encrypted private key. The user should hold the secret to decrypting this value, and that secret should never be transmitted to Dfns | #### Example ```json { "firstFactorCredential":{ "credentialKind":"Fido2", "credentialInfo":{ "credId":"c1QEdgnPLJargwzy3cbYKny4Q18u0hr97unXsF3DiE8", "clientData":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiTVdNME1tWTVZVFEwTURSaU56ZGhOVEZoTnpZNU9EUXdOV0k1WlRRNFkyUmhPRFppTkRrM1pUWXpPVEU1T0dZeU1EY3haakJqWXprNE1tUTVZelkxTUEiLCJvcmlnaW4iOiJodHRwczovL2FwcC5kZm5zLm5pbmphIiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ", "attestationData":"eyJjaGFsbGVuZ2UiOiJZMmd0Tm1Oc2RHTXRiV05sWTNZdE9XRTRPV2QxYnpKd1lqYzBOVEp4Y2ciLCJjcm9zc09yaWdpbiI6ZmFsc2UsIm9yaWdpbiI6Imh0dHBzOi8vYXBwLmRmbnMud3RmIiwidHlwZSI6ImtleS5jcmVhdGUifQ" } }, "recoveryCredential":{ "credentialKind":"RecoveryKey", "credentialInfo":{ "credId":"GMkW0zlmcoMxI1OX0Z96LL_Mz7dgeu6vOH5_TOeGyNk", "clientData":"eyJ0eXBlIjoia2V5LmNyZWF0ZSIsImNoYWxsZW5nZSI6Ik1XTTBNbVk1WVRRME1EUmlOemRoTlRGaE56WTVPRFF3TldJNVpUUTRZMlJoT0RaaU5EazNaVFl6T1RFNU9HWXlNRGN4WmpCall6azRNbVE1WXpZMU1BIiwib3JpZ2luIjoiaHR0cHM6Ly9hcHAuZGZucy5uaW5qYSIsImNyb3NzT3JpZ2luIjpmYWxzZX0", "attestationData":"eyJwdWJsaWNLZXkiOiItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFOWNHMm1FNERXSGJ3d2xMUlNLQkxaOW02K1FzQ1xuZU9xV0poMXg1VnZSSFpNYVBMUWxScmhoZ2JIbTh1bmE0aDhTK0w1bzhzVjhIdnVqYmwzTXJBVGozUT09XG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS1cbiIsInNpZ25hdHVyZSI6IjMwNDYwMjIxMDBiZjBjZGU3ZGIyODQ0ZDhmOTIyZWQyOTNmN2E4NTVjM2U1Y2YzMjUxZjFhY2Q3M2I4MjNiNWZiOTIzZDNiY2FiMDIyMTAwY2YxM2U2ZDliY2ZiMjc3M2Q5ZDkyMDU4M2YwMWE0ODAyYmI4OTg5Y2NmZjMzNjJkYzJmN2U1ZjRmMTQzZjA2ZiJ9" }, "encryptedPrivateKey":"LsXVskHYqqrKKxBC9KvqStLEmxak5Y7NaboDDlRSIW7evUJpQTT1AYvx0EsFskmriaVb3AjTCGEv7gqUKokml1USL7+dVmrUVhV+cNWtS5AorvRuZr1FMGVKFkW1pKJhFNH2e2O661UhpyXsRXzcmksA7ZN/V37ZK7ITue0gs6I=" } } ``` ## Responses {% hint style="info" %} * See [Common Errors](https://github.com/dfns/dfns-api-docs/blob/m/getting-started/errors.md#common-errors) for common errors. * See [User Registration Errors](https://github.com/dfns/dfns-api-docs/blob/m/getting-started/errors.md#user-registration-errors) for user registration specific errors. {% endhint %} {% tabs %} {% tab title="200" %} **Success** - an object describing the user ```json { "credential": { "uuid": "cr-34514-nip9c-8bppvgqgj28dbodrc", "credentialKind": "Fido2", "name": "Default Credential" }, "user": { "id": "us-2ba0h-lvp2q-8v1860pcj1bh5irf", "username": "jdoe@example.co", "orgId": "or-34513-nip9c-8bppvgqgj28dbodrc" } } ``` {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs-legacy.dfns.co/d/api-docs/authentication/registration/completeuserregistration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.