@dfns/sdk 0.8.21 → 0.8.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,132 +1,217 @@
1
1
  export type ActivateCredentialBody = {
2
+ /** UUID of the credential to activate. */
2
3
  credentialUuid: string;
3
4
  };
4
5
  export type ActivateCredentialResponse = {
6
+ /** Human-readable success message. */
5
7
  message: string;
6
8
  };
7
9
  export type ActivateCredentialRequest = {
8
10
  body: ActivateCredentialBody;
9
11
  };
10
12
  export type ActivatePersonalAccessTokenParams = {
13
+ /** Token id. */
11
14
  tokenId: string;
12
15
  };
13
16
  export type ActivatePersonalAccessTokenResponse = {
17
+ /** The access token. Only returned at creation time. */
14
18
  accessToken?: string | undefined;
15
19
  dateCreated: string;
20
+ /** ID of the credential associated with the access token. */
16
21
  credId: string;
22
+ /** Whether the access token is active. */
17
23
  isActive: boolean;
18
24
  /** Access token kind. */
19
25
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
26
+ /** User id. */
20
27
  linkedUserId: string;
28
+ /** ID of the application the access token is linked to. */
21
29
  linkedAppId: string;
30
+ /** Human-readable name of the access token. */
22
31
  name: string;
32
+ /** Organization id. */
23
33
  orgId: string;
34
+ /** Permissions (roles) assigned to the access token. */
24
35
  permissionAssignments: {
36
+ /** Human-readable name of the permission (role). */
25
37
  permissionName: string;
38
+ /** ID of the permission (also referred to as "role" in the dashboard). */
26
39
  permissionId: string;
40
+ /** ID of the permission assignment. */
27
41
  assignmentId: string;
42
+ /** List of API operations granted by this permission. */
28
43
  operations?: string[] | undefined;
29
44
  }[];
45
+ /** Public key associated with the access token. */
30
46
  publicKey: string;
47
+ /** Token id. */
31
48
  tokenId: string;
32
49
  };
33
50
  export type ActivatePersonalAccessTokenRequest = ActivatePersonalAccessTokenParams;
34
51
  export type ActivateServiceAccountParams = {
52
+ /** ID of the service account. */
35
53
  serviceAccountId: string;
36
54
  };
37
55
  export type ActivateServiceAccountResponse = {
38
56
  userInfo: {
57
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
39
58
  username: string;
59
+ /** Display name of the user. */
40
60
  name: string;
41
61
  /** User id. */
42
62
  userId: string;
43
63
  /** User kind. */
44
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
64
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
65
+ /** UUID of the user's primary credential. */
45
66
  credentialUuid: string;
46
- orgId: string;
67
+ /** Organization id. */
68
+ orgId?: string | undefined;
69
+ /** Tenant id. */
70
+ tenantId?: string | undefined;
71
+ /** @deprecated - Flat list of API operations the user has access to. */
47
72
  permissions?: string[] | undefined;
73
+ /** Whether the user is active. */
48
74
  isActive: boolean;
75
+ /** Whether the user is a service account. */
49
76
  isServiceAccount: boolean;
77
+ /** Whether the user has completed registration. */
50
78
  isRegistered: boolean;
79
+ /** Permissions (roles) assigned to the user. */
51
80
  permissionAssignments: {
81
+ /** Human-readable name of the permission (role). */
52
82
  permissionName: string;
83
+ /** ID of the permission (also referred to as "role" in the dashboard). */
53
84
  permissionId: string;
85
+ /** ID of the permission assignment. */
54
86
  assignmentId: string;
87
+ /** List of API operations granted by this permission. */
55
88
  operations?: string[] | undefined;
56
89
  }[];
57
90
  };
58
91
  accessTokens: {
92
+ /** The access token. Only returned at creation time. */
59
93
  accessToken?: string | undefined;
60
94
  dateCreated: string;
95
+ /** ID of the credential associated with the access token. */
61
96
  credId: string;
97
+ /** Whether the access token is active. */
62
98
  isActive: boolean;
63
99
  /** Access token kind. */
64
100
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
101
+ /** User id. */
65
102
  linkedUserId: string;
103
+ /** ID of the application the access token is linked to. */
66
104
  linkedAppId: string;
105
+ /** Human-readable name of the access token. */
67
106
  name: string;
107
+ /** Organization id. */
68
108
  orgId: string;
109
+ /** Permissions (roles) assigned to the access token. */
69
110
  permissionAssignments: {
111
+ /** Human-readable name of the permission (role). */
70
112
  permissionName: string;
113
+ /** ID of the permission (also referred to as "role" in the dashboard). */
71
114
  permissionId: string;
115
+ /** ID of the permission assignment. */
72
116
  assignmentId: string;
117
+ /** List of API operations granted by this permission. */
73
118
  operations?: string[] | undefined;
74
119
  }[];
120
+ /** Public key associated with the access token. */
75
121
  publicKey: string;
122
+ /** Token id. */
76
123
  tokenId: string;
77
124
  }[];
78
125
  };
79
126
  export type ActivateServiceAccountRequest = ActivateServiceAccountParams;
80
127
  export type ActivateUserParams = {
128
+ /** User id. */
81
129
  userId: string;
82
130
  };
83
131
  export type ActivateUserResponse = {
132
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
84
133
  username: string;
134
+ /** Display name of the user. */
85
135
  name: string;
86
136
  /** User id. */
87
137
  userId: string;
88
138
  /** User kind. */
89
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
139
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
140
+ /** UUID of the user's primary credential. */
90
141
  credentialUuid: string;
91
- orgId: string;
142
+ /** Organization id. */
143
+ orgId?: string | undefined;
144
+ /** Tenant id. */
145
+ tenantId?: string | undefined;
146
+ /** @deprecated - Flat list of API operations the user has access to. */
92
147
  permissions?: string[] | undefined;
148
+ /** Whether the user is active. */
93
149
  isActive: boolean;
150
+ /** Whether the user is a service account. */
94
151
  isServiceAccount: boolean;
152
+ /** Whether the user has completed registration. */
95
153
  isRegistered: boolean;
154
+ /** Whether the user must authenticate via SSO. */
96
155
  isSSORequired: boolean;
156
+ /** Permissions (roles) assigned to the user. */
97
157
  permissionAssignments: {
158
+ /** Human-readable name of the permission (role). */
98
159
  permissionName: string;
160
+ /** ID of the permission (also referred to as "role" in the dashboard). */
99
161
  permissionId: string;
162
+ /** ID of the permission assignment. */
100
163
  assignmentId: string;
164
+ /** List of API operations granted by this permission. */
101
165
  operations?: string[] | undefined;
102
166
  }[];
103
167
  };
104
168
  export type ActivateUserRequest = ActivateUserParams;
169
+ export type ArchiveCredentialParams = {
170
+ credentialUuid: string;
171
+ };
172
+ export type ArchiveCredentialResponse = {};
173
+ export type ArchiveCredentialRequest = ArchiveCredentialParams;
105
174
  export type ArchivePersonalAccessTokenParams = {
175
+ /** Token id. */
106
176
  tokenId: string;
107
177
  };
108
178
  export type ArchivePersonalAccessTokenResponse = {
179
+ /** The access token. Only returned at creation time. */
109
180
  accessToken?: string | undefined;
110
181
  dateCreated: string;
182
+ /** ID of the credential associated with the access token. */
111
183
  credId: string;
184
+ /** Whether the access token is active. */
112
185
  isActive: boolean;
113
186
  /** Access token kind. */
114
187
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
188
+ /** User id. */
115
189
  linkedUserId: string;
190
+ /** ID of the application the access token is linked to. */
116
191
  linkedAppId: string;
192
+ /** Human-readable name of the access token. */
117
193
  name: string;
194
+ /** Organization id. */
118
195
  orgId: string;
196
+ /** Permissions (roles) assigned to the access token. */
119
197
  permissionAssignments: {
198
+ /** Human-readable name of the permission (role). */
120
199
  permissionName: string;
200
+ /** ID of the permission (also referred to as "role" in the dashboard). */
121
201
  permissionId: string;
202
+ /** ID of the permission assignment. */
122
203
  assignmentId: string;
204
+ /** List of API operations granted by this permission. */
123
205
  operations?: string[] | undefined;
124
206
  }[];
207
+ /** Public key associated with the access token. */
125
208
  publicKey: string;
209
+ /** Token id. */
126
210
  tokenId: string;
127
211
  };
128
212
  export type ArchivePersonalAccessTokenRequest = ArchivePersonalAccessTokenParams;
129
213
  export type ArchiveServiceAccountParams = {
214
+ /** ID of the service account. */
130
215
  serviceAccountId: string;
131
216
  };
132
217
  export type ArchiveServiceAccountQuery = {
@@ -135,43 +220,72 @@ export type ArchiveServiceAccountQuery = {
135
220
  };
136
221
  export type ArchiveServiceAccountResponse = {
137
222
  userInfo: {
223
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
138
224
  username: string;
225
+ /** Display name of the user. */
139
226
  name: string;
140
227
  /** User id. */
141
228
  userId: string;
142
229
  /** User kind. */
143
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
230
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
231
+ /** UUID of the user's primary credential. */
144
232
  credentialUuid: string;
145
- orgId: string;
233
+ /** Organization id. */
234
+ orgId?: string | undefined;
235
+ /** Tenant id. */
236
+ tenantId?: string | undefined;
237
+ /** @deprecated - Flat list of API operations the user has access to. */
146
238
  permissions?: string[] | undefined;
239
+ /** Whether the user is active. */
147
240
  isActive: boolean;
241
+ /** Whether the user is a service account. */
148
242
  isServiceAccount: boolean;
243
+ /** Whether the user has completed registration. */
149
244
  isRegistered: boolean;
245
+ /** Permissions (roles) assigned to the user. */
150
246
  permissionAssignments: {
247
+ /** Human-readable name of the permission (role). */
151
248
  permissionName: string;
249
+ /** ID of the permission (also referred to as "role" in the dashboard). */
152
250
  permissionId: string;
251
+ /** ID of the permission assignment. */
153
252
  assignmentId: string;
253
+ /** List of API operations granted by this permission. */
154
254
  operations?: string[] | undefined;
155
255
  }[];
156
256
  };
157
257
  accessTokens: {
258
+ /** The access token. Only returned at creation time. */
158
259
  accessToken?: string | undefined;
159
260
  dateCreated: string;
261
+ /** ID of the credential associated with the access token. */
160
262
  credId: string;
263
+ /** Whether the access token is active. */
161
264
  isActive: boolean;
162
265
  /** Access token kind. */
163
266
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
267
+ /** User id. */
164
268
  linkedUserId: string;
269
+ /** ID of the application the access token is linked to. */
165
270
  linkedAppId: string;
271
+ /** Human-readable name of the access token. */
166
272
  name: string;
273
+ /** Organization id. */
167
274
  orgId: string;
275
+ /** Permissions (roles) assigned to the access token. */
168
276
  permissionAssignments: {
277
+ /** Human-readable name of the permission (role). */
169
278
  permissionName: string;
279
+ /** ID of the permission (also referred to as "role" in the dashboard). */
170
280
  permissionId: string;
281
+ /** ID of the permission assignment. */
171
282
  assignmentId: string;
283
+ /** List of API operations granted by this permission. */
172
284
  operations?: string[] | undefined;
173
285
  }[];
286
+ /** Public key associated with the access token. */
174
287
  publicKey: string;
288
+ /** Token id. */
175
289
  tokenId: string;
176
290
  }[];
177
291
  };
@@ -179,26 +293,43 @@ export type ArchiveServiceAccountRequest = ArchiveServiceAccountParams & {
179
293
  query?: ArchiveServiceAccountQuery;
180
294
  };
181
295
  export type ArchiveUserParams = {
296
+ /** User id. */
182
297
  userId: string;
183
298
  };
184
299
  export type ArchiveUserResponse = {
300
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
185
301
  username: string;
302
+ /** Display name of the user. */
186
303
  name: string;
187
304
  /** User id. */
188
305
  userId: string;
189
306
  /** User kind. */
190
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
307
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
308
+ /** UUID of the user's primary credential. */
191
309
  credentialUuid: string;
192
- orgId: string;
310
+ /** Organization id. */
311
+ orgId?: string | undefined;
312
+ /** Tenant id. */
313
+ tenantId?: string | undefined;
314
+ /** @deprecated - Flat list of API operations the user has access to. */
193
315
  permissions?: string[] | undefined;
316
+ /** Whether the user is active. */
194
317
  isActive: boolean;
318
+ /** Whether the user is a service account. */
195
319
  isServiceAccount: boolean;
320
+ /** Whether the user has completed registration. */
196
321
  isRegistered: boolean;
322
+ /** Whether the user must authenticate via SSO. */
197
323
  isSSORequired: boolean;
324
+ /** Permissions (roles) assigned to the user. */
198
325
  permissionAssignments: {
326
+ /** Human-readable name of the permission (role). */
199
327
  permissionName: string;
328
+ /** ID of the permission (also referred to as "role" in the dashboard). */
200
329
  permissionId: string;
330
+ /** ID of the permission assignment. */
201
331
  assignmentId: string;
332
+ /** List of API operations granted by this permission. */
202
333
  operations?: string[] | undefined;
203
334
  }[];
204
335
  };
@@ -206,65 +337,100 @@ export type ArchiveUserRequest = ArchiveUserParams;
206
337
  export type CreateCredentialBody = {
207
338
  credentialKind: "Fido2";
208
339
  credentialInfo: {
340
+ /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
209
341
  credId: string;
342
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
210
343
  clientData: string;
344
+ /** Base64url-encoded attestation data returned by the user's WebAuthn client. */
211
345
  attestationData: string;
212
346
  };
347
+ /** Human-readable name of the credential. */
213
348
  credentialName: string;
349
+ /** Challenge identifier returned by the create credential challenge endpoint. */
214
350
  challengeIdentifier: string;
215
351
  } | {
216
352
  credentialKind: "Key";
217
353
  credentialInfo: {
354
+ /** Base64url-encoded id of the credential. */
218
355
  credId: string;
356
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
219
357
  clientData: string;
358
+ /** Base64url-encoded public key. */
220
359
  attestationData: string;
221
360
  };
361
+ /** Human-readable name of the credential. */
222
362
  credentialName: string;
363
+ /** Challenge identifier returned by the create credential challenge endpoint. */
223
364
  challengeIdentifier: string;
224
365
  } | {
225
366
  credentialKind: "PasswordProtectedKey";
226
367
  credentialInfo: {
368
+ /** Base64url-encoded id of the credential. */
227
369
  credId: string;
370
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
228
371
  clientData: string;
372
+ /** Base64url-encoded public key. */
229
373
  attestationData: string;
230
374
  };
375
+ /** User-encrypted private key. Dfns does not have the password to decrypt it. */
231
376
  encryptedPrivateKey: string;
377
+ /** Human-readable name of the credential. */
232
378
  credentialName: string;
379
+ /** Challenge identifier returned by the create credential challenge endpoint. */
233
380
  challengeIdentifier: string;
234
381
  } | {
235
382
  credentialKind: "RecoveryKey";
236
383
  credentialInfo: {
384
+ /** Base64url-encoded id of the recovery credential. */
237
385
  credId: string;
386
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
238
387
  clientData: string;
388
+ /** Base64url-encoded public key. */
239
389
  attestationData: string;
240
390
  };
391
+ /** User-encrypted private key for the recovery credential. */
241
392
  encryptedPrivateKey?: string | undefined;
393
+ /** Human-readable name of the credential. */
242
394
  credentialName: string;
395
+ /** Challenge identifier returned by the create credential challenge endpoint. */
243
396
  challengeIdentifier: string;
244
397
  } | {
245
398
  credentialKind: "Password";
246
399
  credentialInfo: {
400
+ /** User password. */
247
401
  password: string;
248
402
  };
403
+ /** Human-readable name of the credential. */
249
404
  credentialName: string;
405
+ /** Challenge identifier returned by the create credential challenge endpoint. */
250
406
  challengeIdentifier: string;
251
407
  } | {
252
408
  credentialKind: "Totp";
253
409
  credentialInfo: {
410
+ /** TOTP one-time code. */
254
411
  otpCode: string;
255
412
  };
413
+ /** Human-readable name of the credential. */
256
414
  credentialName: string;
415
+ /** Challenge identifier returned by the create credential challenge endpoint. */
257
416
  challengeIdentifier: string;
258
417
  };
259
418
  export type CreateCredentialResponse = {
260
419
  kind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
420
+ /** Credential ID from the WebAuthn authenticator (base64url). */
261
421
  credentialId: string;
422
+ /** Dfns-internal UUID of the credential. */
262
423
  credentialUuid: string;
263
424
  dateCreated: string;
425
+ /** Whether the credential is active. */
264
426
  isActive: boolean;
427
+ /** Human-readable name of the credential. */
265
428
  name: string;
429
+ /** Public key of the credential. */
266
430
  publicKey: string;
431
+ /** Relying party identifier associated with the credential. */
267
432
  relyingPartyId: string;
433
+ /** Origin where the credential was created. */
268
434
  origin: string;
269
435
  };
270
436
  export type CreateCredentialRequest = {
@@ -276,14 +442,21 @@ export type CreateCredentialChallengeBody = {
276
442
  export type CreateCredentialChallengeResponse = {
277
443
  kind: "Fido2";
278
444
  user: {
445
+ /** Base64url-encoded user handle (WebAuthn user.id). */
279
446
  id: string;
447
+ /** Display name of the user. */
280
448
  displayName: string;
449
+ /** Username of the user. */
281
450
  name: string;
282
451
  };
452
+ /** Challenge identifier to be used in the subsequent create credential request. */
283
453
  challengeIdentifier: string;
454
+ /** Challenge value to be signed by the credential. */
284
455
  challenge: string;
285
456
  rp?: {
457
+ /** ID of the WebAuthn relying party (typically a domain name). */
286
458
  id: string;
459
+ /** Human-readable name of the relying party. */
287
460
  name: string;
288
461
  } | undefined;
289
462
  authenticatorSelection: {
@@ -319,14 +492,21 @@ export type CreateCredentialChallengeResponse = {
319
492
  } | {
320
493
  kind: "Key";
321
494
  user: {
495
+ /** Base64url-encoded user handle (WebAuthn user.id). */
322
496
  id: string;
497
+ /** Display name of the user. */
323
498
  displayName: string;
499
+ /** Username of the user. */
324
500
  name: string;
325
501
  };
502
+ /** Challenge identifier to be used in the subsequent create credential request. */
326
503
  challengeIdentifier: string;
504
+ /** Challenge value to be signed by the credential. */
327
505
  challenge: string;
328
506
  rp?: {
507
+ /** ID of the WebAuthn relying party (typically a domain name). */
329
508
  id: string;
509
+ /** Human-readable name of the relying party. */
330
510
  name: string;
331
511
  } | undefined;
332
512
  /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
@@ -345,14 +525,21 @@ export type CreateCredentialChallengeResponse = {
345
525
  } | {
346
526
  kind: "PasswordProtectedKey";
347
527
  user: {
528
+ /** Base64url-encoded user handle (WebAuthn user.id). */
348
529
  id: string;
530
+ /** Display name of the user. */
349
531
  displayName: string;
532
+ /** Username of the user. */
350
533
  name: string;
351
534
  };
535
+ /** Challenge identifier to be used in the subsequent create credential request. */
352
536
  challengeIdentifier: string;
537
+ /** Challenge value to be signed by the credential. */
353
538
  challenge: string;
354
539
  rp?: {
540
+ /** ID of the WebAuthn relying party (typically a domain name). */
355
541
  id: string;
542
+ /** Human-readable name of the relying party. */
356
543
  name: string;
357
544
  } | undefined;
358
545
  /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
@@ -371,14 +558,21 @@ export type CreateCredentialChallengeResponse = {
371
558
  } | {
372
559
  kind: "RecoveryKey";
373
560
  user: {
561
+ /** Base64url-encoded user handle (WebAuthn user.id). */
374
562
  id: string;
563
+ /** Display name of the user. */
375
564
  displayName: string;
565
+ /** Username of the user. */
376
566
  name: string;
377
567
  };
568
+ /** Challenge identifier to be used in the subsequent create credential request. */
378
569
  challengeIdentifier: string;
570
+ /** Challenge value to be signed by the credential. */
379
571
  challenge: string;
380
572
  rp?: {
573
+ /** ID of the WebAuthn relying party (typically a domain name). */
381
574
  id: string;
575
+ /** Human-readable name of the relying party. */
382
576
  name: string;
383
577
  } | undefined;
384
578
  /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
@@ -397,13 +591,19 @@ export type CreateCredentialChallengeResponse = {
397
591
  } | {
398
592
  kind: "Password";
399
593
  user: {
594
+ /** Base64url-encoded user handle (WebAuthn user.id). */
400
595
  id: string;
596
+ /** Display name of the user. */
401
597
  displayName: string;
598
+ /** Username of the user. */
402
599
  name: string;
403
600
  };
601
+ /** Challenge identifier to be used in the subsequent create credential request. */
404
602
  challengeIdentifier: string;
405
603
  rp?: {
604
+ /** ID of the WebAuthn relying party (typically a domain name). */
406
605
  id: string;
606
+ /** Human-readable name of the relying party. */
407
607
  name: string;
408
608
  } | undefined;
409
609
  /** @deprecated use challengeIdentifier instead */
@@ -411,15 +611,22 @@ export type CreateCredentialChallengeResponse = {
411
611
  } | {
412
612
  kind: "Totp";
413
613
  user: {
614
+ /** Base64url-encoded user handle (WebAuthn user.id). */
414
615
  id: string;
616
+ /** Display name of the user. */
415
617
  displayName: string;
618
+ /** Username of the user. */
416
619
  name: string;
417
620
  };
621
+ /** Challenge identifier to be used in the subsequent create credential request. */
418
622
  challengeIdentifier: string;
419
623
  rp?: {
624
+ /** ID of the WebAuthn relying party (typically a domain name). */
420
625
  id: string;
626
+ /** Human-readable name of the relying party. */
421
627
  name: string;
422
628
  } | undefined;
629
+ /** Provisioning URL for the TOTP authenticator. */
423
630
  otpUrl: string;
424
631
  /** @deprecated use challengeIdentifier instead */
425
632
  temporaryAuthenticationToken: string;
@@ -429,19 +636,27 @@ export type CreateCredentialChallengeRequest = {
429
636
  };
430
637
  export type CreateCredentialChallengeWithCodeBody = {
431
638
  credentialKind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
639
+ /** One-time code obtained from the create credential code endpoint. */
432
640
  code: string;
433
641
  };
434
642
  export type CreateCredentialChallengeWithCodeResponse = {
435
643
  kind: "Fido2";
436
644
  user: {
645
+ /** Base64url-encoded user handle (WebAuthn user.id). */
437
646
  id: string;
647
+ /** Display name of the user. */
438
648
  displayName: string;
649
+ /** Username of the user. */
439
650
  name: string;
440
651
  };
652
+ /** Challenge identifier to be used in the subsequent create credential request. */
441
653
  challengeIdentifier: string;
654
+ /** Challenge value to be signed by the credential. */
442
655
  challenge: string;
443
656
  rp?: {
657
+ /** ID of the WebAuthn relying party (typically a domain name). */
444
658
  id: string;
659
+ /** Human-readable name of the relying party. */
445
660
  name: string;
446
661
  } | undefined;
447
662
  authenticatorSelection: {
@@ -477,14 +692,21 @@ export type CreateCredentialChallengeWithCodeResponse = {
477
692
  } | {
478
693
  kind: "Key";
479
694
  user: {
695
+ /** Base64url-encoded user handle (WebAuthn user.id). */
480
696
  id: string;
697
+ /** Display name of the user. */
481
698
  displayName: string;
699
+ /** Username of the user. */
482
700
  name: string;
483
701
  };
702
+ /** Challenge identifier to be used in the subsequent create credential request. */
484
703
  challengeIdentifier: string;
704
+ /** Challenge value to be signed by the credential. */
485
705
  challenge: string;
486
706
  rp?: {
707
+ /** ID of the WebAuthn relying party (typically a domain name). */
487
708
  id: string;
709
+ /** Human-readable name of the relying party. */
488
710
  name: string;
489
711
  } | undefined;
490
712
  /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
@@ -503,14 +725,21 @@ export type CreateCredentialChallengeWithCodeResponse = {
503
725
  } | {
504
726
  kind: "PasswordProtectedKey";
505
727
  user: {
728
+ /** Base64url-encoded user handle (WebAuthn user.id). */
506
729
  id: string;
730
+ /** Display name of the user. */
507
731
  displayName: string;
732
+ /** Username of the user. */
508
733
  name: string;
509
734
  };
735
+ /** Challenge identifier to be used in the subsequent create credential request. */
510
736
  challengeIdentifier: string;
737
+ /** Challenge value to be signed by the credential. */
511
738
  challenge: string;
512
739
  rp?: {
740
+ /** ID of the WebAuthn relying party (typically a domain name). */
513
741
  id: string;
742
+ /** Human-readable name of the relying party. */
514
743
  name: string;
515
744
  } | undefined;
516
745
  /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
@@ -529,14 +758,21 @@ export type CreateCredentialChallengeWithCodeResponse = {
529
758
  } | {
530
759
  kind: "RecoveryKey";
531
760
  user: {
761
+ /** Base64url-encoded user handle (WebAuthn user.id). */
532
762
  id: string;
763
+ /** Display name of the user. */
533
764
  displayName: string;
765
+ /** Username of the user. */
534
766
  name: string;
535
767
  };
768
+ /** Challenge identifier to be used in the subsequent create credential request. */
536
769
  challengeIdentifier: string;
770
+ /** Challenge value to be signed by the credential. */
537
771
  challenge: string;
538
772
  rp?: {
773
+ /** ID of the WebAuthn relying party (typically a domain name). */
539
774
  id: string;
775
+ /** Human-readable name of the relying party. */
540
776
  name: string;
541
777
  } | undefined;
542
778
  /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
@@ -555,13 +791,19 @@ export type CreateCredentialChallengeWithCodeResponse = {
555
791
  } | {
556
792
  kind: "Password";
557
793
  user: {
794
+ /** Base64url-encoded user handle (WebAuthn user.id). */
558
795
  id: string;
796
+ /** Display name of the user. */
559
797
  displayName: string;
798
+ /** Username of the user. */
560
799
  name: string;
561
800
  };
801
+ /** Challenge identifier to be used in the subsequent create credential request. */
562
802
  challengeIdentifier: string;
563
803
  rp?: {
804
+ /** ID of the WebAuthn relying party (typically a domain name). */
564
805
  id: string;
806
+ /** Human-readable name of the relying party. */
565
807
  name: string;
566
808
  } | undefined;
567
809
  /** @deprecated use challengeIdentifier instead */
@@ -569,15 +811,22 @@ export type CreateCredentialChallengeWithCodeResponse = {
569
811
  } | {
570
812
  kind: "Totp";
571
813
  user: {
814
+ /** Base64url-encoded user handle (WebAuthn user.id). */
572
815
  id: string;
816
+ /** Display name of the user. */
573
817
  displayName: string;
818
+ /** Username of the user. */
574
819
  name: string;
575
820
  };
821
+ /** Challenge identifier to be used in the subsequent create credential request. */
576
822
  challengeIdentifier: string;
577
823
  rp?: {
824
+ /** ID of the WebAuthn relying party (typically a domain name). */
578
825
  id: string;
826
+ /** Human-readable name of the relying party. */
579
827
  name: string;
580
828
  } | undefined;
829
+ /** Provisioning URL for the TOTP authenticator. */
581
830
  otpUrl: string;
582
831
  /** @deprecated use challengeIdentifier instead */
583
832
  temporaryAuthenticationToken: string;
@@ -590,7 +839,9 @@ export type CreateCredentialCodeBody = {
590
839
  expiration: string | number;
591
840
  };
592
841
  export type CreateCredentialCodeResponse = {
842
+ /** One-time code that can be used to create a new credential. */
593
843
  code: string;
844
+ /** Code expiration, as an ISO-8601 datetime string or a unix timestamp. */
594
845
  expiration: string;
595
846
  };
596
847
  export type CreateCredentialCodeRequest = {
@@ -599,88 +850,136 @@ export type CreateCredentialCodeRequest = {
599
850
  export type CreateCredentialWithCodeBody = {
600
851
  credentialKind: "Fido2";
601
852
  credentialInfo: {
853
+ /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
602
854
  credId: string;
855
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
603
856
  clientData: string;
857
+ /** Base64url-encoded attestation data returned by the user's WebAuthn client. */
604
858
  attestationData: string;
605
859
  };
860
+ /** Human-readable name of the credential. */
606
861
  credentialName: string;
862
+ /** Challenge identifier returned by the create credential challenge endpoint. */
607
863
  challengeIdentifier: string;
608
864
  } | {
609
865
  credentialKind: "Key";
610
866
  credentialInfo: {
867
+ /** Base64url-encoded id of the credential. */
611
868
  credId: string;
869
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
612
870
  clientData: string;
871
+ /** Base64url-encoded public key. */
613
872
  attestationData: string;
614
873
  };
874
+ /** Human-readable name of the credential. */
615
875
  credentialName: string;
876
+ /** Challenge identifier returned by the create credential challenge endpoint. */
616
877
  challengeIdentifier: string;
617
878
  } | {
618
879
  credentialKind: "PasswordProtectedKey";
619
880
  credentialInfo: {
881
+ /** Base64url-encoded id of the credential. */
620
882
  credId: string;
883
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
621
884
  clientData: string;
885
+ /** Base64url-encoded public key. */
622
886
  attestationData: string;
623
887
  };
888
+ /** User-encrypted private key. Dfns does not have the password to decrypt it. */
624
889
  encryptedPrivateKey: string;
890
+ /** Human-readable name of the credential. */
625
891
  credentialName: string;
892
+ /** Challenge identifier returned by the create credential challenge endpoint. */
626
893
  challengeIdentifier: string;
627
894
  } | {
628
895
  credentialKind: "RecoveryKey";
629
896
  credentialInfo: {
897
+ /** Base64url-encoded id of the recovery credential. */
630
898
  credId: string;
899
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
631
900
  clientData: string;
901
+ /** Base64url-encoded public key. */
632
902
  attestationData: string;
633
903
  };
904
+ /** User-encrypted private key for the recovery credential. */
634
905
  encryptedPrivateKey?: string | undefined;
906
+ /** Human-readable name of the credential. */
635
907
  credentialName: string;
908
+ /** Challenge identifier returned by the create credential challenge endpoint. */
636
909
  challengeIdentifier: string;
637
910
  } | {
638
911
  credentialKind: "Password";
639
912
  credentialInfo: {
913
+ /** User password. */
640
914
  password: string;
641
915
  };
916
+ /** Human-readable name of the credential. */
642
917
  credentialName: string;
918
+ /** Challenge identifier returned by the create credential challenge endpoint. */
643
919
  challengeIdentifier: string;
644
920
  } | {
645
921
  credentialKind: "Totp";
646
922
  credentialInfo: {
923
+ /** TOTP one-time code. */
647
924
  otpCode: string;
648
925
  };
926
+ /** Human-readable name of the credential. */
649
927
  credentialName: string;
928
+ /** Challenge identifier returned by the create credential challenge endpoint. */
650
929
  challengeIdentifier: string;
651
930
  };
652
931
  export type CreateCredentialWithCodeResponse = {
653
932
  kind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
933
+ /** Credential ID from the WebAuthn authenticator (base64url). */
654
934
  credentialId: string;
935
+ /** Dfns-internal UUID of the credential. */
655
936
  credentialUuid: string;
656
937
  dateCreated: string;
938
+ /** Whether the credential is active. */
657
939
  isActive: boolean;
940
+ /** Human-readable name of the credential. */
658
941
  name: string;
942
+ /** Public key of the credential. */
659
943
  publicKey: string;
944
+ /** Relying party identifier associated with the credential. */
660
945
  relyingPartyId: string;
946
+ /** Origin where the credential was created. */
661
947
  origin: string;
662
948
  };
663
949
  export type CreateCredentialWithCodeRequest = {
664
950
  body: CreateCredentialWithCodeBody;
665
951
  };
666
952
  export type CreateDelegatedRecoveryChallengeBody = {
953
+ /** Username/identifier of the user to recover. */
667
954
  username: string;
955
+ /** Identifier of the recovery credential to use. */
668
956
  credentialId: string;
669
957
  };
670
958
  export type CreateDelegatedRecoveryChallengeResponse = {
671
959
  user: {
960
+ /** Base64url-encoded user handle (WebAuthn user.id). */
672
961
  id: string;
962
+ /** Display name of the user. */
673
963
  displayName: string;
964
+ /** Username of the user. */
674
965
  name: string;
675
966
  };
967
+ /** JWT used to identify the registration session when calling Complete User Registration. */
676
968
  temporaryAuthenticationToken: string;
969
+ /** Challenge to be signed by the credential being registered. */
677
970
  challenge: string;
971
+ /** Deprecated. Should not be used. */
678
972
  rp?: {
973
+ /** ID of the WebAuthn relying party (typically a domain name). */
679
974
  id: string;
975
+ /** Human-readable name of the relying party. */
680
976
  name: string;
681
977
  } | undefined;
978
+ /** Credential kinds that can be used to register the user. */
682
979
  supportedCredentialKinds: {
980
+ /** Credential kinds accepted as first factor. */
683
981
  firstFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
982
+ /** Credential kinds accepted as second factor. */
684
983
  secondFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
685
984
  };
686
985
  authenticatorSelection: {
@@ -701,19 +1000,24 @@ export type CreateDelegatedRecoveryChallengeResponse = {
701
1000
  * enterprise: indicates the attestation data should include information to uniquely identify the user's device
702
1001
  */
703
1002
  attestation: "none" | "indirect" | "direct" | "enterprise";
1003
+ /** Public key credential parameters supported for the registration. */
704
1004
  pubKeyCredParams: {
705
1005
  type: "public-key";
706
1006
  alg: number;
707
1007
  }[];
1008
+ /** Credentials to exclude from the registration (already registered for the user). */
708
1009
  excludeCredentials: {
709
1010
  /** Is always `public-key`. */
710
1011
  type: "public-key";
711
1012
  /** ID that identifies the credential. */
712
1013
  id: string;
713
1014
  }[];
1015
+ /** URL to provision a TOTP credential, when applicable. */
714
1016
  otpUrl: string;
715
1017
  allowedRecoveryCredentials: {
1018
+ /** Identifier of the recovery credential. */
716
1019
  id: string;
1020
+ /** Encrypted recovery key associated with this credential. */
717
1021
  encryptedRecoveryKey: string;
718
1022
  }[];
719
1023
  };
@@ -721,24 +1025,38 @@ export type CreateDelegatedRecoveryChallengeRequest = {
721
1025
  body: CreateDelegatedRecoveryChallengeBody;
722
1026
  };
723
1027
  export type CreateDelegatedRegistrationChallengeBody = {
1028
+ /** Username/identifier (any unique string accepted, e.g. your internal user ID or email). */
724
1029
  email: string;
1030
+ /** Must be `EndUser`. */
725
1031
  kind: "EndUser";
1032
+ /** Optional external identifier for the user, used for cross-referencing with your own systems. */
726
1033
  externalId?: string | undefined;
727
1034
  };
728
1035
  export type CreateDelegatedRegistrationChallengeResponse = {
729
1036
  user: {
1037
+ /** Base64url-encoded user handle (WebAuthn user.id). */
730
1038
  id: string;
1039
+ /** Display name of the user. */
731
1040
  displayName: string;
1041
+ /** Username of the user. */
732
1042
  name: string;
733
1043
  };
1044
+ /** JWT used to identify the registration session when calling Complete User Registration. */
734
1045
  temporaryAuthenticationToken: string;
1046
+ /** Challenge to be signed by the credential being registered. */
735
1047
  challenge: string;
1048
+ /** Deprecated. Should not be used. */
736
1049
  rp?: {
1050
+ /** ID of the WebAuthn relying party (typically a domain name). */
737
1051
  id: string;
1052
+ /** Human-readable name of the relying party. */
738
1053
  name: string;
739
1054
  } | undefined;
1055
+ /** Credential kinds that can be used to register the user. */
740
1056
  supportedCredentialKinds: {
1057
+ /** Credential kinds accepted as first factor. */
741
1058
  firstFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
1059
+ /** Credential kinds accepted as second factor. */
742
1060
  secondFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
743
1061
  };
744
1062
  authenticatorSelection: {
@@ -759,24 +1077,32 @@ export type CreateDelegatedRegistrationChallengeResponse = {
759
1077
  * enterprise: indicates the attestation data should include information to uniquely identify the user's device
760
1078
  */
761
1079
  attestation: "none" | "indirect" | "direct" | "enterprise";
1080
+ /** Public key credential parameters supported for the registration. */
762
1081
  pubKeyCredParams: {
763
1082
  type: "public-key";
764
1083
  alg: number;
765
1084
  }[];
1085
+ /** Credentials to exclude from the registration (already registered for the user). */
766
1086
  excludeCredentials: {
767
1087
  /** Is always `public-key`. */
768
1088
  type: "public-key";
769
1089
  /** ID that identifies the credential. */
770
1090
  id: string;
771
1091
  }[];
1092
+ /** URL to provision a TOTP credential, when applicable. */
772
1093
  otpUrl: string;
773
1094
  };
774
1095
  export type CreateDelegatedRegistrationChallengeRequest = {
775
1096
  body: CreateDelegatedRegistrationChallengeBody;
776
1097
  };
777
1098
  export type CreateLoginChallengeBody = {
1099
+ /** Username/identifier of the user. Optional when the user has at least one discoverable WebAuthn credential. */
778
1100
  username?: string | undefined;
779
- orgId: string;
1101
+ /** Organization id. */
1102
+ orgId?: string | undefined;
1103
+ /** Tenant id. */
1104
+ tenantId?: string | undefined;
1105
+ /** One-time login code, required when the user has a credential of kind `PasswordProtectedKey`. */
780
1106
  loginCode?: string | undefined;
781
1107
  };
782
1108
  export type CreateLoginChallengeResponse = {
@@ -786,7 +1112,9 @@ export type CreateLoginChallengeResponse = {
786
1112
  challengeIdentifier: string;
787
1113
  /** Deprecated. Should not be used. */
788
1114
  rp?: {
1115
+ /** ID of the WebAuthn relying party (typically a domain name). */
789
1116
  id: string;
1117
+ /** Human-readable name of the relying party. */
790
1118
  name: string;
791
1119
  } | undefined;
792
1120
  /** Identifies the kind of credentials that can be used to sign the user action. */
@@ -844,29 +1172,48 @@ export type CreateLoginChallengeRequest = {
844
1172
  body: CreateLoginChallengeBody;
845
1173
  };
846
1174
  export type CreatePersonalAccessTokenBody = {
1175
+ /** Human-readable name of the Personal Access Token. */
847
1176
  name: string;
848
1177
  publicKey: string;
1178
+ /** ID of the permission (also referred to as "role" in the dashboard). */
849
1179
  permissionId?: string | undefined;
1180
+ /** Value that can be used to correlate the entity with an external system. */
850
1181
  externalId?: string | undefined;
1182
+ /** Number of days the token will be valid for. */
851
1183
  daysValid?: number | undefined;
1184
+ /** Number of seconds the token will be valid for. */
852
1185
  secondsValid?: number | undefined;
853
1186
  };
854
1187
  export type CreatePersonalAccessTokenResponse = {
1188
+ /** The access token. Only returned at creation time. */
855
1189
  accessToken: string;
856
1190
  dateCreated: string;
1191
+ /** ID of the credential associated with the access token. */
857
1192
  credId: string;
1193
+ /** Whether the access token is active. */
858
1194
  isActive: boolean;
859
1195
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
1196
+ /** User id. */
860
1197
  linkedUserId: string;
1198
+ /** ID of the application the access token is linked to. */
861
1199
  linkedAppId: string;
1200
+ /** Human-readable name of the access token. */
862
1201
  name: string;
1202
+ /** Organization id. */
863
1203
  orgId: string;
1204
+ /** Public key associated with the access token. */
864
1205
  publicKey: string;
1206
+ /** Token id. */
865
1207
  tokenId: string;
1208
+ /** Permissions (roles) assigned to the access token. */
866
1209
  permissionAssignments: {
1210
+ /** Human-readable name of the permission (role). */
867
1211
  permissionName: string;
1212
+ /** ID of the permission (also referred to as "role" in the dashboard). */
868
1213
  permissionId: string;
1214
+ /** ID of the permission assignment. */
869
1215
  assignmentId: string;
1216
+ /** List of API operations granted by this permission. */
870
1217
  operations?: string[] | undefined;
871
1218
  }[];
872
1219
  };
@@ -874,25 +1221,42 @@ export type CreatePersonalAccessTokenRequest = {
874
1221
  body: CreatePersonalAccessTokenBody;
875
1222
  };
876
1223
  export type CreateRecoveryChallengeBody = {
1224
+ /** Username/identifier of the user to recover. */
877
1225
  username: string;
1226
+ /** Recovery verification code sent to the user by email. */
878
1227
  verificationCode: string;
879
- orgId: string;
1228
+ /** Organization id. */
1229
+ orgId?: string | undefined;
1230
+ /** Tenant id. */
1231
+ tenantId?: string | undefined;
1232
+ /** Identifier of the recovery credential to use. */
880
1233
  credentialId: string;
881
1234
  };
882
1235
  export type CreateRecoveryChallengeResponse = {
883
1236
  user: {
1237
+ /** Base64url-encoded user handle (WebAuthn user.id). */
884
1238
  id: string;
1239
+ /** Display name of the user. */
885
1240
  displayName: string;
1241
+ /** Username of the user. */
886
1242
  name: string;
887
1243
  };
1244
+ /** JWT used to identify the registration session when calling Complete User Registration. */
888
1245
  temporaryAuthenticationToken: string;
1246
+ /** Challenge to be signed by the credential being registered. */
889
1247
  challenge: string;
1248
+ /** Deprecated. Should not be used. */
890
1249
  rp?: {
1250
+ /** ID of the WebAuthn relying party (typically a domain name). */
891
1251
  id: string;
1252
+ /** Human-readable name of the relying party. */
892
1253
  name: string;
893
1254
  } | undefined;
1255
+ /** Credential kinds that can be used to register the user. */
894
1256
  supportedCredentialKinds: {
1257
+ /** Credential kinds accepted as first factor. */
895
1258
  firstFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
1259
+ /** Credential kinds accepted as second factor. */
896
1260
  secondFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
897
1261
  };
898
1262
  authenticatorSelection: {
@@ -913,19 +1277,24 @@ export type CreateRecoveryChallengeResponse = {
913
1277
  * enterprise: indicates the attestation data should include information to uniquely identify the user's device
914
1278
  */
915
1279
  attestation: "none" | "indirect" | "direct" | "enterprise";
1280
+ /** Public key credential parameters supported for the registration. */
916
1281
  pubKeyCredParams: {
917
1282
  type: "public-key";
918
1283
  alg: number;
919
1284
  }[];
1285
+ /** Credentials to exclude from the registration (already registered for the user). */
920
1286
  excludeCredentials: {
921
1287
  /** Is always `public-key`. */
922
1288
  type: "public-key";
923
1289
  /** ID that identifies the credential. */
924
1290
  id: string;
925
1291
  }[];
1292
+ /** URL to provision a TOTP credential, when applicable. */
926
1293
  otpUrl: string;
927
1294
  allowedRecoveryCredentials: {
1295
+ /** Identifier of the recovery credential. */
928
1296
  id: string;
1297
+ /** Encrypted recovery key associated with this credential. */
929
1298
  encryptedRecoveryKey: string;
930
1299
  }[];
931
1300
  };
@@ -933,24 +1302,40 @@ export type CreateRecoveryChallengeRequest = {
933
1302
  body: CreateRecoveryChallengeBody;
934
1303
  };
935
1304
  export type CreateRegistrationChallengeBody = {
936
- orgId: string;
1305
+ /** Organization id. */
1306
+ orgId?: string | undefined;
1307
+ /** Tenant id. */
1308
+ tenantId?: string | undefined;
1309
+ /** Username/identifier of the user being registered (any unique string accepted, e.g. email). */
937
1310
  username: string;
1311
+ /** One-time registration code sent to the user by email. */
938
1312
  registrationCode: string;
939
1313
  };
940
1314
  export type CreateRegistrationChallengeResponse = {
941
1315
  user: {
1316
+ /** Base64url-encoded user handle (WebAuthn user.id). */
942
1317
  id: string;
1318
+ /** Display name of the user. */
943
1319
  displayName: string;
1320
+ /** Username of the user. */
944
1321
  name: string;
945
1322
  };
1323
+ /** JWT used to identify the registration session when calling Complete User Registration. */
946
1324
  temporaryAuthenticationToken: string;
1325
+ /** Challenge to be signed by the credential being registered. */
947
1326
  challenge: string;
1327
+ /** Deprecated. Should not be used. */
948
1328
  rp?: {
1329
+ /** ID of the WebAuthn relying party (typically a domain name). */
949
1330
  id: string;
1331
+ /** Human-readable name of the relying party. */
950
1332
  name: string;
951
1333
  } | undefined;
1334
+ /** Credential kinds that can be used to register the user. */
952
1335
  supportedCredentialKinds: {
1336
+ /** Credential kinds accepted as first factor. */
953
1337
  firstFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
1338
+ /** Credential kinds accepted as second factor. */
954
1339
  secondFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
955
1340
  };
956
1341
  authenticatorSelection: {
@@ -971,67 +1356,103 @@ export type CreateRegistrationChallengeResponse = {
971
1356
  * enterprise: indicates the attestation data should include information to uniquely identify the user's device
972
1357
  */
973
1358
  attestation: "none" | "indirect" | "direct" | "enterprise";
1359
+ /** Public key credential parameters supported for the registration. */
974
1360
  pubKeyCredParams: {
975
1361
  type: "public-key";
976
1362
  alg: number;
977
1363
  }[];
1364
+ /** Credentials to exclude from the registration (already registered for the user). */
978
1365
  excludeCredentials: {
979
1366
  /** Is always `public-key`. */
980
1367
  type: "public-key";
981
1368
  /** ID that identifies the credential. */
982
1369
  id: string;
983
1370
  }[];
1371
+ /** URL to provision a TOTP credential, when applicable. */
984
1372
  otpUrl: string;
985
1373
  };
986
1374
  export type CreateRegistrationChallengeRequest = {
987
1375
  body: CreateRegistrationChallengeBody;
988
1376
  };
989
1377
  export type CreateServiceAccountBody = {
1378
+ /** Human-readable name of the Service Account. */
990
1379
  name: string;
991
1380
  publicKey: string;
1381
+ /** ID of the permission (also referred to as "role" in the dashboard). */
992
1382
  permissionId?: string | undefined;
1383
+ /** Value that can be used to correlate the entity with an external system. */
993
1384
  externalId?: string | undefined;
1385
+ /** Number of days the service account will be valid for. */
994
1386
  daysValid?: number | undefined;
995
1387
  };
996
1388
  export type CreateServiceAccountResponse = {
997
1389
  userInfo: {
1390
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
998
1391
  username: string;
1392
+ /** Display name of the user. */
999
1393
  name: string;
1000
1394
  /** User id. */
1001
1395
  userId: string;
1002
1396
  /** User kind. */
1003
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
1397
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
1398
+ /** UUID of the user's primary credential. */
1004
1399
  credentialUuid: string;
1005
- orgId: string;
1400
+ /** Organization id. */
1401
+ orgId?: string | undefined;
1402
+ /** Tenant id. */
1403
+ tenantId?: string | undefined;
1404
+ /** @deprecated - Flat list of API operations the user has access to. */
1006
1405
  permissions?: string[] | undefined;
1406
+ /** Whether the user is active. */
1007
1407
  isActive: boolean;
1408
+ /** Whether the user is a service account. */
1008
1409
  isServiceAccount: boolean;
1410
+ /** Whether the user has completed registration. */
1009
1411
  isRegistered: boolean;
1412
+ /** Permissions (roles) assigned to the user. */
1010
1413
  permissionAssignments: {
1414
+ /** Human-readable name of the permission (role). */
1011
1415
  permissionName: string;
1416
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1012
1417
  permissionId: string;
1418
+ /** ID of the permission assignment. */
1013
1419
  assignmentId: string;
1420
+ /** List of API operations granted by this permission. */
1014
1421
  operations?: string[] | undefined;
1015
1422
  }[];
1016
1423
  };
1017
1424
  accessTokens: {
1425
+ /** The access token. Only returned at creation time. */
1018
1426
  accessToken?: string | undefined;
1019
1427
  dateCreated: string;
1428
+ /** ID of the credential associated with the access token. */
1020
1429
  credId: string;
1430
+ /** Whether the access token is active. */
1021
1431
  isActive: boolean;
1022
1432
  /** Access token kind. */
1023
1433
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
1434
+ /** User id. */
1024
1435
  linkedUserId: string;
1436
+ /** ID of the application the access token is linked to. */
1025
1437
  linkedAppId: string;
1438
+ /** Human-readable name of the access token. */
1026
1439
  name: string;
1440
+ /** Organization id. */
1027
1441
  orgId: string;
1442
+ /** Permissions (roles) assigned to the access token. */
1028
1443
  permissionAssignments: {
1444
+ /** Human-readable name of the permission (role). */
1029
1445
  permissionName: string;
1446
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1030
1447
  permissionId: string;
1448
+ /** ID of the permission assignment. */
1031
1449
  assignmentId: string;
1450
+ /** List of API operations granted by this permission. */
1032
1451
  operations?: string[] | undefined;
1033
1452
  }[];
1453
+ /** Public key associated with the access token. */
1034
1454
  publicKey: string;
1455
+ /** Token id. */
1035
1456
  tokenId: string;
1036
1457
  }[];
1037
1458
  };
@@ -1039,24 +1460,38 @@ export type CreateServiceAccountRequest = {
1039
1460
  body: CreateServiceAccountBody;
1040
1461
  };
1041
1462
  export type CreateSocialRegistrationChallengeBody = {
1463
+ /** Organization id. */
1042
1464
  orgId?: string | undefined;
1465
+ /** Social login provider used to issue the JWT. */
1043
1466
  socialLoginProviderKind: "Oidc";
1467
+ /** JWT id token issued by the social login provider. */
1044
1468
  idToken: string;
1045
1469
  };
1046
1470
  export type CreateSocialRegistrationChallengeResponse = {
1047
1471
  user: {
1472
+ /** Base64url-encoded user handle (WebAuthn user.id). */
1048
1473
  id: string;
1474
+ /** Display name of the user. */
1049
1475
  displayName: string;
1476
+ /** Username of the user. */
1050
1477
  name: string;
1051
1478
  };
1479
+ /** JWT used to identify the registration session when calling Complete User Registration. */
1052
1480
  temporaryAuthenticationToken: string;
1481
+ /** Challenge to be signed by the credential being registered. */
1053
1482
  challenge: string;
1483
+ /** Deprecated. Should not be used. */
1054
1484
  rp?: {
1485
+ /** ID of the WebAuthn relying party (typically a domain name). */
1055
1486
  id: string;
1487
+ /** Human-readable name of the relying party. */
1056
1488
  name: string;
1057
1489
  } | undefined;
1490
+ /** Credential kinds that can be used to register the user. */
1058
1491
  supportedCredentialKinds: {
1492
+ /** Credential kinds accepted as first factor. */
1059
1493
  firstFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
1494
+ /** Credential kinds accepted as second factor. */
1060
1495
  secondFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
1061
1496
  };
1062
1497
  authenticatorSelection: {
@@ -1077,16 +1512,19 @@ export type CreateSocialRegistrationChallengeResponse = {
1077
1512
  * enterprise: indicates the attestation data should include information to uniquely identify the user's device
1078
1513
  */
1079
1514
  attestation: "none" | "indirect" | "direct" | "enterprise";
1515
+ /** Public key credential parameters supported for the registration. */
1080
1516
  pubKeyCredParams: {
1081
1517
  type: "public-key";
1082
1518
  alg: number;
1083
1519
  }[];
1520
+ /** Credentials to exclude from the registration (already registered for the user). */
1084
1521
  excludeCredentials: {
1085
1522
  /** Is always `public-key`. */
1086
1523
  type: "public-key";
1087
1524
  /** ID that identifies the credential. */
1088
1525
  id: string;
1089
1526
  }[];
1527
+ /** URL to provision a TOTP credential, when applicable. */
1090
1528
  otpUrl: string;
1091
1529
  };
1092
1530
  export type CreateSocialRegistrationChallengeRequest = {
@@ -1098,6 +1536,7 @@ export type CreateUserBody = {
1098
1536
  /** The kind of user being created.
1099
1537
  In this endpoint it can only be "`CustomerEmployee`" (creating an "`EndUser`" is done through the [Delegated Registration](https://docs.dfns.co/api-reference/auth/registration-flows#delegated-users-registration-flow) endpoint) */
1100
1538
  kind: "CustomerEmployee" | "DfnsStaff";
1539
+ /** Optional public key in PEM format associated with the user. */
1101
1540
  publicKey?: string | undefined;
1102
1541
  /** Value that can be used to correlate the entity with an external system. */
1103
1542
  externalId?: string | undefined;
@@ -1105,23 +1544,39 @@ export type CreateUserBody = {
1105
1544
  isSSORequired?: boolean | undefined;
1106
1545
  };
1107
1546
  export type CreateUserResponse = {
1547
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
1108
1548
  username: string;
1549
+ /** Display name of the user. */
1109
1550
  name: string;
1110
1551
  /** User id. */
1111
1552
  userId: string;
1112
1553
  /** User kind. */
1113
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
1554
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
1555
+ /** UUID of the user's primary credential. */
1114
1556
  credentialUuid: string;
1115
- orgId: string;
1557
+ /** Organization id. */
1558
+ orgId?: string | undefined;
1559
+ /** Tenant id. */
1560
+ tenantId?: string | undefined;
1561
+ /** @deprecated - Flat list of API operations the user has access to. */
1116
1562
  permissions?: string[] | undefined;
1563
+ /** Whether the user is active. */
1117
1564
  isActive: boolean;
1565
+ /** Whether the user is a service account. */
1118
1566
  isServiceAccount: boolean;
1567
+ /** Whether the user has completed registration. */
1119
1568
  isRegistered: boolean;
1569
+ /** Whether the user must authenticate via SSO. */
1120
1570
  isSSORequired: boolean;
1571
+ /** Permissions (roles) assigned to the user. */
1121
1572
  permissionAssignments: {
1573
+ /** Human-readable name of the permission (role). */
1122
1574
  permissionName: string;
1575
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1123
1576
  permissionId: string;
1577
+ /** ID of the permission assignment. */
1124
1578
  assignmentId: string;
1579
+ /** List of API operations granted by this permission. */
1125
1580
  operations?: string[] | undefined;
1126
1581
  }[];
1127
1582
  };
@@ -1145,7 +1600,9 @@ export type CreateUserActionChallengeResponse = {
1145
1600
  challengeIdentifier: string;
1146
1601
  /** Deprecated. Should not be used. */
1147
1602
  rp?: {
1603
+ /** ID of the WebAuthn relying party (typically a domain name). */
1148
1604
  id: string;
1605
+ /** Human-readable name of the relying party. */
1149
1606
  name: string;
1150
1607
  } | undefined;
1151
1608
  /** Identifies the kind of credentials that can be used to sign the user action. */
@@ -1248,6 +1705,7 @@ export type CreateUserActionSignatureBody = {
1248
1705
  };
1249
1706
  } | {
1250
1707
  kind: "Password";
1708
+ /** User password. */
1251
1709
  password: string;
1252
1710
  };
1253
1711
  /** Second factor credential used to authenticate a user. */
@@ -1293,45 +1751,64 @@ export type CreateUserActionSignatureBody = {
1293
1751
  };
1294
1752
  } | {
1295
1753
  kind: "Totp";
1754
+ /** TOTP one-time code. */
1296
1755
  otpCode: string;
1297
1756
  }) | undefined;
1298
1757
  };
1299
1758
  export type CreateUserActionSignatureResponse = {
1759
+ /** Signing token to use to verify the user intended to perform the action. */
1300
1760
  userAction: string;
1301
1761
  };
1302
1762
  export type CreateUserActionSignatureRequest = {
1303
1763
  body: CreateUserActionSignatureBody;
1304
1764
  };
1305
1765
  export type DeactivateCredentialBody = {
1766
+ /** UUID of the credential to deactivate. */
1306
1767
  credentialUuid: string;
1307
1768
  };
1308
1769
  export type DeactivateCredentialResponse = {
1770
+ /** Human-readable success message. */
1309
1771
  message: string;
1310
1772
  };
1311
1773
  export type DeactivateCredentialRequest = {
1312
1774
  body: DeactivateCredentialBody;
1313
1775
  };
1314
1776
  export type DeactivatePersonalAccessTokenParams = {
1777
+ /** Token id. */
1315
1778
  tokenId: string;
1316
1779
  };
1317
1780
  export type DeactivatePersonalAccessTokenResponse = {
1781
+ /** The access token. Only returned at creation time. */
1318
1782
  accessToken?: string | undefined;
1319
1783
  dateCreated: string;
1784
+ /** ID of the credential associated with the access token. */
1320
1785
  credId: string;
1786
+ /** Whether the access token is active. */
1321
1787
  isActive: boolean;
1322
1788
  /** Access token kind. */
1323
1789
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
1790
+ /** User id. */
1324
1791
  linkedUserId: string;
1792
+ /** ID of the application the access token is linked to. */
1325
1793
  linkedAppId: string;
1794
+ /** Human-readable name of the access token. */
1326
1795
  name: string;
1796
+ /** Organization id. */
1327
1797
  orgId: string;
1798
+ /** Permissions (roles) assigned to the access token. */
1328
1799
  permissionAssignments: {
1800
+ /** Human-readable name of the permission (role). */
1329
1801
  permissionName: string;
1802
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1330
1803
  permissionId: string;
1804
+ /** ID of the permission assignment. */
1331
1805
  assignmentId: string;
1806
+ /** List of API operations granted by this permission. */
1332
1807
  operations?: string[] | undefined;
1333
1808
  }[];
1809
+ /** Public key associated with the access token. */
1334
1810
  publicKey: string;
1811
+ /** Token id. */
1335
1812
  tokenId: string;
1336
1813
  };
1337
1814
  export type DeactivatePersonalAccessTokenRequest = DeactivatePersonalAccessTokenParams;
@@ -1340,47 +1817,77 @@ export type DeactivateServiceAccountBody = {
1340
1817
  force?: boolean;
1341
1818
  };
1342
1819
  export type DeactivateServiceAccountParams = {
1820
+ /** ID of the service account. */
1343
1821
  serviceAccountId: string;
1344
1822
  };
1345
1823
  export type DeactivateServiceAccountResponse = {
1346
1824
  userInfo: {
1825
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
1347
1826
  username: string;
1827
+ /** Display name of the user. */
1348
1828
  name: string;
1349
1829
  /** User id. */
1350
1830
  userId: string;
1351
1831
  /** User kind. */
1352
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
1832
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
1833
+ /** UUID of the user's primary credential. */
1353
1834
  credentialUuid: string;
1354
- orgId: string;
1835
+ /** Organization id. */
1836
+ orgId?: string | undefined;
1837
+ /** Tenant id. */
1838
+ tenantId?: string | undefined;
1839
+ /** @deprecated - Flat list of API operations the user has access to. */
1355
1840
  permissions?: string[] | undefined;
1841
+ /** Whether the user is active. */
1356
1842
  isActive: boolean;
1843
+ /** Whether the user is a service account. */
1357
1844
  isServiceAccount: boolean;
1845
+ /** Whether the user has completed registration. */
1358
1846
  isRegistered: boolean;
1847
+ /** Permissions (roles) assigned to the user. */
1359
1848
  permissionAssignments: {
1849
+ /** Human-readable name of the permission (role). */
1360
1850
  permissionName: string;
1851
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1361
1852
  permissionId: string;
1853
+ /** ID of the permission assignment. */
1362
1854
  assignmentId: string;
1855
+ /** List of API operations granted by this permission. */
1363
1856
  operations?: string[] | undefined;
1364
1857
  }[];
1365
1858
  };
1366
1859
  accessTokens: {
1860
+ /** The access token. Only returned at creation time. */
1367
1861
  accessToken?: string | undefined;
1368
1862
  dateCreated: string;
1863
+ /** ID of the credential associated with the access token. */
1369
1864
  credId: string;
1865
+ /** Whether the access token is active. */
1370
1866
  isActive: boolean;
1371
1867
  /** Access token kind. */
1372
1868
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
1869
+ /** User id. */
1373
1870
  linkedUserId: string;
1871
+ /** ID of the application the access token is linked to. */
1374
1872
  linkedAppId: string;
1873
+ /** Human-readable name of the access token. */
1375
1874
  name: string;
1875
+ /** Organization id. */
1376
1876
  orgId: string;
1877
+ /** Permissions (roles) assigned to the access token. */
1377
1878
  permissionAssignments: {
1879
+ /** Human-readable name of the permission (role). */
1378
1880
  permissionName: string;
1881
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1379
1882
  permissionId: string;
1883
+ /** ID of the permission assignment. */
1380
1884
  assignmentId: string;
1885
+ /** List of API operations granted by this permission. */
1381
1886
  operations?: string[] | undefined;
1382
1887
  }[];
1888
+ /** Public key associated with the access token. */
1383
1889
  publicKey: string;
1890
+ /** Token id. */
1384
1891
  tokenId: string;
1385
1892
  }[];
1386
1893
  };
@@ -1388,74 +1895,130 @@ export type DeactivateServiceAccountRequest = DeactivateServiceAccountParams & {
1388
1895
  body: DeactivateServiceAccountBody;
1389
1896
  };
1390
1897
  export type DeactivateUserParams = {
1898
+ /** User id. */
1391
1899
  userId: string;
1392
1900
  };
1393
1901
  export type DeactivateUserResponse = {
1902
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
1394
1903
  username: string;
1904
+ /** Display name of the user. */
1395
1905
  name: string;
1396
1906
  /** User id. */
1397
1907
  userId: string;
1398
1908
  /** User kind. */
1399
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
1909
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
1910
+ /** UUID of the user's primary credential. */
1400
1911
  credentialUuid: string;
1401
- orgId: string;
1912
+ /** Organization id. */
1913
+ orgId?: string | undefined;
1914
+ /** Tenant id. */
1915
+ tenantId?: string | undefined;
1916
+ /** @deprecated - Flat list of API operations the user has access to. */
1402
1917
  permissions?: string[] | undefined;
1918
+ /** Whether the user is active. */
1403
1919
  isActive: boolean;
1920
+ /** Whether the user is a service account. */
1404
1921
  isServiceAccount: boolean;
1922
+ /** Whether the user has completed registration. */
1405
1923
  isRegistered: boolean;
1924
+ /** Whether the user must authenticate via SSO. */
1406
1925
  isSSORequired: boolean;
1926
+ /** Permissions (roles) assigned to the user. */
1407
1927
  permissionAssignments: {
1928
+ /** Human-readable name of the permission (role). */
1408
1929
  permissionName: string;
1930
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1409
1931
  permissionId: string;
1932
+ /** ID of the permission assignment. */
1410
1933
  assignmentId: string;
1934
+ /** List of API operations granted by this permission. */
1411
1935
  operations?: string[] | undefined;
1412
1936
  }[];
1413
1937
  };
1414
1938
  export type DeactivateUserRequest = DeactivateUserParams;
1415
1939
  export type DelegatedLoginBody = {
1940
+ /** Username/identifier of the user to log in. */
1416
1941
  username: string;
1417
1942
  };
1418
1943
  export type DelegatedLoginResponse = {
1944
+ /** Authentication token issued to the user. */
1419
1945
  token: string;
1420
1946
  };
1421
1947
  export type DelegatedLoginRequest = {
1422
1948
  body: DelegatedLoginBody;
1423
1949
  };
1950
+ export type ExchangeAccessTokenBody = {
1951
+ /** ID of the Organisation or Tenant for which you wish to obtain an access token. */
1952
+ target: string;
1953
+ };
1954
+ export type ExchangeAccessTokenResponse = {
1955
+ token: string;
1956
+ };
1957
+ export type ExchangeAccessTokenRequest = {
1958
+ body: ExchangeAccessTokenBody;
1959
+ };
1424
1960
  export type GetApplicationParams = {
1961
+ /** ID of the application (deprecated). */
1425
1962
  appId: string;
1426
1963
  };
1427
1964
  export type GetApplicationResponse = {
1965
+ /** ID of the application (deprecated). */
1428
1966
  appId: string;
1429
1967
  kind: "ServerSideApplication" | "ClientSideApplication";
1968
+ /** Organization id. */
1430
1969
  orgId: string;
1970
+ /** Expected relying party ID for webauthn (deprecated). */
1431
1971
  expectedRpId?: string | undefined;
1972
+ /** Human-readable name of the application. */
1432
1973
  name: string;
1974
+ /** Whether the application is active. */
1433
1975
  isActive: boolean;
1976
+ /** Expected origin for webauthn (deprecated). */
1434
1977
  expectedOrigin?: string | undefined;
1978
+ /** Permissions (roles) assigned to the application. */
1435
1979
  permissionAssignments: {
1980
+ /** Human-readable name of the permission (role). */
1436
1981
  permissionName: string;
1982
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1437
1983
  permissionId: string;
1984
+ /** ID of the permission assignment. */
1438
1985
  assignmentId: string;
1986
+ /** List of API operations granted by this permission. */
1439
1987
  operations?: string[] | undefined;
1440
1988
  }[];
1989
+ /** Access tokens associated with the application. */
1441
1990
  accessTokens: {
1991
+ /** The access token. Only returned at creation time. */
1442
1992
  accessToken?: string | undefined;
1443
1993
  dateCreated: string;
1994
+ /** ID of the credential associated with the access token. */
1444
1995
  credId: string;
1996
+ /** Whether the access token is active. */
1445
1997
  isActive: boolean;
1446
1998
  /** Access token kind. */
1447
1999
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
2000
+ /** User id. */
1448
2001
  linkedUserId: string;
2002
+ /** ID of the application the access token is linked to. */
1449
2003
  linkedAppId: string;
2004
+ /** Human-readable name of the access token. */
1450
2005
  name: string;
2006
+ /** Organization id. */
1451
2007
  orgId: string;
2008
+ /** Permissions (roles) assigned to the access token. */
1452
2009
  permissionAssignments: {
2010
+ /** Human-readable name of the permission (role). */
1453
2011
  permissionName: string;
2012
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1454
2013
  permissionId: string;
2014
+ /** ID of the permission assignment. */
1455
2015
  assignmentId: string;
2016
+ /** List of API operations granted by this permission. */
1456
2017
  operations?: string[] | undefined;
1457
2018
  }[];
2019
+ /** Public key associated with the access token. */
1458
2020
  publicKey: string;
2021
+ /** Token id. */
1459
2022
  tokenId: string;
1460
2023
  }[];
1461
2024
  };
@@ -1497,133 +2060,232 @@ export type GetAuditLogResponse = {
1497
2060
  };
1498
2061
  export type GetAuditLogRequest = GetAuditLogParams;
1499
2062
  export type GetPersonalAccessTokenParams = {
2063
+ /** Token id. */
1500
2064
  tokenId: string;
1501
2065
  };
1502
2066
  export type GetPersonalAccessTokenResponse = {
2067
+ /** The access token. Only returned at creation time. */
1503
2068
  accessToken?: string | undefined;
1504
2069
  dateCreated: string;
2070
+ /** ID of the credential associated with the access token. */
1505
2071
  credId: string;
2072
+ /** Whether the access token is active. */
1506
2073
  isActive: boolean;
1507
2074
  /** Access token kind. */
1508
2075
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
2076
+ /** User id. */
1509
2077
  linkedUserId: string;
2078
+ /** ID of the application the access token is linked to. */
1510
2079
  linkedAppId: string;
2080
+ /** Human-readable name of the access token. */
1511
2081
  name: string;
2082
+ /** Organization id. */
1512
2083
  orgId: string;
2084
+ /** Permissions (roles) assigned to the access token. */
1513
2085
  permissionAssignments: {
2086
+ /** Human-readable name of the permission (role). */
1514
2087
  permissionName: string;
2088
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1515
2089
  permissionId: string;
2090
+ /** ID of the permission assignment. */
1516
2091
  assignmentId: string;
2092
+ /** List of API operations granted by this permission. */
1517
2093
  operations?: string[] | undefined;
1518
2094
  }[];
2095
+ /** Public key associated with the access token. */
1519
2096
  publicKey: string;
2097
+ /** Token id. */
1520
2098
  tokenId: string;
1521
2099
  };
1522
2100
  export type GetPersonalAccessTokenRequest = GetPersonalAccessTokenParams;
1523
2101
  export type GetServiceAccountParams = {
2102
+ /** ID of the service account. */
1524
2103
  serviceAccountId: string;
1525
2104
  };
1526
2105
  export type GetServiceAccountResponse = {
1527
2106
  userInfo: {
2107
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
1528
2108
  username: string;
2109
+ /** Display name of the user. */
1529
2110
  name: string;
1530
2111
  /** User id. */
1531
2112
  userId: string;
1532
2113
  /** User kind. */
1533
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
2114
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
2115
+ /** UUID of the user's primary credential. */
1534
2116
  credentialUuid: string;
1535
- orgId: string;
2117
+ /** Organization id. */
2118
+ orgId?: string | undefined;
2119
+ /** Tenant id. */
2120
+ tenantId?: string | undefined;
2121
+ /** @deprecated - Flat list of API operations the user has access to. */
1536
2122
  permissions?: string[] | undefined;
2123
+ /** Whether the user is active. */
1537
2124
  isActive: boolean;
2125
+ /** Whether the user is a service account. */
1538
2126
  isServiceAccount: boolean;
2127
+ /** Whether the user has completed registration. */
1539
2128
  isRegistered: boolean;
2129
+ /** Permissions (roles) assigned to the user. */
1540
2130
  permissionAssignments: {
2131
+ /** Human-readable name of the permission (role). */
1541
2132
  permissionName: string;
2133
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1542
2134
  permissionId: string;
2135
+ /** ID of the permission assignment. */
1543
2136
  assignmentId: string;
2137
+ /** List of API operations granted by this permission. */
1544
2138
  operations?: string[] | undefined;
1545
2139
  }[];
1546
2140
  };
1547
2141
  accessTokens: {
2142
+ /** The access token. Only returned at creation time. */
1548
2143
  accessToken?: string | undefined;
1549
2144
  dateCreated: string;
2145
+ /** ID of the credential associated with the access token. */
1550
2146
  credId: string;
2147
+ /** Whether the access token is active. */
1551
2148
  isActive: boolean;
1552
2149
  /** Access token kind. */
1553
2150
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
2151
+ /** User id. */
1554
2152
  linkedUserId: string;
2153
+ /** ID of the application the access token is linked to. */
1555
2154
  linkedAppId: string;
2155
+ /** Human-readable name of the access token. */
1556
2156
  name: string;
2157
+ /** Organization id. */
1557
2158
  orgId: string;
2159
+ /** Permissions (roles) assigned to the access token. */
1558
2160
  permissionAssignments: {
2161
+ /** Human-readable name of the permission (role). */
1559
2162
  permissionName: string;
2163
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1560
2164
  permissionId: string;
2165
+ /** ID of the permission assignment. */
1561
2166
  assignmentId: string;
2167
+ /** List of API operations granted by this permission. */
1562
2168
  operations?: string[] | undefined;
1563
2169
  }[];
2170
+ /** Public key associated with the access token. */
1564
2171
  publicKey: string;
2172
+ /** Token id. */
1565
2173
  tokenId: string;
1566
2174
  }[];
1567
2175
  };
1568
2176
  export type GetServiceAccountRequest = GetServiceAccountParams;
1569
2177
  export type GetUserParams = {
2178
+ /** User id. */
1570
2179
  userId: string;
1571
2180
  };
1572
2181
  export type GetUserResponse = {
2182
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
1573
2183
  username: string;
2184
+ /** Display name of the user. */
1574
2185
  name: string;
1575
2186
  /** User id. */
1576
2187
  userId: string;
1577
2188
  /** User kind. */
1578
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
2189
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
2190
+ /** UUID of the user's primary credential. */
1579
2191
  credentialUuid: string;
1580
- orgId: string;
2192
+ /** Organization id. */
2193
+ orgId?: string | undefined;
2194
+ /** Tenant id. */
2195
+ tenantId?: string | undefined;
2196
+ /** @deprecated - Flat list of API operations the user has access to. */
1581
2197
  permissions?: string[] | undefined;
2198
+ /** Whether the user is active. */
1582
2199
  isActive: boolean;
2200
+ /** Whether the user is a service account. */
1583
2201
  isServiceAccount: boolean;
2202
+ /** Whether the user has completed registration. */
1584
2203
  isRegistered: boolean;
2204
+ /** Whether the user must authenticate via SSO. */
1585
2205
  isSSORequired: boolean;
2206
+ /** Permissions (roles) assigned to the user. */
1586
2207
  permissionAssignments: {
2208
+ /** Human-readable name of the permission (role). */
1587
2209
  permissionName: string;
2210
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1588
2211
  permissionId: string;
2212
+ /** ID of the permission assignment. */
1589
2213
  assignmentId: string;
2214
+ /** List of API operations granted by this permission. */
1590
2215
  operations?: string[] | undefined;
1591
2216
  }[];
1592
2217
  };
1593
2218
  export type GetUserRequest = GetUserParams;
2219
+ export type InviteTenantUserBody = {
2220
+ /** Email address of the existing Tenant User. */
2221
+ email: string;
2222
+ /** The kind of user being invited. It can only be "`TenantUser`" */
2223
+ kind: "TenantUser";
2224
+ };
2225
+ export type InviteTenantUserResponse = {};
2226
+ export type InviteTenantUserRequest = {
2227
+ body: InviteTenantUserBody;
2228
+ };
1594
2229
  export type ListApplicationsResponse = {
2230
+ /** Current page items. */
1595
2231
  items: {
2232
+ /** ID of the application (deprecated). */
1596
2233
  appId: string;
1597
2234
  kind: "ServerSideApplication" | "ClientSideApplication";
2235
+ /** Organization id. */
1598
2236
  orgId: string;
2237
+ /** Expected relying party ID for webauthn (deprecated). */
1599
2238
  expectedRpId?: string | undefined;
2239
+ /** Human-readable name of the application. */
1600
2240
  name: string;
2241
+ /** Whether the application is active. */
1601
2242
  isActive: boolean;
2243
+ /** Expected origin for webauthn (deprecated). */
1602
2244
  expectedOrigin?: string | undefined;
2245
+ /** Permissions (roles) assigned to the application. */
1603
2246
  permissionAssignments: {
2247
+ /** Human-readable name of the permission (role). */
1604
2248
  permissionName: string;
2249
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1605
2250
  permissionId: string;
2251
+ /** ID of the permission assignment. */
1606
2252
  assignmentId: string;
2253
+ /** List of API operations granted by this permission. */
1607
2254
  operations?: string[] | undefined;
1608
2255
  }[];
2256
+ /** Access tokens associated with the application. */
1609
2257
  accessTokens: {
2258
+ /** The access token. Only returned at creation time. */
1610
2259
  accessToken?: string | undefined;
1611
2260
  dateCreated: string;
2261
+ /** ID of the credential associated with the access token. */
1612
2262
  credId: string;
2263
+ /** Whether the access token is active. */
1613
2264
  isActive: boolean;
1614
2265
  /** Access token kind. */
1615
2266
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
2267
+ /** User id. */
1616
2268
  linkedUserId: string;
2269
+ /** ID of the application the access token is linked to. */
1617
2270
  linkedAppId: string;
2271
+ /** Human-readable name of the access token. */
1618
2272
  name: string;
2273
+ /** Organization id. */
1619
2274
  orgId: string;
2275
+ /** Permissions (roles) assigned to the access token. */
1620
2276
  permissionAssignments: {
2277
+ /** Human-readable name of the permission (role). */
1621
2278
  permissionName: string;
2279
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1622
2280
  permissionId: string;
2281
+ /** ID of the permission assignment. */
1623
2282
  assignmentId: string;
2283
+ /** List of API operations granted by this permission. */
1624
2284
  operations?: string[] | undefined;
1625
2285
  }[];
2286
+ /** Public key associated with the access token. */
1626
2287
  publicKey: string;
2288
+ /** Token id. */
1627
2289
  tokenId: string;
1628
2290
  }[];
1629
2291
  }[];
@@ -1639,111 +2301,185 @@ export type ListAuditLogsRequest = {
1639
2301
  query?: ListAuditLogsQuery;
1640
2302
  };
1641
2303
  export type ListCredentialsResponse = {
2304
+ /** Current page items. */
1642
2305
  items: {
1643
2306
  kind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
2307
+ /** Credential ID from the WebAuthn authenticator (base64url). */
1644
2308
  credentialId: string;
2309
+ /** Dfns-internal UUID of the credential. */
1645
2310
  credentialUuid: string;
1646
2311
  dateCreated: string;
2312
+ /** Whether the credential is active. */
1647
2313
  isActive: boolean;
2314
+ /** Human-readable name of the credential. */
1648
2315
  name: string;
2316
+ /** Public key of the credential. */
1649
2317
  publicKey: string;
2318
+ /** Relying party identifier associated with the credential. */
1650
2319
  relyingPartyId: string;
2320
+ /** Origin where the credential was created. */
1651
2321
  origin: string;
1652
2322
  }[];
1653
2323
  };
1654
2324
  export type ListPersonalAccessTokensResponse = {
2325
+ /** Current page items. */
1655
2326
  items: {
2327
+ /** The access token. Only returned at creation time. */
1656
2328
  accessToken?: string | undefined;
1657
2329
  dateCreated: string;
2330
+ /** ID of the credential associated with the access token. */
1658
2331
  credId: string;
2332
+ /** Whether the access token is active. */
1659
2333
  isActive: boolean;
1660
2334
  /** Access token kind. */
1661
2335
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
2336
+ /** User id. */
1662
2337
  linkedUserId: string;
2338
+ /** ID of the application the access token is linked to. */
1663
2339
  linkedAppId: string;
2340
+ /** Human-readable name of the access token. */
1664
2341
  name: string;
2342
+ /** Organization id. */
1665
2343
  orgId: string;
2344
+ /** Permissions (roles) assigned to the access token. */
1666
2345
  permissionAssignments: {
2346
+ /** Human-readable name of the permission (role). */
1667
2347
  permissionName: string;
2348
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1668
2349
  permissionId: string;
2350
+ /** ID of the permission assignment. */
1669
2351
  assignmentId: string;
2352
+ /** List of API operations granted by this permission. */
1670
2353
  operations?: string[] | undefined;
1671
2354
  }[];
2355
+ /** Public key associated with the access token. */
1672
2356
  publicKey: string;
2357
+ /** Token id. */
1673
2358
  tokenId: string;
1674
2359
  }[];
1675
2360
  };
1676
2361
  export type ListServiceAccountsResponse = {
2362
+ /** Current page items. */
1677
2363
  items: {
1678
2364
  userInfo: {
2365
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
1679
2366
  username: string;
2367
+ /** Display name of the user. */
1680
2368
  name: string;
1681
2369
  /** User id. */
1682
2370
  userId: string;
1683
2371
  /** User kind. */
1684
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
2372
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
2373
+ /** UUID of the user's primary credential. */
1685
2374
  credentialUuid: string;
1686
- orgId: string;
2375
+ /** Organization id. */
2376
+ orgId?: string | undefined;
2377
+ /** Tenant id. */
2378
+ tenantId?: string | undefined;
2379
+ /** @deprecated - Flat list of API operations the user has access to. */
1687
2380
  permissions?: string[] | undefined;
2381
+ /** Whether the user is active. */
1688
2382
  isActive: boolean;
2383
+ /** Whether the user is a service account. */
1689
2384
  isServiceAccount: boolean;
2385
+ /** Whether the user has completed registration. */
1690
2386
  isRegistered: boolean;
2387
+ /** Permissions (roles) assigned to the user. */
1691
2388
  permissionAssignments: {
2389
+ /** Human-readable name of the permission (role). */
1692
2390
  permissionName: string;
2391
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1693
2392
  permissionId: string;
2393
+ /** ID of the permission assignment. */
1694
2394
  assignmentId: string;
2395
+ /** List of API operations granted by this permission. */
1695
2396
  operations?: string[] | undefined;
1696
2397
  }[];
1697
2398
  };
1698
2399
  accessTokens: {
2400
+ /** The access token. Only returned at creation time. */
1699
2401
  accessToken?: string | undefined;
1700
2402
  dateCreated: string;
2403
+ /** ID of the credential associated with the access token. */
1701
2404
  credId: string;
2405
+ /** Whether the access token is active. */
1702
2406
  isActive: boolean;
1703
2407
  /** Access token kind. */
1704
2408
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
2409
+ /** User id. */
1705
2410
  linkedUserId: string;
2411
+ /** ID of the application the access token is linked to. */
1706
2412
  linkedAppId: string;
2413
+ /** Human-readable name of the access token. */
1707
2414
  name: string;
2415
+ /** Organization id. */
1708
2416
  orgId: string;
2417
+ /** Permissions (roles) assigned to the access token. */
1709
2418
  permissionAssignments: {
2419
+ /** Human-readable name of the permission (role). */
1710
2420
  permissionName: string;
2421
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1711
2422
  permissionId: string;
2423
+ /** ID of the permission assignment. */
1712
2424
  assignmentId: string;
2425
+ /** List of API operations granted by this permission. */
1713
2426
  operations?: string[] | undefined;
1714
2427
  }[];
2428
+ /** Public key associated with the access token. */
1715
2429
  publicKey: string;
2430
+ /** Token id. */
1716
2431
  tokenId: string;
1717
2432
  }[];
1718
2433
  }[];
1719
2434
  };
1720
2435
  export type ListUsersQuery = {
2436
+ /** Maximum number of items to return. */
1721
2437
  limit?: number | undefined;
2438
+ /** Opaque token used to retrieve the next page. Returned as `nextPageToken` from the previous request. */
1722
2439
  paginationToken?: string | undefined;
2440
+ /** Filter users by kind. */
1723
2441
  kind?: ("CustomerEmployee" | "EndUser") | undefined;
1724
2442
  };
1725
2443
  export type ListUsersResponse = {
2444
+ /** Current page items. */
1726
2445
  items: {
2446
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
1727
2447
  username: string;
2448
+ /** Display name of the user. */
1728
2449
  name: string;
1729
2450
  /** User id. */
1730
2451
  userId: string;
1731
2452
  /** User kind. */
1732
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
2453
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
2454
+ /** UUID of the user's primary credential. */
1733
2455
  credentialUuid: string;
1734
- orgId: string;
2456
+ /** Organization id. */
2457
+ orgId?: string | undefined;
2458
+ /** Tenant id. */
2459
+ tenantId?: string | undefined;
2460
+ /** @deprecated - Flat list of API operations the user has access to. */
1735
2461
  permissions?: string[] | undefined;
2462
+ /** Whether the user is active. */
1736
2463
  isActive: boolean;
2464
+ /** Whether the user is a service account. */
1737
2465
  isServiceAccount: boolean;
2466
+ /** Whether the user has completed registration. */
1738
2467
  isRegistered: boolean;
2468
+ /** Whether the user must authenticate via SSO. */
1739
2469
  isSSORequired: boolean;
2470
+ /** Permissions (roles) assigned to the user. */
1740
2471
  permissionAssignments: {
2472
+ /** Human-readable name of the permission (role). */
1741
2473
  permissionName: string;
2474
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1742
2475
  permissionId: string;
2476
+ /** ID of the permission assignment. */
1743
2477
  assignmentId: string;
2478
+ /** List of API operations granted by this permission. */
1744
2479
  operations?: string[] | undefined;
1745
2480
  }[];
1746
2481
  }[];
2482
+ /** token to use as `paginationToken` to request the next page. */
1747
2483
  nextPageToken?: string | undefined;
1748
2484
  };
1749
2485
  export type ListUsersRequest = {
@@ -1795,6 +2531,7 @@ export type LoginBody = {
1795
2531
  };
1796
2532
  } | {
1797
2533
  kind: "Password";
2534
+ /** User password. */
1798
2535
  password: string;
1799
2536
  };
1800
2537
  /** Second factor credential used to authenticate a user. */
@@ -1840,12 +2577,15 @@ export type LoginBody = {
1840
2577
  };
1841
2578
  } | {
1842
2579
  kind: "Totp";
2580
+ /** TOTP one-time code. */
1843
2581
  otpCode: string;
1844
2582
  }) | undefined;
1845
2583
  };
1846
2584
  export type LoginResponse = {
2585
+ /** Authentication token issued to the user. */
1847
2586
  token: string;
1848
2587
  } | {
2588
+ /** Identifier of the SSO client to use to complete the login flow. */
1849
2589
  ssoClientId: string;
1850
2590
  };
1851
2591
  export type LoginRequest = {
@@ -1855,6 +2595,7 @@ export type LogoutBody = {
1855
2595
  allSessions?: boolean | undefined;
1856
2596
  } | undefined;
1857
2597
  export type LogoutResponse = {
2598
+ /** Human-readable success message. */
1858
2599
  message: string;
1859
2600
  };
1860
2601
  export type LogoutRequest = {
@@ -1878,90 +2619,133 @@ export type RecoverBody = {
1878
2619
  firstFactorCredential: {
1879
2620
  credentialKind: "Fido2";
1880
2621
  credentialInfo: {
2622
+ /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
1881
2623
  credId: string;
2624
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
1882
2625
  clientData: string;
2626
+ /** Base64url-encoded attestation data returned by the user's WebAuthn client. */
1883
2627
  attestationData: string;
1884
2628
  };
2629
+ /** Human-readable name to assign to the credential. */
1885
2630
  credentialName?: string | undefined;
1886
2631
  } | {
1887
2632
  credentialKind: "Key";
1888
2633
  credentialInfo: {
2634
+ /** Base64url-encoded id of the credential. */
1889
2635
  credId: string;
2636
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
1890
2637
  clientData: string;
2638
+ /** Base64url-encoded public key. */
1891
2639
  attestationData: string;
1892
2640
  };
2641
+ /** Human-readable name to assign to the credential. */
1893
2642
  credentialName?: string | undefined;
1894
2643
  } | {
1895
2644
  credentialKind: "Password";
1896
2645
  credentialInfo: {
2646
+ /** User password. */
1897
2647
  password: string;
1898
2648
  };
2649
+ /** Human-readable name to assign to the credential. */
1899
2650
  credentialName?: string | undefined;
1900
2651
  } | {
1901
2652
  credentialKind: "PasswordProtectedKey";
1902
2653
  credentialInfo: {
2654
+ /** Base64url-encoded id of the credential. */
1903
2655
  credId: string;
2656
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
1904
2657
  clientData: string;
2658
+ /** Base64url-encoded public key. */
1905
2659
  attestationData: string;
1906
2660
  };
2661
+ /** User-encrypted private key. Dfns does not have the password to decrypt it. */
1907
2662
  encryptedPrivateKey: string;
2663
+ /** Human-readable name to assign to the credential. */
1908
2664
  credentialName?: string | undefined;
1909
2665
  };
1910
2666
  secondFactorCredential?: ({
1911
2667
  credentialKind: "Fido2";
1912
2668
  credentialInfo: {
2669
+ /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
1913
2670
  credId: string;
2671
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
1914
2672
  clientData: string;
2673
+ /** Base64url-encoded attestation data returned by the user's WebAuthn client. */
1915
2674
  attestationData: string;
1916
2675
  };
2676
+ /** Human-readable name to assign to the credential. */
1917
2677
  credentialName?: string | undefined;
1918
2678
  } | {
1919
2679
  credentialKind: "Key";
1920
2680
  credentialInfo: {
2681
+ /** Base64url-encoded id of the credential. */
1921
2682
  credId: string;
2683
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
1922
2684
  clientData: string;
2685
+ /** Base64url-encoded public key. */
1923
2686
  attestationData: string;
1924
2687
  };
2688
+ /** Human-readable name to assign to the credential. */
1925
2689
  credentialName?: string | undefined;
1926
2690
  } | {
1927
2691
  credentialKind: "Totp";
1928
2692
  credentialInfo: {
2693
+ /** TOTP one-time code. */
1929
2694
  otpCode: string;
1930
2695
  };
2696
+ /** Human-readable name to assign to the credential. */
1931
2697
  credentialName?: string | undefined;
1932
2698
  } | {
1933
2699
  credentialKind: "PasswordProtectedKey";
1934
2700
  credentialInfo: {
2701
+ /** Base64url-encoded id of the credential. */
1935
2702
  credId: string;
2703
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
1936
2704
  clientData: string;
2705
+ /** Base64url-encoded public key. */
1937
2706
  attestationData: string;
1938
2707
  };
2708
+ /** User-encrypted private key. Dfns does not have the password to decrypt it. */
1939
2709
  encryptedPrivateKey: string;
2710
+ /** Human-readable name to assign to the credential. */
1940
2711
  credentialName?: string | undefined;
1941
2712
  }) | undefined;
1942
2713
  /** Register a recovery key. See [Account Recovery](https://docs.dfns.co/api-reference/auth/account-recovery) for more details. */
1943
2714
  recoveryCredential?: {
1944
2715
  credentialKind: "RecoveryKey";
1945
2716
  credentialInfo: {
2717
+ /** Base64url-encoded id of the recovery credential. */
1946
2718
  credId: string;
2719
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
1947
2720
  clientData: string;
2721
+ /** Base64url-encoded public key. */
1948
2722
  attestationData: string;
1949
2723
  };
2724
+ /** User-encrypted private key for the recovery credential. */
1950
2725
  encryptedPrivateKey?: string | undefined;
2726
+ /** Human-readable name to assign to the credential. */
1951
2727
  credentialName?: string | undefined;
1952
2728
  } | undefined;
1953
2729
  };
1954
2730
  };
1955
2731
  export type RecoverResponse = {
1956
2732
  credential: {
2733
+ /** UUID of the credential that was registered. */
1957
2734
  uuid: string;
2735
+ /** Kind of credential that was registered. */
1958
2736
  kind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
2737
+ /** Human-readable name of the credential. */
1959
2738
  name: string;
1960
2739
  };
1961
2740
  user: {
2741
+ /** User id. */
1962
2742
  id: string;
2743
+ /** Username/identifier of the user. */
1963
2744
  username: string;
1964
- orgId: string;
2745
+ /** Organization id. */
2746
+ orgId?: string | undefined;
2747
+ /** Tenant id. */
2748
+ tenantId?: string | undefined;
1965
2749
  };
1966
2750
  };
1967
2751
  export type RecoverRequest = {
@@ -1971,89 +2755,132 @@ export type RegisterBody = {
1971
2755
  firstFactorCredential: {
1972
2756
  credentialKind: "Fido2";
1973
2757
  credentialInfo: {
2758
+ /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
1974
2759
  credId: string;
2760
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
1975
2761
  clientData: string;
2762
+ /** Base64url-encoded attestation data returned by the user's WebAuthn client. */
1976
2763
  attestationData: string;
1977
2764
  };
2765
+ /** Human-readable name to assign to the credential. */
1978
2766
  credentialName?: string | undefined;
1979
2767
  } | {
1980
2768
  credentialKind: "Key";
1981
2769
  credentialInfo: {
2770
+ /** Base64url-encoded id of the credential. */
1982
2771
  credId: string;
2772
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
1983
2773
  clientData: string;
2774
+ /** Base64url-encoded public key. */
1984
2775
  attestationData: string;
1985
2776
  };
2777
+ /** Human-readable name to assign to the credential. */
1986
2778
  credentialName?: string | undefined;
1987
2779
  } | {
1988
2780
  credentialKind: "Password";
1989
2781
  credentialInfo: {
2782
+ /** User password. */
1990
2783
  password: string;
1991
2784
  };
2785
+ /** Human-readable name to assign to the credential. */
1992
2786
  credentialName?: string | undefined;
1993
2787
  } | {
1994
2788
  credentialKind: "PasswordProtectedKey";
1995
2789
  credentialInfo: {
2790
+ /** Base64url-encoded id of the credential. */
1996
2791
  credId: string;
2792
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
1997
2793
  clientData: string;
2794
+ /** Base64url-encoded public key. */
1998
2795
  attestationData: string;
1999
2796
  };
2797
+ /** User-encrypted private key. Dfns does not have the password to decrypt it. */
2000
2798
  encryptedPrivateKey: string;
2799
+ /** Human-readable name to assign to the credential. */
2001
2800
  credentialName?: string | undefined;
2002
2801
  };
2003
2802
  secondFactorCredential?: ({
2004
2803
  credentialKind: "Fido2";
2005
2804
  credentialInfo: {
2805
+ /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
2006
2806
  credId: string;
2807
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
2007
2808
  clientData: string;
2809
+ /** Base64url-encoded attestation data returned by the user's WebAuthn client. */
2008
2810
  attestationData: string;
2009
2811
  };
2812
+ /** Human-readable name to assign to the credential. */
2010
2813
  credentialName?: string | undefined;
2011
2814
  } | {
2012
2815
  credentialKind: "Key";
2013
2816
  credentialInfo: {
2817
+ /** Base64url-encoded id of the credential. */
2014
2818
  credId: string;
2819
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
2015
2820
  clientData: string;
2821
+ /** Base64url-encoded public key. */
2016
2822
  attestationData: string;
2017
2823
  };
2824
+ /** Human-readable name to assign to the credential. */
2018
2825
  credentialName?: string | undefined;
2019
2826
  } | {
2020
2827
  credentialKind: "Totp";
2021
2828
  credentialInfo: {
2829
+ /** TOTP one-time code. */
2022
2830
  otpCode: string;
2023
2831
  };
2832
+ /** Human-readable name to assign to the credential. */
2024
2833
  credentialName?: string | undefined;
2025
2834
  } | {
2026
2835
  credentialKind: "PasswordProtectedKey";
2027
2836
  credentialInfo: {
2837
+ /** Base64url-encoded id of the credential. */
2028
2838
  credId: string;
2839
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
2029
2840
  clientData: string;
2841
+ /** Base64url-encoded public key. */
2030
2842
  attestationData: string;
2031
2843
  };
2844
+ /** User-encrypted private key. Dfns does not have the password to decrypt it. */
2032
2845
  encryptedPrivateKey: string;
2846
+ /** Human-readable name to assign to the credential. */
2033
2847
  credentialName?: string | undefined;
2034
2848
  }) | undefined;
2035
2849
  /** Register a recovery key. See [Account Recovery](https://docs.dfns.co/api-reference/auth/account-recovery) for more details. */
2036
2850
  recoveryCredential?: {
2037
2851
  credentialKind: "RecoveryKey";
2038
2852
  credentialInfo: {
2853
+ /** Base64url-encoded id of the recovery credential. */
2039
2854
  credId: string;
2855
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
2040
2856
  clientData: string;
2857
+ /** Base64url-encoded public key. */
2041
2858
  attestationData: string;
2042
2859
  };
2860
+ /** User-encrypted private key for the recovery credential. */
2043
2861
  encryptedPrivateKey?: string | undefined;
2862
+ /** Human-readable name to assign to the credential. */
2044
2863
  credentialName?: string | undefined;
2045
2864
  } | undefined;
2046
2865
  };
2047
2866
  export type RegisterResponse = {
2048
2867
  credential: {
2868
+ /** UUID of the credential that was registered. */
2049
2869
  uuid: string;
2870
+ /** Kind of credential that was registered. */
2050
2871
  kind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
2872
+ /** Human-readable name of the credential. */
2051
2873
  name: string;
2052
2874
  };
2053
2875
  user: {
2876
+ /** User id. */
2054
2877
  id: string;
2878
+ /** Username/identifier of the user. */
2055
2879
  username: string;
2056
- orgId: string;
2880
+ /** Organization id. */
2881
+ orgId?: string | undefined;
2882
+ /** Tenant id. */
2883
+ tenantId?: string | undefined;
2057
2884
  };
2058
2885
  };
2059
2886
  export type RegisterRequest = {
@@ -2063,103 +2890,147 @@ export type RegisterEndUserBody = {
2063
2890
  firstFactorCredential: {
2064
2891
  credentialKind: "Fido2";
2065
2892
  credentialInfo: {
2893
+ /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
2066
2894
  credId: string;
2895
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
2067
2896
  clientData: string;
2897
+ /** Base64url-encoded attestation data returned by the user's WebAuthn client. */
2068
2898
  attestationData: string;
2069
2899
  };
2900
+ /** Human-readable name to assign to the credential. */
2070
2901
  credentialName?: string | undefined;
2071
2902
  } | {
2072
2903
  credentialKind: "Key";
2073
2904
  credentialInfo: {
2905
+ /** Base64url-encoded id of the credential. */
2074
2906
  credId: string;
2907
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
2075
2908
  clientData: string;
2909
+ /** Base64url-encoded public key. */
2076
2910
  attestationData: string;
2077
2911
  };
2912
+ /** Human-readable name to assign to the credential. */
2078
2913
  credentialName?: string | undefined;
2079
2914
  } | {
2080
2915
  credentialKind: "Password";
2081
2916
  credentialInfo: {
2917
+ /** User password. */
2082
2918
  password: string;
2083
2919
  };
2920
+ /** Human-readable name to assign to the credential. */
2084
2921
  credentialName?: string | undefined;
2085
2922
  } | {
2086
2923
  credentialKind: "PasswordProtectedKey";
2087
2924
  credentialInfo: {
2925
+ /** Base64url-encoded id of the credential. */
2088
2926
  credId: string;
2927
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
2089
2928
  clientData: string;
2929
+ /** Base64url-encoded public key. */
2090
2930
  attestationData: string;
2091
2931
  };
2932
+ /** User-encrypted private key. Dfns does not have the password to decrypt it. */
2092
2933
  encryptedPrivateKey: string;
2934
+ /** Human-readable name to assign to the credential. */
2093
2935
  credentialName?: string | undefined;
2094
2936
  };
2095
2937
  secondFactorCredential?: ({
2096
2938
  credentialKind: "Fido2";
2097
2939
  credentialInfo: {
2940
+ /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
2098
2941
  credId: string;
2942
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
2099
2943
  clientData: string;
2944
+ /** Base64url-encoded attestation data returned by the user's WebAuthn client. */
2100
2945
  attestationData: string;
2101
2946
  };
2947
+ /** Human-readable name to assign to the credential. */
2102
2948
  credentialName?: string | undefined;
2103
2949
  } | {
2104
2950
  credentialKind: "Key";
2105
2951
  credentialInfo: {
2952
+ /** Base64url-encoded id of the credential. */
2106
2953
  credId: string;
2954
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
2107
2955
  clientData: string;
2956
+ /** Base64url-encoded public key. */
2108
2957
  attestationData: string;
2109
2958
  };
2959
+ /** Human-readable name to assign to the credential. */
2110
2960
  credentialName?: string | undefined;
2111
2961
  } | {
2112
2962
  credentialKind: "Totp";
2113
2963
  credentialInfo: {
2964
+ /** TOTP one-time code. */
2114
2965
  otpCode: string;
2115
2966
  };
2967
+ /** Human-readable name to assign to the credential. */
2116
2968
  credentialName?: string | undefined;
2117
2969
  } | {
2118
2970
  credentialKind: "PasswordProtectedKey";
2119
2971
  credentialInfo: {
2972
+ /** Base64url-encoded id of the credential. */
2120
2973
  credId: string;
2974
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
2121
2975
  clientData: string;
2976
+ /** Base64url-encoded public key. */
2122
2977
  attestationData: string;
2123
2978
  };
2979
+ /** User-encrypted private key. Dfns does not have the password to decrypt it. */
2124
2980
  encryptedPrivateKey: string;
2981
+ /** Human-readable name to assign to the credential. */
2125
2982
  credentialName?: string | undefined;
2126
2983
  }) | undefined;
2127
2984
  /** Register a recovery key. See [Account Recovery](https://docs.dfns.co/api-reference/auth/account-recovery) for more details. */
2128
2985
  recoveryCredential?: {
2129
2986
  credentialKind: "RecoveryKey";
2130
2987
  credentialInfo: {
2988
+ /** Base64url-encoded id of the recovery credential. */
2131
2989
  credId: string;
2990
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
2132
2991
  clientData: string;
2992
+ /** Base64url-encoded public key. */
2133
2993
  attestationData: string;
2134
2994
  };
2995
+ /** User-encrypted private key for the recovery credential. */
2135
2996
  encryptedPrivateKey?: string | undefined;
2997
+ /** Human-readable name to assign to the credential. */
2136
2998
  credentialName?: string | undefined;
2137
2999
  } | undefined;
2138
3000
  wallets: {
2139
- network: ("Algorand" | "AlgorandTestnet" | "Aptos" | "AptosTestnet" | "ArbitrumOne" | "ArbitrumGoerli" | "ArbitrumSepolia" | "ArcTestnet" | "Areum" | "AvalancheC" | "AvalancheCFuji" | "Adi" | "AdiTestnet" | "AdiTestnetAb" | "BabylonGenesis" | "BabylonTestnet5" | "Base" | "BaseGoerli" | "BaseSepolia" | "Berachain" | "BerachainBArtio" | "BerachainBepolia" | "BesuTestnet" | "Bitcoin" | "BitcoinSignet" | "BitcoinTestnet3" | "BitcoinTestnet4" | "BitcoinCash" | "BitcoinCashTestnet" | "Bob" | "BobSepolia" | "Bsc" | "BscTestnet" | "Canton" | "CantonDevnet" | "CantonTestnet" | "Cardano" | "CardanoPreprod" | "Concordium" | "ConcordiumTestnet" | "Celo" | "CeloAlfajores" | "Codex" | "CodexSepolia" | "CosmosHub4" | "CosmosIcsTestnet" | "Dogecoin" | "DogecoinTestnet" | "Ethereum" | "EthereumClassic" | "EthereumClassicMordor" | "EthereumGoerli" | "EthereumSepolia" | "EthereumHolesky" | "EthereumHoodi" | "FantomOpera" | "FantomTestnet" | "FlareC" | "FlareCCoston2" | "FlowEvm" | "FlowEvmTestnet" | "Hedera" | "HederaTestnet" | "Ink" | "InkSepolia" | "InternetComputer" | "Ion" | "IonTestnet" | "Iota" | "IotaTestnet" | "IotaZodianet" | "Kaspa" | "KaspaTestnet11" | "Kusama" | "KusamaAssetHub" | "Litecoin" | "LitecoinTestnet" | "Near" | "NearTestnet" | "Optimism" | "OptimismGoerli" | "OptimismSepolia" | "Origyn" | "Plasma" | "PlasmaTestnet" | "Plume" | "PlumeSepolia" | "Paseo" | "PaseoAssetHub" | "Polkadot" | "PolkadotAssetHub" | "Polygon" | "PolygonAmoy" | "PolygonMumbai" | "Polymesh" | "PolymeshTestnet" | "Race" | "RaceSepolia" | "SeiAtlantic2" | "SeiPacific1" | "Solana" | "SolanaDevnet" | "Sonic" | "SonicTestnet" | "Starknet" | "StarknetSepolia" | "Stellar" | "StellarTestnet" | "Sui" | "SuiTestnet" | "Tezos" | "TezosGhostnet" | "TezosShadownet" | "Tempo" | "TempoAndantino" | "TempoModerato" | "Tsc" | "TscTestnet1" | "Ton" | "TonTestnet" | "Tron" | "TronNile" | "Westend" | "WestendAssetHub" | "Xdc" | "XdcApothem" | "XLayer" | "XLayerSepolia" | "XrpLedger" | "XrpLedgerTestnet") | ("KeyECDSA" | "KeyEdDSA" | "KeyECDSAStark");
3001
+ network: ("Algorand" | "AlgorandTestnet" | "Aptos" | "AptosTestnet" | "ArbitrumOne" | "ArbitrumGoerli" | "ArbitrumSepolia" | "ArcTestnet" | "Areum" | "AvalancheC" | "AvalancheCFuji" | "Adi" | "AdiTestnet" | "AdiTestnetAb" | "BabylonGenesis" | "BabylonTestnet5" | "Base" | "BaseGoerli" | "BaseSepolia" | "Berachain" | "BerachainBArtio" | "BerachainBepolia" | "BesuTestnet" | "Bitcoin" | "BitcoinSignet" | "BitcoinTestnet3" | "BitcoinTestnet4" | "BitcoinCash" | "BitcoinCashTestnet" | "Bob" | "BobSepolia" | "Bsc" | "BscTestnet" | "Canton" | "CantonDevnet" | "CantonTestnet" | "Cardano" | "CardanoPreprod" | "Concordium" | "ConcordiumTestnet" | "Celo" | "CeloAlfajores" | "Codex" | "CodexSepolia" | "CosmosHub4" | "CosmosIcsTestnet" | "Dogecoin" | "DogecoinTestnet" | "Ethereum" | "EthereumClassic" | "EthereumClassicMordor" | "EthereumGoerli" | "EthereumSepolia" | "EthereumHolesky" | "EthereumHoodi" | "FantomOpera" | "FantomTestnet" | "FlareC" | "FlareCCoston2" | "FlowEvm" | "FlowEvmTestnet" | "IconTestnet" | "Hedera" | "HederaTestnet" | "Ink" | "InkSepolia" | "InternetComputer" | "Ion" | "IonTestnet" | "Iota" | "IotaTestnet" | "IotaZodianet" | "Kaspa" | "KaspaTestnet11" | "Kusama" | "KusamaAssetHub" | "Litecoin" | "LitecoinTestnet" | "Movement" | "MovementTestnet" | "Near" | "NearTestnet" | "Optimism" | "OptimismGoerli" | "OptimismSepolia" | "Origyn" | "Plasma" | "PlasmaTestnet" | "Plume" | "PlumeSepolia" | "Paseo" | "PaseoAssetHub" | "Polkadot" | "PolkadotAssetHub" | "Polygon" | "PolygonAmoy" | "PolygonMumbai" | "Polymesh" | "PolymeshTestnet" | "Race" | "RaceSepolia" | "Rayls" | "RaylsTestnet" | "SeiAtlantic2" | "SeiPacific1" | "Solana" | "SolanaDevnet" | "Sonic" | "SonicTestnet" | "Starknet" | "StarknetSepolia" | "Stellar" | "StellarTestnet" | "Sui" | "SuiTestnet" | "Tezos" | "TezosGhostnet" | "TezosShadownet" | "Tempo" | "TempoAndantino" | "TempoModerato" | "Tsc" | "TscTestnet1" | "Ton" | "TonTestnet" | "Tron" | "TronNile" | "Westend" | "WestendAssetHub" | "Xdc" | "XdcApothem" | "XLayer" | "XLayerSepolia" | "XrpLedger" | "XrpLedgerTestnet") | ("KeyECDSA" | "KeyEdDSA" | "KeyECDSAStark");
2140
3002
  /** Wallet nickname. */
2141
3003
  name?: string | undefined;
2142
3004
  }[];
2143
3005
  };
2144
3006
  export type RegisterEndUserResponse = {
2145
3007
  credential: {
3008
+ /** UUID of the credential that was registered. */
2146
3009
  uuid: string;
3010
+ /** Kind of credential that was registered. */
2147
3011
  kind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
3012
+ /** Human-readable name of the credential. */
2148
3013
  name: string;
2149
3014
  };
2150
3015
  user: {
3016
+ /** User id. */
2151
3017
  id: string;
3018
+ /** Username/identifier of the user. */
2152
3019
  username: string;
2153
- orgId: string;
3020
+ /** Organization id. */
3021
+ orgId?: string | undefined;
3022
+ /** Tenant id. */
3023
+ tenantId?: string | undefined;
2154
3024
  };
2155
3025
  authentication: {
3026
+ /** Authentication token issued to the user. */
2156
3027
  token: string;
2157
3028
  };
2158
3029
  wallets: {
2159
3030
  /** ID of the wallet. */
2160
3031
  id: string;
2161
3032
  /** Network this wallet is bound to. */
2162
- network: ("Algorand" | "AlgorandTestnet" | "Aptos" | "AptosTestnet" | "ArbitrumOne" | "ArbitrumGoerli" | "ArbitrumSepolia" | "ArcTestnet" | "Areum" | "AvalancheC" | "AvalancheCFuji" | "Adi" | "AdiTestnet" | "AdiTestnetAb" | "BabylonGenesis" | "BabylonTestnet5" | "Base" | "BaseGoerli" | "BaseSepolia" | "Berachain" | "BerachainBArtio" | "BerachainBepolia" | "BesuTestnet" | "Bitcoin" | "BitcoinSignet" | "BitcoinTestnet3" | "BitcoinTestnet4" | "BitcoinCash" | "BitcoinCashTestnet" | "Bob" | "BobSepolia" | "Bsc" | "BscTestnet" | "Canton" | "CantonDevnet" | "CantonTestnet" | "Cardano" | "CardanoPreprod" | "Concordium" | "ConcordiumTestnet" | "Celo" | "CeloAlfajores" | "Codex" | "CodexSepolia" | "CosmosHub4" | "CosmosIcsTestnet" | "Dogecoin" | "DogecoinTestnet" | "Ethereum" | "EthereumClassic" | "EthereumClassicMordor" | "EthereumGoerli" | "EthereumSepolia" | "EthereumHolesky" | "EthereumHoodi" | "FantomOpera" | "FantomTestnet" | "FlareC" | "FlareCCoston2" | "FlowEvm" | "FlowEvmTestnet" | "Hedera" | "HederaTestnet" | "Ink" | "InkSepolia" | "InternetComputer" | "Ion" | "IonTestnet" | "Iota" | "IotaTestnet" | "IotaZodianet" | "Kaspa" | "KaspaTestnet11" | "Kusama" | "KusamaAssetHub" | "Litecoin" | "LitecoinTestnet" | "Near" | "NearTestnet" | "Optimism" | "OptimismGoerli" | "OptimismSepolia" | "Origyn" | "Plasma" | "PlasmaTestnet" | "Plume" | "PlumeSepolia" | "Paseo" | "PaseoAssetHub" | "Polkadot" | "PolkadotAssetHub" | "Polygon" | "PolygonAmoy" | "PolygonMumbai" | "Polymesh" | "PolymeshTestnet" | "Race" | "RaceSepolia" | "SeiAtlantic2" | "SeiPacific1" | "Solana" | "SolanaDevnet" | "Sonic" | "SonicTestnet" | "Starknet" | "StarknetSepolia" | "Stellar" | "StellarTestnet" | "Sui" | "SuiTestnet" | "Tezos" | "TezosGhostnet" | "TezosShadownet" | "Tempo" | "TempoAndantino" | "TempoModerato" | "Tsc" | "TscTestnet1" | "Ton" | "TonTestnet" | "Tron" | "TronNile" | "Westend" | "WestendAssetHub" | "Xdc" | "XdcApothem" | "XLayer" | "XLayerSepolia" | "XrpLedger" | "XrpLedgerTestnet") | ("KeyECDSA" | "KeyEdDSA" | "KeyECDSAStark");
3033
+ network: ("Algorand" | "AlgorandTestnet" | "Aptos" | "AptosTestnet" | "ArbitrumOne" | "ArbitrumGoerli" | "ArbitrumSepolia" | "ArcTestnet" | "Areum" | "AvalancheC" | "AvalancheCFuji" | "Adi" | "AdiTestnet" | "AdiTestnetAb" | "BabylonGenesis" | "BabylonTestnet5" | "Base" | "BaseGoerli" | "BaseSepolia" | "Berachain" | "BerachainBArtio" | "BerachainBepolia" | "BesuTestnet" | "Bitcoin" | "BitcoinSignet" | "BitcoinTestnet3" | "BitcoinTestnet4" | "BitcoinCash" | "BitcoinCashTestnet" | "Bob" | "BobSepolia" | "Bsc" | "BscTestnet" | "Canton" | "CantonDevnet" | "CantonTestnet" | "Cardano" | "CardanoPreprod" | "Concordium" | "ConcordiumTestnet" | "Celo" | "CeloAlfajores" | "Codex" | "CodexSepolia" | "CosmosHub4" | "CosmosIcsTestnet" | "Dogecoin" | "DogecoinTestnet" | "Ethereum" | "EthereumClassic" | "EthereumClassicMordor" | "EthereumGoerli" | "EthereumSepolia" | "EthereumHolesky" | "EthereumHoodi" | "FantomOpera" | "FantomTestnet" | "FlareC" | "FlareCCoston2" | "FlowEvm" | "FlowEvmTestnet" | "IconTestnet" | "Hedera" | "HederaTestnet" | "Ink" | "InkSepolia" | "InternetComputer" | "Ion" | "IonTestnet" | "Iota" | "IotaTestnet" | "IotaZodianet" | "Kaspa" | "KaspaTestnet11" | "Kusama" | "KusamaAssetHub" | "Litecoin" | "LitecoinTestnet" | "Movement" | "MovementTestnet" | "Near" | "NearTestnet" | "Optimism" | "OptimismGoerli" | "OptimismSepolia" | "Origyn" | "Plasma" | "PlasmaTestnet" | "Plume" | "PlumeSepolia" | "Paseo" | "PaseoAssetHub" | "Polkadot" | "PolkadotAssetHub" | "Polygon" | "PolygonAmoy" | "PolygonMumbai" | "Polymesh" | "PolymeshTestnet" | "Race" | "RaceSepolia" | "Rayls" | "RaylsTestnet" | "SeiAtlantic2" | "SeiPacific1" | "Solana" | "SolanaDevnet" | "Sonic" | "SonicTestnet" | "Starknet" | "StarknetSepolia" | "Stellar" | "StellarTestnet" | "Sui" | "SuiTestnet" | "Tezos" | "TezosGhostnet" | "TezosShadownet" | "Tempo" | "TempoAndantino" | "TempoModerato" | "Tsc" | "TscTestnet1" | "Ton" | "TonTestnet" | "Tron" | "TronNile" | "Westend" | "WestendAssetHub" | "Xdc" | "XdcApothem" | "XLayer" | "XLayerSepolia" | "XrpLedger" | "XrpLedgerTestnet") | ("KeyECDSA" | "KeyEdDSA" | "KeyECDSAStark");
2163
3034
  /** Wallet address on its corresponding network. */
2164
3035
  address?: string | undefined;
2165
3036
  /** Details about the key underlying the wallet. */
@@ -2197,41 +3068,60 @@ export type RegisterEndUserRequest = {
2197
3068
  body: RegisterEndUserBody;
2198
3069
  };
2199
3070
  export type ResendRegistrationCodeBody = {
3071
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
2200
3072
  username: string;
2201
- orgId: string;
3073
+ /** Organization id. */
3074
+ orgId?: string | undefined;
3075
+ /** Tenant id. */
3076
+ tenantId?: string | undefined;
2202
3077
  };
2203
3078
  export type ResendRegistrationCodeResponse = {
3079
+ /** Human-readable success message. */
2204
3080
  message: string;
2205
3081
  };
2206
3082
  export type ResendRegistrationCodeRequest = {
2207
3083
  body: ResendRegistrationCodeBody;
2208
3084
  };
2209
3085
  export type SendLoginCodeBody = {
3086
+ /** Username/identifier of the user to send the login code to. */
2210
3087
  username: string;
2211
- orgId: string;
3088
+ /** Organization id. */
3089
+ orgId?: string | undefined;
3090
+ /** Tenant id. */
3091
+ tenantId?: string | undefined;
2212
3092
  };
2213
3093
  export type SendLoginCodeResponse = {
3094
+ /** Human-readable success message. */
2214
3095
  message: string;
2215
3096
  };
2216
3097
  export type SendLoginCodeRequest = {
2217
3098
  body: SendLoginCodeBody;
2218
3099
  };
2219
3100
  export type SendRecoveryCodeBody = {
3101
+ /** Username/identifier of the user to send the recovery code to. */
2220
3102
  username: string;
2221
- orgId: string;
3103
+ /** Organization id. */
3104
+ orgId?: string | undefined;
3105
+ /** Tenant id. */
3106
+ tenantId?: string | undefined;
2222
3107
  };
2223
3108
  export type SendRecoveryCodeResponse = {
3109
+ /** Human-readable success message. */
2224
3110
  message: string;
2225
3111
  };
2226
3112
  export type SendRecoveryCodeRequest = {
2227
3113
  body: SendRecoveryCodeBody;
2228
3114
  };
2229
3115
  export type SocialLoginBody = {
3116
+ /** Organization id. */
2230
3117
  orgId?: string | undefined;
3118
+ /** Social login provider used to issue the JWT. */
2231
3119
  socialLoginProviderKind: "Oidc";
3120
+ /** JWT id token issued by the social login provider. */
2232
3121
  idToken: string;
2233
3122
  };
2234
3123
  export type SocialLoginResponse = {
3124
+ /** Authentication token issued to the user. */
2235
3125
  token: string;
2236
3126
  };
2237
3127
  export type SocialLoginRequest = {
@@ -2244,6 +3134,7 @@ export type SsoLoginBody = {
2244
3134
  state: string;
2245
3135
  };
2246
3136
  export type SsoLoginResponse = {
3137
+ /** Authentication token issued to the user. */
2247
3138
  token: string;
2248
3139
  };
2249
3140
  export type SsoLoginRequest = {
@@ -2265,81 +3156,130 @@ export type SsoLoginInitRequest = {
2265
3156
  body: SsoLoginInitBody;
2266
3157
  };
2267
3158
  export type UpdatePersonalAccessTokenBody = {
3159
+ /** Updated human-readable name of the Personal Access Token. */
2268
3160
  name?: string | undefined;
3161
+ /** Value that can be used to correlate the entity with an external system. */
2269
3162
  externalId?: string | undefined;
2270
3163
  };
2271
3164
  export type UpdatePersonalAccessTokenParams = {
3165
+ /** Token id. */
2272
3166
  tokenId: string;
2273
3167
  };
2274
3168
  export type UpdatePersonalAccessTokenResponse = {
3169
+ /** The access token. Only returned at creation time. */
2275
3170
  accessToken?: string | undefined;
2276
3171
  dateCreated: string;
3172
+ /** ID of the credential associated with the access token. */
2277
3173
  credId: string;
3174
+ /** Whether the access token is active. */
2278
3175
  isActive: boolean;
2279
3176
  /** Access token kind. */
2280
3177
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
3178
+ /** User id. */
2281
3179
  linkedUserId: string;
3180
+ /** ID of the application the access token is linked to. */
2282
3181
  linkedAppId: string;
3182
+ /** Human-readable name of the access token. */
2283
3183
  name: string;
3184
+ /** Organization id. */
2284
3185
  orgId: string;
3186
+ /** Permissions (roles) assigned to the access token. */
2285
3187
  permissionAssignments: {
3188
+ /** Human-readable name of the permission (role). */
2286
3189
  permissionName: string;
3190
+ /** ID of the permission (also referred to as "role" in the dashboard). */
2287
3191
  permissionId: string;
3192
+ /** ID of the permission assignment. */
2288
3193
  assignmentId: string;
3194
+ /** List of API operations granted by this permission. */
2289
3195
  operations?: string[] | undefined;
2290
3196
  }[];
3197
+ /** Public key associated with the access token. */
2291
3198
  publicKey: string;
3199
+ /** Token id. */
2292
3200
  tokenId: string;
2293
3201
  };
2294
3202
  export type UpdatePersonalAccessTokenRequest = UpdatePersonalAccessTokenParams & {
2295
3203
  body: UpdatePersonalAccessTokenBody;
2296
3204
  };
2297
3205
  export type UpdateServiceAccountBody = {
3206
+ /** Updated human-readable name of the Service Account. */
2298
3207
  name?: string | undefined;
3208
+ /** Value that can be used to correlate the entity with an external system. */
2299
3209
  externalId?: string | undefined;
2300
3210
  };
2301
3211
  export type UpdateServiceAccountParams = {
3212
+ /** ID of the service account. */
2302
3213
  serviceAccountId: string;
2303
3214
  };
2304
3215
  export type UpdateServiceAccountResponse = {
2305
3216
  userInfo: {
3217
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
2306
3218
  username: string;
3219
+ /** Display name of the user. */
2307
3220
  name: string;
2308
3221
  /** User id. */
2309
3222
  userId: string;
2310
3223
  /** User kind. */
2311
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
3224
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
3225
+ /** UUID of the user's primary credential. */
2312
3226
  credentialUuid: string;
2313
- orgId: string;
3227
+ /** Organization id. */
3228
+ orgId?: string | undefined;
3229
+ /** Tenant id. */
3230
+ tenantId?: string | undefined;
3231
+ /** @deprecated - Flat list of API operations the user has access to. */
2314
3232
  permissions?: string[] | undefined;
3233
+ /** Whether the user is active. */
2315
3234
  isActive: boolean;
3235
+ /** Whether the user is a service account. */
2316
3236
  isServiceAccount: boolean;
3237
+ /** Whether the user has completed registration. */
2317
3238
  isRegistered: boolean;
3239
+ /** Permissions (roles) assigned to the user. */
2318
3240
  permissionAssignments: {
3241
+ /** Human-readable name of the permission (role). */
2319
3242
  permissionName: string;
3243
+ /** ID of the permission (also referred to as "role" in the dashboard). */
2320
3244
  permissionId: string;
3245
+ /** ID of the permission assignment. */
2321
3246
  assignmentId: string;
3247
+ /** List of API operations granted by this permission. */
2322
3248
  operations?: string[] | undefined;
2323
3249
  }[];
2324
3250
  };
2325
3251
  accessTokens: {
3252
+ /** The access token. Only returned at creation time. */
2326
3253
  accessToken?: string | undefined;
2327
3254
  dateCreated: string;
3255
+ /** ID of the credential associated with the access token. */
2328
3256
  credId: string;
3257
+ /** Whether the access token is active. */
2329
3258
  isActive: boolean;
2330
3259
  /** Access token kind. */
2331
3260
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
3261
+ /** User id. */
2332
3262
  linkedUserId: string;
3263
+ /** ID of the application the access token is linked to. */
2333
3264
  linkedAppId: string;
3265
+ /** Human-readable name of the access token. */
2334
3266
  name: string;
3267
+ /** Organization id. */
2335
3268
  orgId: string;
3269
+ /** Permissions (roles) assigned to the access token. */
2336
3270
  permissionAssignments: {
3271
+ /** Human-readable name of the permission (role). */
2337
3272
  permissionName: string;
3273
+ /** ID of the permission (also referred to as "role" in the dashboard). */
2338
3274
  permissionId: string;
3275
+ /** ID of the permission assignment. */
2339
3276
  assignmentId: string;
3277
+ /** List of API operations granted by this permission. */
2340
3278
  operations?: string[] | undefined;
2341
3279
  }[];
3280
+ /** Public key associated with the access token. */
2342
3281
  publicKey: string;
3282
+ /** Token id. */
2343
3283
  tokenId: string;
2344
3284
  }[];
2345
3285
  };
@@ -2350,26 +3290,43 @@ export type UpdateUserBody = {
2350
3290
  isSSORequired: boolean;
2351
3291
  };
2352
3292
  export type UpdateUserParams = {
3293
+ /** User id. */
2353
3294
  userId: string;
2354
3295
  };
2355
3296
  export type UpdateUserResponse = {
3297
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
2356
3298
  username: string;
3299
+ /** Display name of the user. */
2357
3300
  name: string;
2358
3301
  /** User id. */
2359
3302
  userId: string;
2360
3303
  /** User kind. */
2361
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
3304
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
3305
+ /** UUID of the user's primary credential. */
2362
3306
  credentialUuid: string;
2363
- orgId: string;
3307
+ /** Organization id. */
3308
+ orgId?: string | undefined;
3309
+ /** Tenant id. */
3310
+ tenantId?: string | undefined;
3311
+ /** @deprecated - Flat list of API operations the user has access to. */
2364
3312
  permissions?: string[] | undefined;
3313
+ /** Whether the user is active. */
2365
3314
  isActive: boolean;
3315
+ /** Whether the user is a service account. */
2366
3316
  isServiceAccount: boolean;
3317
+ /** Whether the user has completed registration. */
2367
3318
  isRegistered: boolean;
3319
+ /** Whether the user must authenticate via SSO. */
2368
3320
  isSSORequired: boolean;
3321
+ /** Permissions (roles) assigned to the user. */
2369
3322
  permissionAssignments: {
3323
+ /** Human-readable name of the permission (role). */
2370
3324
  permissionName: string;
3325
+ /** ID of the permission (also referred to as "role" in the dashboard). */
2371
3326
  permissionId: string;
3327
+ /** ID of the permission assignment. */
2372
3328
  assignmentId: string;
3329
+ /** List of API operations granted by this permission. */
2373
3330
  operations?: string[] | undefined;
2374
3331
  }[];
2375
3332
  };