@dfns/sdk 0.8.21 → 0.8.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,132 +1,217 @@
1
1
  export type ActivateCredentialBody = {
2
+ /** UUID of the credential to activate. */
2
3
  credentialUuid: string;
3
4
  };
4
5
  export type ActivateCredentialResponse = {
6
+ /** Human-readable success message. */
5
7
  message: string;
6
8
  };
7
9
  export type ActivateCredentialRequest = {
8
10
  body: ActivateCredentialBody;
9
11
  };
10
12
  export type ActivatePersonalAccessTokenParams = {
13
+ /** Token id. */
11
14
  tokenId: string;
12
15
  };
13
16
  export type ActivatePersonalAccessTokenResponse = {
17
+ /** The access token. Only returned at creation time. */
14
18
  accessToken?: string | undefined;
15
19
  dateCreated: string;
20
+ /** ID of the credential associated with the access token. */
16
21
  credId: string;
22
+ /** Whether the access token is active. */
17
23
  isActive: boolean;
18
24
  /** Access token kind. */
19
25
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
26
+ /** User id. */
20
27
  linkedUserId: string;
28
+ /** ID of the application the access token is linked to. */
21
29
  linkedAppId: string;
30
+ /** Human-readable name of the access token. */
22
31
  name: string;
32
+ /** Organization id. */
23
33
  orgId: string;
34
+ /** Permissions (roles) assigned to the access token. */
24
35
  permissionAssignments: {
36
+ /** Human-readable name of the permission (role). */
25
37
  permissionName: string;
38
+ /** ID of the permission (also referred to as "role" in the dashboard). */
26
39
  permissionId: string;
40
+ /** ID of the permission assignment. */
27
41
  assignmentId: string;
42
+ /** List of API operations granted by this permission. */
28
43
  operations?: string[] | undefined;
29
44
  }[];
45
+ /** Public key associated with the access token. */
30
46
  publicKey: string;
47
+ /** Token id. */
31
48
  tokenId: string;
32
49
  };
33
50
  export type ActivatePersonalAccessTokenRequest = ActivatePersonalAccessTokenParams;
34
51
  export type ActivateServiceAccountParams = {
52
+ /** ID of the service account. */
35
53
  serviceAccountId: string;
36
54
  };
37
55
  export type ActivateServiceAccountResponse = {
38
56
  userInfo: {
57
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
39
58
  username: string;
59
+ /** Display name of the user. */
40
60
  name: string;
41
61
  /** User id. */
42
62
  userId: string;
43
63
  /** User kind. */
44
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
64
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
65
+ /** UUID of the user's primary credential. */
45
66
  credentialUuid: string;
46
- orgId: string;
67
+ /** Organization id. */
68
+ orgId?: string | undefined;
69
+ /** Tenant id. */
70
+ tenantId?: string | undefined;
71
+ /** @deprecated - Flat list of API operations the user has access to. */
47
72
  permissions?: string[] | undefined;
73
+ /** Whether the user is active. */
48
74
  isActive: boolean;
75
+ /** Whether the user is a service account. */
49
76
  isServiceAccount: boolean;
77
+ /** Whether the user has completed registration. */
50
78
  isRegistered: boolean;
79
+ /** Permissions (roles) assigned to the user. */
51
80
  permissionAssignments: {
81
+ /** Human-readable name of the permission (role). */
52
82
  permissionName: string;
83
+ /** ID of the permission (also referred to as "role" in the dashboard). */
53
84
  permissionId: string;
85
+ /** ID of the permission assignment. */
54
86
  assignmentId: string;
87
+ /** List of API operations granted by this permission. */
55
88
  operations?: string[] | undefined;
56
89
  }[];
57
90
  };
58
91
  accessTokens: {
92
+ /** The access token. Only returned at creation time. */
59
93
  accessToken?: string | undefined;
60
94
  dateCreated: string;
95
+ /** ID of the credential associated with the access token. */
61
96
  credId: string;
97
+ /** Whether the access token is active. */
62
98
  isActive: boolean;
63
99
  /** Access token kind. */
64
100
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
101
+ /** User id. */
65
102
  linkedUserId: string;
103
+ /** ID of the application the access token is linked to. */
66
104
  linkedAppId: string;
105
+ /** Human-readable name of the access token. */
67
106
  name: string;
107
+ /** Organization id. */
68
108
  orgId: string;
109
+ /** Permissions (roles) assigned to the access token. */
69
110
  permissionAssignments: {
111
+ /** Human-readable name of the permission (role). */
70
112
  permissionName: string;
113
+ /** ID of the permission (also referred to as "role" in the dashboard). */
71
114
  permissionId: string;
115
+ /** ID of the permission assignment. */
72
116
  assignmentId: string;
117
+ /** List of API operations granted by this permission. */
73
118
  operations?: string[] | undefined;
74
119
  }[];
120
+ /** Public key associated with the access token. */
75
121
  publicKey: string;
122
+ /** Token id. */
76
123
  tokenId: string;
77
124
  }[];
78
125
  };
79
126
  export type ActivateServiceAccountRequest = ActivateServiceAccountParams;
80
127
  export type ActivateUserParams = {
128
+ /** User id. */
81
129
  userId: string;
82
130
  };
83
131
  export type ActivateUserResponse = {
132
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
84
133
  username: string;
134
+ /** Display name of the user. */
85
135
  name: string;
86
136
  /** User id. */
87
137
  userId: string;
88
138
  /** User kind. */
89
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
139
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
140
+ /** UUID of the user's primary credential. */
90
141
  credentialUuid: string;
91
- orgId: string;
142
+ /** Organization id. */
143
+ orgId?: string | undefined;
144
+ /** Tenant id. */
145
+ tenantId?: string | undefined;
146
+ /** @deprecated - Flat list of API operations the user has access to. */
92
147
  permissions?: string[] | undefined;
148
+ /** Whether the user is active. */
93
149
  isActive: boolean;
150
+ /** Whether the user is a service account. */
94
151
  isServiceAccount: boolean;
152
+ /** Whether the user has completed registration. */
95
153
  isRegistered: boolean;
154
+ /** Whether the user must authenticate via SSO. */
96
155
  isSSORequired: boolean;
156
+ /** Permissions (roles) assigned to the user. */
97
157
  permissionAssignments: {
158
+ /** Human-readable name of the permission (role). */
98
159
  permissionName: string;
160
+ /** ID of the permission (also referred to as "role" in the dashboard). */
99
161
  permissionId: string;
162
+ /** ID of the permission assignment. */
100
163
  assignmentId: string;
164
+ /** List of API operations granted by this permission. */
101
165
  operations?: string[] | undefined;
102
166
  }[];
103
167
  };
104
168
  export type ActivateUserRequest = ActivateUserParams;
169
+ export type ArchiveCredentialParams = {
170
+ credentialUuid: string;
171
+ };
172
+ export type ArchiveCredentialResponse = {};
173
+ export type ArchiveCredentialRequest = ArchiveCredentialParams;
105
174
  export type ArchivePersonalAccessTokenParams = {
175
+ /** Token id. */
106
176
  tokenId: string;
107
177
  };
108
178
  export type ArchivePersonalAccessTokenResponse = {
179
+ /** The access token. Only returned at creation time. */
109
180
  accessToken?: string | undefined;
110
181
  dateCreated: string;
182
+ /** ID of the credential associated with the access token. */
111
183
  credId: string;
184
+ /** Whether the access token is active. */
112
185
  isActive: boolean;
113
186
  /** Access token kind. */
114
187
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
188
+ /** User id. */
115
189
  linkedUserId: string;
190
+ /** ID of the application the access token is linked to. */
116
191
  linkedAppId: string;
192
+ /** Human-readable name of the access token. */
117
193
  name: string;
194
+ /** Organization id. */
118
195
  orgId: string;
196
+ /** Permissions (roles) assigned to the access token. */
119
197
  permissionAssignments: {
198
+ /** Human-readable name of the permission (role). */
120
199
  permissionName: string;
200
+ /** ID of the permission (also referred to as "role" in the dashboard). */
121
201
  permissionId: string;
202
+ /** ID of the permission assignment. */
122
203
  assignmentId: string;
204
+ /** List of API operations granted by this permission. */
123
205
  operations?: string[] | undefined;
124
206
  }[];
207
+ /** Public key associated with the access token. */
125
208
  publicKey: string;
209
+ /** Token id. */
126
210
  tokenId: string;
127
211
  };
128
212
  export type ArchivePersonalAccessTokenRequest = ArchivePersonalAccessTokenParams;
129
213
  export type ArchiveServiceAccountParams = {
214
+ /** ID of the service account. */
130
215
  serviceAccountId: string;
131
216
  };
132
217
  export type ArchiveServiceAccountQuery = {
@@ -135,43 +220,72 @@ export type ArchiveServiceAccountQuery = {
135
220
  };
136
221
  export type ArchiveServiceAccountResponse = {
137
222
  userInfo: {
223
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
138
224
  username: string;
225
+ /** Display name of the user. */
139
226
  name: string;
140
227
  /** User id. */
141
228
  userId: string;
142
229
  /** User kind. */
143
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
230
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
231
+ /** UUID of the user's primary credential. */
144
232
  credentialUuid: string;
145
- orgId: string;
233
+ /** Organization id. */
234
+ orgId?: string | undefined;
235
+ /** Tenant id. */
236
+ tenantId?: string | undefined;
237
+ /** @deprecated - Flat list of API operations the user has access to. */
146
238
  permissions?: string[] | undefined;
239
+ /** Whether the user is active. */
147
240
  isActive: boolean;
241
+ /** Whether the user is a service account. */
148
242
  isServiceAccount: boolean;
243
+ /** Whether the user has completed registration. */
149
244
  isRegistered: boolean;
245
+ /** Permissions (roles) assigned to the user. */
150
246
  permissionAssignments: {
247
+ /** Human-readable name of the permission (role). */
151
248
  permissionName: string;
249
+ /** ID of the permission (also referred to as "role" in the dashboard). */
152
250
  permissionId: string;
251
+ /** ID of the permission assignment. */
153
252
  assignmentId: string;
253
+ /** List of API operations granted by this permission. */
154
254
  operations?: string[] | undefined;
155
255
  }[];
156
256
  };
157
257
  accessTokens: {
258
+ /** The access token. Only returned at creation time. */
158
259
  accessToken?: string | undefined;
159
260
  dateCreated: string;
261
+ /** ID of the credential associated with the access token. */
160
262
  credId: string;
263
+ /** Whether the access token is active. */
161
264
  isActive: boolean;
162
265
  /** Access token kind. */
163
266
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
267
+ /** User id. */
164
268
  linkedUserId: string;
269
+ /** ID of the application the access token is linked to. */
165
270
  linkedAppId: string;
271
+ /** Human-readable name of the access token. */
166
272
  name: string;
273
+ /** Organization id. */
167
274
  orgId: string;
275
+ /** Permissions (roles) assigned to the access token. */
168
276
  permissionAssignments: {
277
+ /** Human-readable name of the permission (role). */
169
278
  permissionName: string;
279
+ /** ID of the permission (also referred to as "role" in the dashboard). */
170
280
  permissionId: string;
281
+ /** ID of the permission assignment. */
171
282
  assignmentId: string;
283
+ /** List of API operations granted by this permission. */
172
284
  operations?: string[] | undefined;
173
285
  }[];
286
+ /** Public key associated with the access token. */
174
287
  publicKey: string;
288
+ /** Token id. */
175
289
  tokenId: string;
176
290
  }[];
177
291
  };
@@ -179,26 +293,43 @@ export type ArchiveServiceAccountRequest = ArchiveServiceAccountParams & {
179
293
  query?: ArchiveServiceAccountQuery;
180
294
  };
181
295
  export type ArchiveUserParams = {
296
+ /** User id. */
182
297
  userId: string;
183
298
  };
184
299
  export type ArchiveUserResponse = {
300
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
185
301
  username: string;
302
+ /** Display name of the user. */
186
303
  name: string;
187
304
  /** User id. */
188
305
  userId: string;
189
306
  /** User kind. */
190
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
307
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
308
+ /** UUID of the user's primary credential. */
191
309
  credentialUuid: string;
192
- orgId: string;
310
+ /** Organization id. */
311
+ orgId?: string | undefined;
312
+ /** Tenant id. */
313
+ tenantId?: string | undefined;
314
+ /** @deprecated - Flat list of API operations the user has access to. */
193
315
  permissions?: string[] | undefined;
316
+ /** Whether the user is active. */
194
317
  isActive: boolean;
318
+ /** Whether the user is a service account. */
195
319
  isServiceAccount: boolean;
320
+ /** Whether the user has completed registration. */
196
321
  isRegistered: boolean;
322
+ /** Whether the user must authenticate via SSO. */
197
323
  isSSORequired: boolean;
324
+ /** Permissions (roles) assigned to the user. */
198
325
  permissionAssignments: {
326
+ /** Human-readable name of the permission (role). */
199
327
  permissionName: string;
328
+ /** ID of the permission (also referred to as "role" in the dashboard). */
200
329
  permissionId: string;
330
+ /** ID of the permission assignment. */
201
331
  assignmentId: string;
332
+ /** List of API operations granted by this permission. */
202
333
  operations?: string[] | undefined;
203
334
  }[];
204
335
  };
@@ -206,84 +337,129 @@ export type ArchiveUserRequest = ArchiveUserParams;
206
337
  export type CreateCredentialBody = {
207
338
  credentialKind: "Fido2";
208
339
  credentialInfo: {
340
+ /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
209
341
  credId: string;
342
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
210
343
  clientData: string;
344
+ /** Base64url-encoded attestation data returned by the user's WebAuthn client. */
211
345
  attestationData: string;
212
346
  };
347
+ /** Human-readable name of the credential. */
213
348
  credentialName: string;
349
+ /** Challenge identifier returned by the create credential challenge endpoint. */
214
350
  challengeIdentifier: string;
215
351
  } | {
216
352
  credentialKind: "Key";
217
353
  credentialInfo: {
354
+ /** Base64url-encoded id of the credential. */
218
355
  credId: string;
356
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
219
357
  clientData: string;
358
+ /** Base64url-encoded public key. */
220
359
  attestationData: string;
221
360
  };
361
+ /** Human-readable name of the credential. */
222
362
  credentialName: string;
363
+ /** Challenge identifier returned by the create credential challenge endpoint. */
223
364
  challengeIdentifier: string;
224
365
  } | {
225
366
  credentialKind: "PasswordProtectedKey";
226
367
  credentialInfo: {
368
+ /** Base64url-encoded id of the credential. */
227
369
  credId: string;
370
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
228
371
  clientData: string;
372
+ /** Base64url-encoded public key. */
229
373
  attestationData: string;
230
374
  };
375
+ /** User-encrypted private key. Dfns does not have the password to decrypt it. */
231
376
  encryptedPrivateKey: string;
377
+ /** Human-readable name of the credential. */
232
378
  credentialName: string;
379
+ /** Challenge identifier returned by the create credential challenge endpoint. */
233
380
  challengeIdentifier: string;
234
381
  } | {
235
382
  credentialKind: "RecoveryKey";
236
383
  credentialInfo: {
384
+ /** Base64url-encoded id of the recovery credential. */
237
385
  credId: string;
386
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
238
387
  clientData: string;
388
+ /** Base64url-encoded public key. */
239
389
  attestationData: string;
240
390
  };
391
+ /** User-encrypted private key for the recovery credential. */
241
392
  encryptedPrivateKey?: string | undefined;
393
+ /** Human-readable name of the credential. */
242
394
  credentialName: string;
395
+ /** Challenge identifier returned by the create credential challenge endpoint. */
243
396
  challengeIdentifier: string;
244
397
  } | {
245
398
  credentialKind: "Password";
246
399
  credentialInfo: {
400
+ /** User password. */
247
401
  password: string;
248
402
  };
403
+ /** Human-readable name of the credential. */
249
404
  credentialName: string;
405
+ /** Challenge identifier returned by the create credential challenge endpoint. */
250
406
  challengeIdentifier: string;
251
407
  } | {
252
408
  credentialKind: "Totp";
253
409
  credentialInfo: {
410
+ /** TOTP one-time code. */
254
411
  otpCode: string;
255
412
  };
413
+ /** Human-readable name of the credential. */
256
414
  credentialName: string;
415
+ /** Challenge identifier returned by the create credential challenge endpoint. */
257
416
  challengeIdentifier: string;
258
417
  };
259
418
  export type CreateCredentialResponse = {
260
419
  kind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
420
+ /** Credential ID from the WebAuthn authenticator (base64url). */
261
421
  credentialId: string;
422
+ /** Dfns-internal UUID of the credential. */
262
423
  credentialUuid: string;
263
424
  dateCreated: string;
425
+ /** Whether the credential is active. */
264
426
  isActive: boolean;
427
+ /** Human-readable name of the credential. */
265
428
  name: string;
429
+ /** Public key of the credential. */
266
430
  publicKey: string;
431
+ /** Relying party identifier associated with the credential. */
267
432
  relyingPartyId: string;
433
+ /** Origin where the credential was created. */
268
434
  origin: string;
269
435
  };
270
436
  export type CreateCredentialRequest = {
271
437
  body: CreateCredentialBody;
272
438
  };
439
+ export type CreateUserCredentialBody = CreateCredentialBody;
440
+ export type CreateUserCredentialResponse = CreateCredentialResponse;
441
+ export type CreateUserCredentialRequest = CreateCredentialRequest;
273
442
  export type CreateCredentialChallengeBody = {
274
443
  kind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
275
444
  };
276
445
  export type CreateCredentialChallengeResponse = {
277
446
  kind: "Fido2";
278
447
  user: {
448
+ /** Base64url-encoded user handle (WebAuthn user.id). */
279
449
  id: string;
450
+ /** Display name of the user. */
280
451
  displayName: string;
452
+ /** Username of the user. */
281
453
  name: string;
282
454
  };
455
+ /** Challenge identifier to be used in the subsequent create credential request. */
283
456
  challengeIdentifier: string;
457
+ /** Challenge value to be signed by the credential. */
284
458
  challenge: string;
285
459
  rp?: {
460
+ /** ID of the WebAuthn relying party (typically a domain name). */
286
461
  id: string;
462
+ /** Human-readable name of the relying party. */
287
463
  name: string;
288
464
  } | undefined;
289
465
  authenticatorSelection: {
@@ -319,14 +495,21 @@ export type CreateCredentialChallengeResponse = {
319
495
  } | {
320
496
  kind: "Key";
321
497
  user: {
498
+ /** Base64url-encoded user handle (WebAuthn user.id). */
322
499
  id: string;
500
+ /** Display name of the user. */
323
501
  displayName: string;
502
+ /** Username of the user. */
324
503
  name: string;
325
504
  };
505
+ /** Challenge identifier to be used in the subsequent create credential request. */
326
506
  challengeIdentifier: string;
507
+ /** Challenge value to be signed by the credential. */
327
508
  challenge: string;
328
509
  rp?: {
510
+ /** ID of the WebAuthn relying party (typically a domain name). */
329
511
  id: string;
512
+ /** Human-readable name of the relying party. */
330
513
  name: string;
331
514
  } | undefined;
332
515
  /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
@@ -345,14 +528,21 @@ export type CreateCredentialChallengeResponse = {
345
528
  } | {
346
529
  kind: "PasswordProtectedKey";
347
530
  user: {
531
+ /** Base64url-encoded user handle (WebAuthn user.id). */
348
532
  id: string;
533
+ /** Display name of the user. */
349
534
  displayName: string;
535
+ /** Username of the user. */
350
536
  name: string;
351
537
  };
538
+ /** Challenge identifier to be used in the subsequent create credential request. */
352
539
  challengeIdentifier: string;
540
+ /** Challenge value to be signed by the credential. */
353
541
  challenge: string;
354
542
  rp?: {
543
+ /** ID of the WebAuthn relying party (typically a domain name). */
355
544
  id: string;
545
+ /** Human-readable name of the relying party. */
356
546
  name: string;
357
547
  } | undefined;
358
548
  /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
@@ -371,14 +561,21 @@ export type CreateCredentialChallengeResponse = {
371
561
  } | {
372
562
  kind: "RecoveryKey";
373
563
  user: {
564
+ /** Base64url-encoded user handle (WebAuthn user.id). */
374
565
  id: string;
566
+ /** Display name of the user. */
375
567
  displayName: string;
568
+ /** Username of the user. */
376
569
  name: string;
377
570
  };
571
+ /** Challenge identifier to be used in the subsequent create credential request. */
378
572
  challengeIdentifier: string;
573
+ /** Challenge value to be signed by the credential. */
379
574
  challenge: string;
380
575
  rp?: {
576
+ /** ID of the WebAuthn relying party (typically a domain name). */
381
577
  id: string;
578
+ /** Human-readable name of the relying party. */
382
579
  name: string;
383
580
  } | undefined;
384
581
  /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
@@ -397,13 +594,19 @@ export type CreateCredentialChallengeResponse = {
397
594
  } | {
398
595
  kind: "Password";
399
596
  user: {
597
+ /** Base64url-encoded user handle (WebAuthn user.id). */
400
598
  id: string;
599
+ /** Display name of the user. */
401
600
  displayName: string;
601
+ /** Username of the user. */
402
602
  name: string;
403
603
  };
604
+ /** Challenge identifier to be used in the subsequent create credential request. */
404
605
  challengeIdentifier: string;
405
606
  rp?: {
607
+ /** ID of the WebAuthn relying party (typically a domain name). */
406
608
  id: string;
609
+ /** Human-readable name of the relying party. */
407
610
  name: string;
408
611
  } | undefined;
409
612
  /** @deprecated use challengeIdentifier instead */
@@ -411,15 +614,22 @@ export type CreateCredentialChallengeResponse = {
411
614
  } | {
412
615
  kind: "Totp";
413
616
  user: {
617
+ /** Base64url-encoded user handle (WebAuthn user.id). */
414
618
  id: string;
619
+ /** Display name of the user. */
415
620
  displayName: string;
621
+ /** Username of the user. */
416
622
  name: string;
417
623
  };
624
+ /** Challenge identifier to be used in the subsequent create credential request. */
418
625
  challengeIdentifier: string;
419
626
  rp?: {
627
+ /** ID of the WebAuthn relying party (typically a domain name). */
420
628
  id: string;
629
+ /** Human-readable name of the relying party. */
421
630
  name: string;
422
631
  } | undefined;
632
+ /** Provisioning URL for the TOTP authenticator. */
423
633
  otpUrl: string;
424
634
  /** @deprecated use challengeIdentifier instead */
425
635
  temporaryAuthenticationToken: string;
@@ -427,21 +637,32 @@ export type CreateCredentialChallengeResponse = {
427
637
  export type CreateCredentialChallengeRequest = {
428
638
  body: CreateCredentialChallengeBody;
429
639
  };
640
+ export type CreateUserCredentialChallengeBody = CreateCredentialChallengeBody;
641
+ export type CreateUserCredentialChallengeResponse = CreateCredentialChallengeResponse;
642
+ export type CreateUserCredentialChallengeRequest = CreateCredentialChallengeRequest;
430
643
  export type CreateCredentialChallengeWithCodeBody = {
431
644
  credentialKind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
645
+ /** One-time code obtained from the create credential code endpoint. */
432
646
  code: string;
433
647
  };
434
648
  export type CreateCredentialChallengeWithCodeResponse = {
435
649
  kind: "Fido2";
436
650
  user: {
651
+ /** Base64url-encoded user handle (WebAuthn user.id). */
437
652
  id: string;
653
+ /** Display name of the user. */
438
654
  displayName: string;
655
+ /** Username of the user. */
439
656
  name: string;
440
657
  };
658
+ /** Challenge identifier to be used in the subsequent create credential request. */
441
659
  challengeIdentifier: string;
660
+ /** Challenge value to be signed by the credential. */
442
661
  challenge: string;
443
662
  rp?: {
663
+ /** ID of the WebAuthn relying party (typically a domain name). */
444
664
  id: string;
665
+ /** Human-readable name of the relying party. */
445
666
  name: string;
446
667
  } | undefined;
447
668
  authenticatorSelection: {
@@ -477,14 +698,21 @@ export type CreateCredentialChallengeWithCodeResponse = {
477
698
  } | {
478
699
  kind: "Key";
479
700
  user: {
701
+ /** Base64url-encoded user handle (WebAuthn user.id). */
480
702
  id: string;
703
+ /** Display name of the user. */
481
704
  displayName: string;
705
+ /** Username of the user. */
482
706
  name: string;
483
707
  };
708
+ /** Challenge identifier to be used in the subsequent create credential request. */
484
709
  challengeIdentifier: string;
710
+ /** Challenge value to be signed by the credential. */
485
711
  challenge: string;
486
712
  rp?: {
713
+ /** ID of the WebAuthn relying party (typically a domain name). */
487
714
  id: string;
715
+ /** Human-readable name of the relying party. */
488
716
  name: string;
489
717
  } | undefined;
490
718
  /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
@@ -503,14 +731,21 @@ export type CreateCredentialChallengeWithCodeResponse = {
503
731
  } | {
504
732
  kind: "PasswordProtectedKey";
505
733
  user: {
734
+ /** Base64url-encoded user handle (WebAuthn user.id). */
506
735
  id: string;
736
+ /** Display name of the user. */
507
737
  displayName: string;
738
+ /** Username of the user. */
508
739
  name: string;
509
740
  };
741
+ /** Challenge identifier to be used in the subsequent create credential request. */
510
742
  challengeIdentifier: string;
743
+ /** Challenge value to be signed by the credential. */
511
744
  challenge: string;
512
745
  rp?: {
746
+ /** ID of the WebAuthn relying party (typically a domain name). */
513
747
  id: string;
748
+ /** Human-readable name of the relying party. */
514
749
  name: string;
515
750
  } | undefined;
516
751
  /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
@@ -529,14 +764,21 @@ export type CreateCredentialChallengeWithCodeResponse = {
529
764
  } | {
530
765
  kind: "RecoveryKey";
531
766
  user: {
767
+ /** Base64url-encoded user handle (WebAuthn user.id). */
532
768
  id: string;
769
+ /** Display name of the user. */
533
770
  displayName: string;
771
+ /** Username of the user. */
534
772
  name: string;
535
773
  };
774
+ /** Challenge identifier to be used in the subsequent create credential request. */
536
775
  challengeIdentifier: string;
776
+ /** Challenge value to be signed by the credential. */
537
777
  challenge: string;
538
778
  rp?: {
779
+ /** ID of the WebAuthn relying party (typically a domain name). */
539
780
  id: string;
781
+ /** Human-readable name of the relying party. */
540
782
  name: string;
541
783
  } | undefined;
542
784
  /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
@@ -555,13 +797,19 @@ export type CreateCredentialChallengeWithCodeResponse = {
555
797
  } | {
556
798
  kind: "Password";
557
799
  user: {
800
+ /** Base64url-encoded user handle (WebAuthn user.id). */
558
801
  id: string;
802
+ /** Display name of the user. */
559
803
  displayName: string;
804
+ /** Username of the user. */
560
805
  name: string;
561
806
  };
807
+ /** Challenge identifier to be used in the subsequent create credential request. */
562
808
  challengeIdentifier: string;
563
809
  rp?: {
810
+ /** ID of the WebAuthn relying party (typically a domain name). */
564
811
  id: string;
812
+ /** Human-readable name of the relying party. */
565
813
  name: string;
566
814
  } | undefined;
567
815
  /** @deprecated use challengeIdentifier instead */
@@ -569,15 +817,22 @@ export type CreateCredentialChallengeWithCodeResponse = {
569
817
  } | {
570
818
  kind: "Totp";
571
819
  user: {
820
+ /** Base64url-encoded user handle (WebAuthn user.id). */
572
821
  id: string;
822
+ /** Display name of the user. */
573
823
  displayName: string;
824
+ /** Username of the user. */
574
825
  name: string;
575
826
  };
827
+ /** Challenge identifier to be used in the subsequent create credential request. */
576
828
  challengeIdentifier: string;
577
829
  rp?: {
830
+ /** ID of the WebAuthn relying party (typically a domain name). */
578
831
  id: string;
832
+ /** Human-readable name of the relying party. */
579
833
  name: string;
580
834
  } | undefined;
835
+ /** Provisioning URL for the TOTP authenticator. */
581
836
  otpUrl: string;
582
837
  /** @deprecated use challengeIdentifier instead */
583
838
  temporaryAuthenticationToken: string;
@@ -590,7 +845,9 @@ export type CreateCredentialCodeBody = {
590
845
  expiration: string | number;
591
846
  };
592
847
  export type CreateCredentialCodeResponse = {
848
+ /** One-time code that can be used to create a new credential. */
593
849
  code: string;
850
+ /** Code expiration, as an ISO-8601 datetime string or a unix timestamp. */
594
851
  expiration: string;
595
852
  };
596
853
  export type CreateCredentialCodeRequest = {
@@ -599,88 +856,136 @@ export type CreateCredentialCodeRequest = {
599
856
  export type CreateCredentialWithCodeBody = {
600
857
  credentialKind: "Fido2";
601
858
  credentialInfo: {
859
+ /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
602
860
  credId: string;
861
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
603
862
  clientData: string;
863
+ /** Base64url-encoded attestation data returned by the user's WebAuthn client. */
604
864
  attestationData: string;
605
865
  };
866
+ /** Human-readable name of the credential. */
606
867
  credentialName: string;
868
+ /** Challenge identifier returned by the create credential challenge endpoint. */
607
869
  challengeIdentifier: string;
608
870
  } | {
609
871
  credentialKind: "Key";
610
872
  credentialInfo: {
873
+ /** Base64url-encoded id of the credential. */
611
874
  credId: string;
875
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
612
876
  clientData: string;
877
+ /** Base64url-encoded public key. */
613
878
  attestationData: string;
614
879
  };
880
+ /** Human-readable name of the credential. */
615
881
  credentialName: string;
882
+ /** Challenge identifier returned by the create credential challenge endpoint. */
616
883
  challengeIdentifier: string;
617
884
  } | {
618
885
  credentialKind: "PasswordProtectedKey";
619
886
  credentialInfo: {
887
+ /** Base64url-encoded id of the credential. */
620
888
  credId: string;
889
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
621
890
  clientData: string;
891
+ /** Base64url-encoded public key. */
622
892
  attestationData: string;
623
893
  };
894
+ /** User-encrypted private key. Dfns does not have the password to decrypt it. */
624
895
  encryptedPrivateKey: string;
896
+ /** Human-readable name of the credential. */
625
897
  credentialName: string;
898
+ /** Challenge identifier returned by the create credential challenge endpoint. */
626
899
  challengeIdentifier: string;
627
900
  } | {
628
901
  credentialKind: "RecoveryKey";
629
902
  credentialInfo: {
903
+ /** Base64url-encoded id of the recovery credential. */
630
904
  credId: string;
905
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
631
906
  clientData: string;
907
+ /** Base64url-encoded public key. */
632
908
  attestationData: string;
633
909
  };
910
+ /** User-encrypted private key for the recovery credential. */
634
911
  encryptedPrivateKey?: string | undefined;
912
+ /** Human-readable name of the credential. */
635
913
  credentialName: string;
914
+ /** Challenge identifier returned by the create credential challenge endpoint. */
636
915
  challengeIdentifier: string;
637
916
  } | {
638
917
  credentialKind: "Password";
639
918
  credentialInfo: {
919
+ /** User password. */
640
920
  password: string;
641
921
  };
922
+ /** Human-readable name of the credential. */
642
923
  credentialName: string;
924
+ /** Challenge identifier returned by the create credential challenge endpoint. */
643
925
  challengeIdentifier: string;
644
926
  } | {
645
927
  credentialKind: "Totp";
646
928
  credentialInfo: {
929
+ /** TOTP one-time code. */
647
930
  otpCode: string;
648
931
  };
932
+ /** Human-readable name of the credential. */
649
933
  credentialName: string;
934
+ /** Challenge identifier returned by the create credential challenge endpoint. */
650
935
  challengeIdentifier: string;
651
936
  };
652
937
  export type CreateCredentialWithCodeResponse = {
653
938
  kind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
939
+ /** Credential ID from the WebAuthn authenticator (base64url). */
654
940
  credentialId: string;
941
+ /** Dfns-internal UUID of the credential. */
655
942
  credentialUuid: string;
656
943
  dateCreated: string;
944
+ /** Whether the credential is active. */
657
945
  isActive: boolean;
946
+ /** Human-readable name of the credential. */
658
947
  name: string;
948
+ /** Public key of the credential. */
659
949
  publicKey: string;
950
+ /** Relying party identifier associated with the credential. */
660
951
  relyingPartyId: string;
952
+ /** Origin where the credential was created. */
661
953
  origin: string;
662
954
  };
663
955
  export type CreateCredentialWithCodeRequest = {
664
956
  body: CreateCredentialWithCodeBody;
665
957
  };
666
958
  export type CreateDelegatedRecoveryChallengeBody = {
959
+ /** Username/identifier of the user to recover. */
667
960
  username: string;
961
+ /** Identifier of the recovery credential to use. */
668
962
  credentialId: string;
669
963
  };
670
964
  export type CreateDelegatedRecoveryChallengeResponse = {
671
965
  user: {
966
+ /** Base64url-encoded user handle (WebAuthn user.id). */
672
967
  id: string;
968
+ /** Display name of the user. */
673
969
  displayName: string;
970
+ /** Username of the user. */
674
971
  name: string;
675
972
  };
973
+ /** JWT used to identify the registration session when calling Complete User Registration. */
676
974
  temporaryAuthenticationToken: string;
975
+ /** Challenge to be signed by the credential being registered. */
677
976
  challenge: string;
977
+ /** Deprecated. Should not be used. */
678
978
  rp?: {
979
+ /** ID of the WebAuthn relying party (typically a domain name). */
679
980
  id: string;
981
+ /** Human-readable name of the relying party. */
680
982
  name: string;
681
983
  } | undefined;
984
+ /** Credential kinds that can be used to register the user. */
682
985
  supportedCredentialKinds: {
986
+ /** Credential kinds accepted as first factor. */
683
987
  firstFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
988
+ /** Credential kinds accepted as second factor. */
684
989
  secondFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
685
990
  };
686
991
  authenticatorSelection: {
@@ -701,44 +1006,66 @@ export type CreateDelegatedRecoveryChallengeResponse = {
701
1006
  * enterprise: indicates the attestation data should include information to uniquely identify the user's device
702
1007
  */
703
1008
  attestation: "none" | "indirect" | "direct" | "enterprise";
1009
+ /** Public key credential parameters supported for the registration. */
704
1010
  pubKeyCredParams: {
705
1011
  type: "public-key";
706
1012
  alg: number;
707
1013
  }[];
1014
+ /** Credentials to exclude from the registration (already registered for the user). */
708
1015
  excludeCredentials: {
709
1016
  /** Is always `public-key`. */
710
1017
  type: "public-key";
711
1018
  /** ID that identifies the credential. */
712
1019
  id: string;
713
1020
  }[];
1021
+ /** URL to provision a TOTP credential, when applicable. */
714
1022
  otpUrl: string;
715
1023
  allowedRecoveryCredentials: {
1024
+ /** Identifier of the recovery credential. */
716
1025
  id: string;
1026
+ /** Encrypted recovery key associated with this credential. */
717
1027
  encryptedRecoveryKey: string;
718
1028
  }[];
719
1029
  };
720
1030
  export type CreateDelegatedRecoveryChallengeRequest = {
721
1031
  body: CreateDelegatedRecoveryChallengeBody;
722
1032
  };
1033
+ export type CreateDelegatedUserRecoveryBody = CreateDelegatedRecoveryChallengeBody;
1034
+ export type CreateDelegatedUserRecoveryResponse = CreateDelegatedRecoveryChallengeResponse;
1035
+ export type CreateDelegatedUserRecoveryRequest = CreateDelegatedRecoveryChallengeRequest;
723
1036
  export type CreateDelegatedRegistrationChallengeBody = {
1037
+ /** Username/identifier (any unique string accepted, e.g. your internal user ID or email). */
724
1038
  email: string;
1039
+ /** Must be `EndUser`. */
725
1040
  kind: "EndUser";
1041
+ /** Optional external identifier for the user, used for cross-referencing with your own systems. */
726
1042
  externalId?: string | undefined;
727
1043
  };
728
1044
  export type CreateDelegatedRegistrationChallengeResponse = {
729
1045
  user: {
1046
+ /** Base64url-encoded user handle (WebAuthn user.id). */
730
1047
  id: string;
1048
+ /** Display name of the user. */
731
1049
  displayName: string;
1050
+ /** Username of the user. */
732
1051
  name: string;
733
1052
  };
1053
+ /** JWT used to identify the registration session when calling Complete User Registration. */
734
1054
  temporaryAuthenticationToken: string;
1055
+ /** Challenge to be signed by the credential being registered. */
735
1056
  challenge: string;
1057
+ /** Deprecated. Should not be used. */
736
1058
  rp?: {
1059
+ /** ID of the WebAuthn relying party (typically a domain name). */
737
1060
  id: string;
1061
+ /** Human-readable name of the relying party. */
738
1062
  name: string;
739
1063
  } | undefined;
1064
+ /** Credential kinds that can be used to register the user. */
740
1065
  supportedCredentialKinds: {
1066
+ /** Credential kinds accepted as first factor. */
741
1067
  firstFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
1068
+ /** Credential kinds accepted as second factor. */
742
1069
  secondFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
743
1070
  };
744
1071
  authenticatorSelection: {
@@ -759,24 +1086,35 @@ export type CreateDelegatedRegistrationChallengeResponse = {
759
1086
  * enterprise: indicates the attestation data should include information to uniquely identify the user's device
760
1087
  */
761
1088
  attestation: "none" | "indirect" | "direct" | "enterprise";
1089
+ /** Public key credential parameters supported for the registration. */
762
1090
  pubKeyCredParams: {
763
1091
  type: "public-key";
764
1092
  alg: number;
765
1093
  }[];
1094
+ /** Credentials to exclude from the registration (already registered for the user). */
766
1095
  excludeCredentials: {
767
1096
  /** Is always `public-key`. */
768
1097
  type: "public-key";
769
1098
  /** ID that identifies the credential. */
770
1099
  id: string;
771
1100
  }[];
1101
+ /** URL to provision a TOTP credential, when applicable. */
772
1102
  otpUrl: string;
773
1103
  };
774
1104
  export type CreateDelegatedRegistrationChallengeRequest = {
775
1105
  body: CreateDelegatedRegistrationChallengeBody;
776
1106
  };
1107
+ export type CreateDelegatedUserRegistrationBody = CreateDelegatedRegistrationChallengeBody;
1108
+ export type CreateDelegatedUserRegistrationResponse = CreateDelegatedRegistrationChallengeResponse;
1109
+ export type CreateDelegatedUserRegistrationRequest = CreateDelegatedRegistrationChallengeRequest;
777
1110
  export type CreateLoginChallengeBody = {
1111
+ /** Username/identifier of the user. Optional when the user has at least one discoverable WebAuthn credential. */
778
1112
  username?: string | undefined;
779
- orgId: string;
1113
+ /** Organization id. */
1114
+ orgId?: string | undefined;
1115
+ /** Tenant id. */
1116
+ tenantId?: string | undefined;
1117
+ /** One-time login code, required when the user has a credential of kind `PasswordProtectedKey`. */
780
1118
  loginCode?: string | undefined;
781
1119
  };
782
1120
  export type CreateLoginChallengeResponse = {
@@ -786,7 +1124,9 @@ export type CreateLoginChallengeResponse = {
786
1124
  challengeIdentifier: string;
787
1125
  /** Deprecated. Should not be used. */
788
1126
  rp?: {
1127
+ /** ID of the WebAuthn relying party (typically a domain name). */
789
1128
  id: string;
1129
+ /** Human-readable name of the relying party. */
790
1130
  name: string;
791
1131
  } | undefined;
792
1132
  /** Identifies the kind of credentials that can be used to sign the user action. */
@@ -844,29 +1184,48 @@ export type CreateLoginChallengeRequest = {
844
1184
  body: CreateLoginChallengeBody;
845
1185
  };
846
1186
  export type CreatePersonalAccessTokenBody = {
1187
+ /** Human-readable name of the Personal Access Token. */
847
1188
  name: string;
848
1189
  publicKey: string;
1190
+ /** ID of the permission (also referred to as "role" in the dashboard). */
849
1191
  permissionId?: string | undefined;
1192
+ /** Value that can be used to correlate the entity with an external system. */
850
1193
  externalId?: string | undefined;
1194
+ /** Number of days the token will be valid for. */
851
1195
  daysValid?: number | undefined;
1196
+ /** Number of seconds the token will be valid for. */
852
1197
  secondsValid?: number | undefined;
853
1198
  };
854
1199
  export type CreatePersonalAccessTokenResponse = {
1200
+ /** The access token. Only returned at creation time. */
855
1201
  accessToken: string;
856
1202
  dateCreated: string;
1203
+ /** ID of the credential associated with the access token. */
857
1204
  credId: string;
1205
+ /** Whether the access token is active. */
858
1206
  isActive: boolean;
859
1207
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
1208
+ /** User id. */
860
1209
  linkedUserId: string;
1210
+ /** ID of the application the access token is linked to. */
861
1211
  linkedAppId: string;
1212
+ /** Human-readable name of the access token. */
862
1213
  name: string;
1214
+ /** Organization id. */
863
1215
  orgId: string;
1216
+ /** Public key associated with the access token. */
864
1217
  publicKey: string;
1218
+ /** Token id. */
865
1219
  tokenId: string;
1220
+ /** Permissions (roles) assigned to the access token. */
866
1221
  permissionAssignments: {
1222
+ /** Human-readable name of the permission (role). */
867
1223
  permissionName: string;
1224
+ /** ID of the permission (also referred to as "role" in the dashboard). */
868
1225
  permissionId: string;
1226
+ /** ID of the permission assignment. */
869
1227
  assignmentId: string;
1228
+ /** List of API operations granted by this permission. */
870
1229
  operations?: string[] | undefined;
871
1230
  }[];
872
1231
  };
@@ -874,25 +1233,42 @@ export type CreatePersonalAccessTokenRequest = {
874
1233
  body: CreatePersonalAccessTokenBody;
875
1234
  };
876
1235
  export type CreateRecoveryChallengeBody = {
1236
+ /** Username/identifier of the user to recover. */
877
1237
  username: string;
1238
+ /** Recovery verification code sent to the user by email. */
878
1239
  verificationCode: string;
879
- orgId: string;
1240
+ /** Organization id. */
1241
+ orgId?: string | undefined;
1242
+ /** Tenant id. */
1243
+ tenantId?: string | undefined;
1244
+ /** Identifier of the recovery credential to use. */
880
1245
  credentialId: string;
881
1246
  };
882
1247
  export type CreateRecoveryChallengeResponse = {
883
1248
  user: {
1249
+ /** Base64url-encoded user handle (WebAuthn user.id). */
884
1250
  id: string;
1251
+ /** Display name of the user. */
885
1252
  displayName: string;
1253
+ /** Username of the user. */
886
1254
  name: string;
887
1255
  };
1256
+ /** JWT used to identify the registration session when calling Complete User Registration. */
888
1257
  temporaryAuthenticationToken: string;
1258
+ /** Challenge to be signed by the credential being registered. */
889
1259
  challenge: string;
1260
+ /** Deprecated. Should not be used. */
890
1261
  rp?: {
1262
+ /** ID of the WebAuthn relying party (typically a domain name). */
891
1263
  id: string;
1264
+ /** Human-readable name of the relying party. */
892
1265
  name: string;
893
1266
  } | undefined;
1267
+ /** Credential kinds that can be used to register the user. */
894
1268
  supportedCredentialKinds: {
1269
+ /** Credential kinds accepted as first factor. */
895
1270
  firstFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
1271
+ /** Credential kinds accepted as second factor. */
896
1272
  secondFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
897
1273
  };
898
1274
  authenticatorSelection: {
@@ -913,19 +1289,24 @@ export type CreateRecoveryChallengeResponse = {
913
1289
  * enterprise: indicates the attestation data should include information to uniquely identify the user's device
914
1290
  */
915
1291
  attestation: "none" | "indirect" | "direct" | "enterprise";
1292
+ /** Public key credential parameters supported for the registration. */
916
1293
  pubKeyCredParams: {
917
1294
  type: "public-key";
918
1295
  alg: number;
919
1296
  }[];
1297
+ /** Credentials to exclude from the registration (already registered for the user). */
920
1298
  excludeCredentials: {
921
1299
  /** Is always `public-key`. */
922
1300
  type: "public-key";
923
1301
  /** ID that identifies the credential. */
924
1302
  id: string;
925
1303
  }[];
1304
+ /** URL to provision a TOTP credential, when applicable. */
926
1305
  otpUrl: string;
927
1306
  allowedRecoveryCredentials: {
1307
+ /** Identifier of the recovery credential. */
928
1308
  id: string;
1309
+ /** Encrypted recovery key associated with this credential. */
929
1310
  encryptedRecoveryKey: string;
930
1311
  }[];
931
1312
  };
@@ -933,24 +1314,40 @@ export type CreateRecoveryChallengeRequest = {
933
1314
  body: CreateRecoveryChallengeBody;
934
1315
  };
935
1316
  export type CreateRegistrationChallengeBody = {
936
- orgId: string;
1317
+ /** Organization id. */
1318
+ orgId?: string | undefined;
1319
+ /** Tenant id. */
1320
+ tenantId?: string | undefined;
1321
+ /** Username/identifier of the user being registered (any unique string accepted, e.g. email). */
937
1322
  username: string;
1323
+ /** One-time registration code sent to the user by email. */
938
1324
  registrationCode: string;
939
1325
  };
940
1326
  export type CreateRegistrationChallengeResponse = {
941
1327
  user: {
1328
+ /** Base64url-encoded user handle (WebAuthn user.id). */
942
1329
  id: string;
1330
+ /** Display name of the user. */
943
1331
  displayName: string;
1332
+ /** Username of the user. */
944
1333
  name: string;
945
1334
  };
1335
+ /** JWT used to identify the registration session when calling Complete User Registration. */
946
1336
  temporaryAuthenticationToken: string;
1337
+ /** Challenge to be signed by the credential being registered. */
947
1338
  challenge: string;
1339
+ /** Deprecated. Should not be used. */
948
1340
  rp?: {
1341
+ /** ID of the WebAuthn relying party (typically a domain name). */
949
1342
  id: string;
1343
+ /** Human-readable name of the relying party. */
950
1344
  name: string;
951
1345
  } | undefined;
1346
+ /** Credential kinds that can be used to register the user. */
952
1347
  supportedCredentialKinds: {
1348
+ /** Credential kinds accepted as first factor. */
953
1349
  firstFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
1350
+ /** Credential kinds accepted as second factor. */
954
1351
  secondFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
955
1352
  };
956
1353
  authenticatorSelection: {
@@ -971,67 +1368,103 @@ export type CreateRegistrationChallengeResponse = {
971
1368
  * enterprise: indicates the attestation data should include information to uniquely identify the user's device
972
1369
  */
973
1370
  attestation: "none" | "indirect" | "direct" | "enterprise";
1371
+ /** Public key credential parameters supported for the registration. */
974
1372
  pubKeyCredParams: {
975
1373
  type: "public-key";
976
1374
  alg: number;
977
1375
  }[];
1376
+ /** Credentials to exclude from the registration (already registered for the user). */
978
1377
  excludeCredentials: {
979
1378
  /** Is always `public-key`. */
980
1379
  type: "public-key";
981
1380
  /** ID that identifies the credential. */
982
1381
  id: string;
983
1382
  }[];
1383
+ /** URL to provision a TOTP credential, when applicable. */
984
1384
  otpUrl: string;
985
1385
  };
986
1386
  export type CreateRegistrationChallengeRequest = {
987
1387
  body: CreateRegistrationChallengeBody;
988
1388
  };
989
1389
  export type CreateServiceAccountBody = {
1390
+ /** Human-readable name of the Service Account. */
990
1391
  name: string;
991
1392
  publicKey: string;
1393
+ /** ID of the permission (also referred to as "role" in the dashboard). */
992
1394
  permissionId?: string | undefined;
1395
+ /** Value that can be used to correlate the entity with an external system. */
993
1396
  externalId?: string | undefined;
1397
+ /** Number of days the service account will be valid for. */
994
1398
  daysValid?: number | undefined;
995
1399
  };
996
1400
  export type CreateServiceAccountResponse = {
997
1401
  userInfo: {
1402
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
998
1403
  username: string;
1404
+ /** Display name of the user. */
999
1405
  name: string;
1000
1406
  /** User id. */
1001
1407
  userId: string;
1002
1408
  /** User kind. */
1003
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
1409
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
1410
+ /** UUID of the user's primary credential. */
1004
1411
  credentialUuid: string;
1005
- orgId: string;
1412
+ /** Organization id. */
1413
+ orgId?: string | undefined;
1414
+ /** Tenant id. */
1415
+ tenantId?: string | undefined;
1416
+ /** @deprecated - Flat list of API operations the user has access to. */
1006
1417
  permissions?: string[] | undefined;
1418
+ /** Whether the user is active. */
1007
1419
  isActive: boolean;
1420
+ /** Whether the user is a service account. */
1008
1421
  isServiceAccount: boolean;
1422
+ /** Whether the user has completed registration. */
1009
1423
  isRegistered: boolean;
1424
+ /** Permissions (roles) assigned to the user. */
1010
1425
  permissionAssignments: {
1426
+ /** Human-readable name of the permission (role). */
1011
1427
  permissionName: string;
1428
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1012
1429
  permissionId: string;
1430
+ /** ID of the permission assignment. */
1013
1431
  assignmentId: string;
1432
+ /** List of API operations granted by this permission. */
1014
1433
  operations?: string[] | undefined;
1015
1434
  }[];
1016
1435
  };
1017
1436
  accessTokens: {
1437
+ /** The access token. Only returned at creation time. */
1018
1438
  accessToken?: string | undefined;
1019
1439
  dateCreated: string;
1440
+ /** ID of the credential associated with the access token. */
1020
1441
  credId: string;
1442
+ /** Whether the access token is active. */
1021
1443
  isActive: boolean;
1022
1444
  /** Access token kind. */
1023
1445
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
1446
+ /** User id. */
1024
1447
  linkedUserId: string;
1448
+ /** ID of the application the access token is linked to. */
1025
1449
  linkedAppId: string;
1450
+ /** Human-readable name of the access token. */
1026
1451
  name: string;
1452
+ /** Organization id. */
1027
1453
  orgId: string;
1454
+ /** Permissions (roles) assigned to the access token. */
1028
1455
  permissionAssignments: {
1456
+ /** Human-readable name of the permission (role). */
1029
1457
  permissionName: string;
1458
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1030
1459
  permissionId: string;
1460
+ /** ID of the permission assignment. */
1031
1461
  assignmentId: string;
1462
+ /** List of API operations granted by this permission. */
1032
1463
  operations?: string[] | undefined;
1033
1464
  }[];
1465
+ /** Public key associated with the access token. */
1034
1466
  publicKey: string;
1467
+ /** Token id. */
1035
1468
  tokenId: string;
1036
1469
  }[];
1037
1470
  };
@@ -1039,24 +1472,38 @@ export type CreateServiceAccountRequest = {
1039
1472
  body: CreateServiceAccountBody;
1040
1473
  };
1041
1474
  export type CreateSocialRegistrationChallengeBody = {
1475
+ /** Organization id. */
1042
1476
  orgId?: string | undefined;
1477
+ /** Social login provider used to issue the JWT. */
1043
1478
  socialLoginProviderKind: "Oidc";
1479
+ /** JWT id token issued by the social login provider. */
1044
1480
  idToken: string;
1045
1481
  };
1046
1482
  export type CreateSocialRegistrationChallengeResponse = {
1047
1483
  user: {
1484
+ /** Base64url-encoded user handle (WebAuthn user.id). */
1048
1485
  id: string;
1486
+ /** Display name of the user. */
1049
1487
  displayName: string;
1488
+ /** Username of the user. */
1050
1489
  name: string;
1051
1490
  };
1491
+ /** JWT used to identify the registration session when calling Complete User Registration. */
1052
1492
  temporaryAuthenticationToken: string;
1493
+ /** Challenge to be signed by the credential being registered. */
1053
1494
  challenge: string;
1495
+ /** Deprecated. Should not be used. */
1054
1496
  rp?: {
1497
+ /** ID of the WebAuthn relying party (typically a domain name). */
1055
1498
  id: string;
1499
+ /** Human-readable name of the relying party. */
1056
1500
  name: string;
1057
1501
  } | undefined;
1502
+ /** Credential kinds that can be used to register the user. */
1058
1503
  supportedCredentialKinds: {
1504
+ /** Credential kinds accepted as first factor. */
1059
1505
  firstFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
1506
+ /** Credential kinds accepted as second factor. */
1060
1507
  secondFactor: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey")[];
1061
1508
  };
1062
1509
  authenticatorSelection: {
@@ -1077,16 +1524,19 @@ export type CreateSocialRegistrationChallengeResponse = {
1077
1524
  * enterprise: indicates the attestation data should include information to uniquely identify the user's device
1078
1525
  */
1079
1526
  attestation: "none" | "indirect" | "direct" | "enterprise";
1527
+ /** Public key credential parameters supported for the registration. */
1080
1528
  pubKeyCredParams: {
1081
1529
  type: "public-key";
1082
1530
  alg: number;
1083
1531
  }[];
1532
+ /** Credentials to exclude from the registration (already registered for the user). */
1084
1533
  excludeCredentials: {
1085
1534
  /** Is always `public-key`. */
1086
1535
  type: "public-key";
1087
1536
  /** ID that identifies the credential. */
1088
1537
  id: string;
1089
1538
  }[];
1539
+ /** URL to provision a TOTP credential, when applicable. */
1090
1540
  otpUrl: string;
1091
1541
  };
1092
1542
  export type CreateSocialRegistrationChallengeRequest = {
@@ -1098,6 +1548,7 @@ export type CreateUserBody = {
1098
1548
  /** The kind of user being created.
1099
1549
  In this endpoint it can only be "`CustomerEmployee`" (creating an "`EndUser`" is done through the [Delegated Registration](https://docs.dfns.co/api-reference/auth/registration-flows#delegated-users-registration-flow) endpoint) */
1100
1550
  kind: "CustomerEmployee" | "DfnsStaff";
1551
+ /** Optional public key in PEM format associated with the user. */
1101
1552
  publicKey?: string | undefined;
1102
1553
  /** Value that can be used to correlate the entity with an external system. */
1103
1554
  externalId?: string | undefined;
@@ -1105,23 +1556,39 @@ export type CreateUserBody = {
1105
1556
  isSSORequired?: boolean | undefined;
1106
1557
  };
1107
1558
  export type CreateUserResponse = {
1559
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
1108
1560
  username: string;
1561
+ /** Display name of the user. */
1109
1562
  name: string;
1110
1563
  /** User id. */
1111
1564
  userId: string;
1112
1565
  /** User kind. */
1113
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
1566
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
1567
+ /** UUID of the user's primary credential. */
1114
1568
  credentialUuid: string;
1115
- orgId: string;
1569
+ /** Organization id. */
1570
+ orgId?: string | undefined;
1571
+ /** Tenant id. */
1572
+ tenantId?: string | undefined;
1573
+ /** @deprecated - Flat list of API operations the user has access to. */
1116
1574
  permissions?: string[] | undefined;
1575
+ /** Whether the user is active. */
1117
1576
  isActive: boolean;
1577
+ /** Whether the user is a service account. */
1118
1578
  isServiceAccount: boolean;
1579
+ /** Whether the user has completed registration. */
1119
1580
  isRegistered: boolean;
1581
+ /** Whether the user must authenticate via SSO. */
1120
1582
  isSSORequired: boolean;
1583
+ /** Permissions (roles) assigned to the user. */
1121
1584
  permissionAssignments: {
1585
+ /** Human-readable name of the permission (role). */
1122
1586
  permissionName: string;
1587
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1123
1588
  permissionId: string;
1589
+ /** ID of the permission assignment. */
1124
1590
  assignmentId: string;
1591
+ /** List of API operations granted by this permission. */
1125
1592
  operations?: string[] | undefined;
1126
1593
  }[];
1127
1594
  };
@@ -1145,7 +1612,9 @@ export type CreateUserActionChallengeResponse = {
1145
1612
  challengeIdentifier: string;
1146
1613
  /** Deprecated. Should not be used. */
1147
1614
  rp?: {
1615
+ /** ID of the WebAuthn relying party (typically a domain name). */
1148
1616
  id: string;
1617
+ /** Human-readable name of the relying party. */
1149
1618
  name: string;
1150
1619
  } | undefined;
1151
1620
  /** Identifies the kind of credentials that can be used to sign the user action. */
@@ -1202,6 +1671,9 @@ export type CreateUserActionChallengeResponse = {
1202
1671
  export type CreateUserActionChallengeRequest = {
1203
1672
  body: CreateUserActionChallengeBody;
1204
1673
  };
1674
+ export type CreateUserActionSignatureChallengeBody = CreateUserActionChallengeBody;
1675
+ export type CreateUserActionSignatureChallengeResponse = CreateUserActionChallengeResponse;
1676
+ export type CreateUserActionSignatureChallengeRequest = CreateUserActionChallengeRequest;
1205
1677
  export type CreateUserActionSignatureBody = {
1206
1678
  /** Temporary authentication token returned by the Create Challenge endpoint. */
1207
1679
  challengeIdentifier: string;
@@ -1248,6 +1720,7 @@ export type CreateUserActionSignatureBody = {
1248
1720
  };
1249
1721
  } | {
1250
1722
  kind: "Password";
1723
+ /** User password. */
1251
1724
  password: string;
1252
1725
  };
1253
1726
  /** Second factor credential used to authenticate a user. */
@@ -1293,45 +1766,64 @@ export type CreateUserActionSignatureBody = {
1293
1766
  };
1294
1767
  } | {
1295
1768
  kind: "Totp";
1769
+ /** TOTP one-time code. */
1296
1770
  otpCode: string;
1297
1771
  }) | undefined;
1298
1772
  };
1299
1773
  export type CreateUserActionSignatureResponse = {
1774
+ /** Signing token to use to verify the user intended to perform the action. */
1300
1775
  userAction: string;
1301
1776
  };
1302
1777
  export type CreateUserActionSignatureRequest = {
1303
1778
  body: CreateUserActionSignatureBody;
1304
1779
  };
1305
1780
  export type DeactivateCredentialBody = {
1781
+ /** UUID of the credential to deactivate. */
1306
1782
  credentialUuid: string;
1307
1783
  };
1308
1784
  export type DeactivateCredentialResponse = {
1785
+ /** Human-readable success message. */
1309
1786
  message: string;
1310
1787
  };
1311
1788
  export type DeactivateCredentialRequest = {
1312
1789
  body: DeactivateCredentialBody;
1313
1790
  };
1314
1791
  export type DeactivatePersonalAccessTokenParams = {
1792
+ /** Token id. */
1315
1793
  tokenId: string;
1316
1794
  };
1317
1795
  export type DeactivatePersonalAccessTokenResponse = {
1796
+ /** The access token. Only returned at creation time. */
1318
1797
  accessToken?: string | undefined;
1319
1798
  dateCreated: string;
1799
+ /** ID of the credential associated with the access token. */
1320
1800
  credId: string;
1801
+ /** Whether the access token is active. */
1321
1802
  isActive: boolean;
1322
1803
  /** Access token kind. */
1323
1804
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
1805
+ /** User id. */
1324
1806
  linkedUserId: string;
1807
+ /** ID of the application the access token is linked to. */
1325
1808
  linkedAppId: string;
1809
+ /** Human-readable name of the access token. */
1326
1810
  name: string;
1811
+ /** Organization id. */
1327
1812
  orgId: string;
1813
+ /** Permissions (roles) assigned to the access token. */
1328
1814
  permissionAssignments: {
1815
+ /** Human-readable name of the permission (role). */
1329
1816
  permissionName: string;
1817
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1330
1818
  permissionId: string;
1819
+ /** ID of the permission assignment. */
1331
1820
  assignmentId: string;
1821
+ /** List of API operations granted by this permission. */
1332
1822
  operations?: string[] | undefined;
1333
1823
  }[];
1824
+ /** Public key associated with the access token. */
1334
1825
  publicKey: string;
1826
+ /** Token id. */
1335
1827
  tokenId: string;
1336
1828
  };
1337
1829
  export type DeactivatePersonalAccessTokenRequest = DeactivatePersonalAccessTokenParams;
@@ -1340,47 +1832,77 @@ export type DeactivateServiceAccountBody = {
1340
1832
  force?: boolean;
1341
1833
  };
1342
1834
  export type DeactivateServiceAccountParams = {
1835
+ /** ID of the service account. */
1343
1836
  serviceAccountId: string;
1344
1837
  };
1345
1838
  export type DeactivateServiceAccountResponse = {
1346
1839
  userInfo: {
1840
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
1347
1841
  username: string;
1842
+ /** Display name of the user. */
1348
1843
  name: string;
1349
1844
  /** User id. */
1350
1845
  userId: string;
1351
1846
  /** User kind. */
1352
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
1847
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
1848
+ /** UUID of the user's primary credential. */
1353
1849
  credentialUuid: string;
1354
- orgId: string;
1850
+ /** Organization id. */
1851
+ orgId?: string | undefined;
1852
+ /** Tenant id. */
1853
+ tenantId?: string | undefined;
1854
+ /** @deprecated - Flat list of API operations the user has access to. */
1355
1855
  permissions?: string[] | undefined;
1856
+ /** Whether the user is active. */
1356
1857
  isActive: boolean;
1858
+ /** Whether the user is a service account. */
1357
1859
  isServiceAccount: boolean;
1860
+ /** Whether the user has completed registration. */
1358
1861
  isRegistered: boolean;
1862
+ /** Permissions (roles) assigned to the user. */
1359
1863
  permissionAssignments: {
1864
+ /** Human-readable name of the permission (role). */
1360
1865
  permissionName: string;
1866
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1361
1867
  permissionId: string;
1868
+ /** ID of the permission assignment. */
1362
1869
  assignmentId: string;
1870
+ /** List of API operations granted by this permission. */
1363
1871
  operations?: string[] | undefined;
1364
1872
  }[];
1365
1873
  };
1366
1874
  accessTokens: {
1875
+ /** The access token. Only returned at creation time. */
1367
1876
  accessToken?: string | undefined;
1368
1877
  dateCreated: string;
1878
+ /** ID of the credential associated with the access token. */
1369
1879
  credId: string;
1880
+ /** Whether the access token is active. */
1370
1881
  isActive: boolean;
1371
1882
  /** Access token kind. */
1372
1883
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
1884
+ /** User id. */
1373
1885
  linkedUserId: string;
1886
+ /** ID of the application the access token is linked to. */
1374
1887
  linkedAppId: string;
1888
+ /** Human-readable name of the access token. */
1375
1889
  name: string;
1890
+ /** Organization id. */
1376
1891
  orgId: string;
1892
+ /** Permissions (roles) assigned to the access token. */
1377
1893
  permissionAssignments: {
1894
+ /** Human-readable name of the permission (role). */
1378
1895
  permissionName: string;
1896
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1379
1897
  permissionId: string;
1898
+ /** ID of the permission assignment. */
1380
1899
  assignmentId: string;
1900
+ /** List of API operations granted by this permission. */
1381
1901
  operations?: string[] | undefined;
1382
1902
  }[];
1903
+ /** Public key associated with the access token. */
1383
1904
  publicKey: string;
1905
+ /** Token id. */
1384
1906
  tokenId: string;
1385
1907
  }[];
1386
1908
  };
@@ -1388,74 +1910,133 @@ export type DeactivateServiceAccountRequest = DeactivateServiceAccountParams & {
1388
1910
  body: DeactivateServiceAccountBody;
1389
1911
  };
1390
1912
  export type DeactivateUserParams = {
1913
+ /** User id. */
1391
1914
  userId: string;
1392
1915
  };
1393
1916
  export type DeactivateUserResponse = {
1917
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
1394
1918
  username: string;
1919
+ /** Display name of the user. */
1395
1920
  name: string;
1396
1921
  /** User id. */
1397
1922
  userId: string;
1398
1923
  /** User kind. */
1399
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
1924
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
1925
+ /** UUID of the user's primary credential. */
1400
1926
  credentialUuid: string;
1401
- orgId: string;
1927
+ /** Organization id. */
1928
+ orgId?: string | undefined;
1929
+ /** Tenant id. */
1930
+ tenantId?: string | undefined;
1931
+ /** @deprecated - Flat list of API operations the user has access to. */
1402
1932
  permissions?: string[] | undefined;
1933
+ /** Whether the user is active. */
1403
1934
  isActive: boolean;
1935
+ /** Whether the user is a service account. */
1404
1936
  isServiceAccount: boolean;
1937
+ /** Whether the user has completed registration. */
1405
1938
  isRegistered: boolean;
1939
+ /** Whether the user must authenticate via SSO. */
1406
1940
  isSSORequired: boolean;
1941
+ /** Permissions (roles) assigned to the user. */
1407
1942
  permissionAssignments: {
1943
+ /** Human-readable name of the permission (role). */
1408
1944
  permissionName: string;
1945
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1409
1946
  permissionId: string;
1947
+ /** ID of the permission assignment. */
1410
1948
  assignmentId: string;
1949
+ /** List of API operations granted by this permission. */
1411
1950
  operations?: string[] | undefined;
1412
1951
  }[];
1413
1952
  };
1414
1953
  export type DeactivateUserRequest = DeactivateUserParams;
1415
1954
  export type DelegatedLoginBody = {
1955
+ /** Username/identifier of the user to log in. */
1416
1956
  username: string;
1417
1957
  };
1418
1958
  export type DelegatedLoginResponse = {
1959
+ /** Authentication token issued to the user. */
1419
1960
  token: string;
1420
1961
  };
1421
1962
  export type DelegatedLoginRequest = {
1422
1963
  body: DelegatedLoginBody;
1423
1964
  };
1965
+ export type CreateDelegatedUserLoginBody = DelegatedLoginBody;
1966
+ export type CreateDelegatedUserLoginResponse = DelegatedLoginResponse;
1967
+ export type CreateDelegatedUserLoginRequest = DelegatedLoginRequest;
1968
+ export type ExchangeAccessTokenBody = {
1969
+ /** ID of the Organisation or Tenant for which you wish to obtain an access token. */
1970
+ target: string;
1971
+ };
1972
+ export type ExchangeAccessTokenResponse = {
1973
+ token: string;
1974
+ };
1975
+ export type ExchangeAccessTokenRequest = {
1976
+ body: ExchangeAccessTokenBody;
1977
+ };
1424
1978
  export type GetApplicationParams = {
1979
+ /** ID of the application (deprecated). */
1425
1980
  appId: string;
1426
1981
  };
1427
1982
  export type GetApplicationResponse = {
1983
+ /** ID of the application (deprecated). */
1428
1984
  appId: string;
1429
1985
  kind: "ServerSideApplication" | "ClientSideApplication";
1986
+ /** Organization id. */
1430
1987
  orgId: string;
1988
+ /** Expected relying party ID for webauthn (deprecated). */
1431
1989
  expectedRpId?: string | undefined;
1990
+ /** Human-readable name of the application. */
1432
1991
  name: string;
1992
+ /** Whether the application is active. */
1433
1993
  isActive: boolean;
1994
+ /** Expected origin for webauthn (deprecated). */
1434
1995
  expectedOrigin?: string | undefined;
1996
+ /** Permissions (roles) assigned to the application. */
1435
1997
  permissionAssignments: {
1998
+ /** Human-readable name of the permission (role). */
1436
1999
  permissionName: string;
2000
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1437
2001
  permissionId: string;
2002
+ /** ID of the permission assignment. */
1438
2003
  assignmentId: string;
2004
+ /** List of API operations granted by this permission. */
1439
2005
  operations?: string[] | undefined;
1440
2006
  }[];
2007
+ /** Access tokens associated with the application. */
1441
2008
  accessTokens: {
2009
+ /** The access token. Only returned at creation time. */
1442
2010
  accessToken?: string | undefined;
1443
2011
  dateCreated: string;
2012
+ /** ID of the credential associated with the access token. */
1444
2013
  credId: string;
2014
+ /** Whether the access token is active. */
1445
2015
  isActive: boolean;
1446
2016
  /** Access token kind. */
1447
2017
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
2018
+ /** User id. */
1448
2019
  linkedUserId: string;
2020
+ /** ID of the application the access token is linked to. */
1449
2021
  linkedAppId: string;
2022
+ /** Human-readable name of the access token. */
1450
2023
  name: string;
2024
+ /** Organization id. */
1451
2025
  orgId: string;
2026
+ /** Permissions (roles) assigned to the access token. */
1452
2027
  permissionAssignments: {
2028
+ /** Human-readable name of the permission (role). */
1453
2029
  permissionName: string;
2030
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1454
2031
  permissionId: string;
2032
+ /** ID of the permission assignment. */
1455
2033
  assignmentId: string;
2034
+ /** List of API operations granted by this permission. */
1456
2035
  operations?: string[] | undefined;
1457
2036
  }[];
2037
+ /** Public key associated with the access token. */
1458
2038
  publicKey: string;
2039
+ /** Token id. */
1459
2040
  tokenId: string;
1460
2041
  }[];
1461
2042
  };
@@ -1497,133 +2078,232 @@ export type GetAuditLogResponse = {
1497
2078
  };
1498
2079
  export type GetAuditLogRequest = GetAuditLogParams;
1499
2080
  export type GetPersonalAccessTokenParams = {
2081
+ /** Token id. */
1500
2082
  tokenId: string;
1501
2083
  };
1502
2084
  export type GetPersonalAccessTokenResponse = {
2085
+ /** The access token. Only returned at creation time. */
1503
2086
  accessToken?: string | undefined;
1504
2087
  dateCreated: string;
2088
+ /** ID of the credential associated with the access token. */
1505
2089
  credId: string;
2090
+ /** Whether the access token is active. */
1506
2091
  isActive: boolean;
1507
2092
  /** Access token kind. */
1508
2093
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
2094
+ /** User id. */
1509
2095
  linkedUserId: string;
2096
+ /** ID of the application the access token is linked to. */
1510
2097
  linkedAppId: string;
2098
+ /** Human-readable name of the access token. */
1511
2099
  name: string;
2100
+ /** Organization id. */
1512
2101
  orgId: string;
2102
+ /** Permissions (roles) assigned to the access token. */
1513
2103
  permissionAssignments: {
2104
+ /** Human-readable name of the permission (role). */
1514
2105
  permissionName: string;
2106
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1515
2107
  permissionId: string;
2108
+ /** ID of the permission assignment. */
1516
2109
  assignmentId: string;
2110
+ /** List of API operations granted by this permission. */
1517
2111
  operations?: string[] | undefined;
1518
2112
  }[];
2113
+ /** Public key associated with the access token. */
1519
2114
  publicKey: string;
2115
+ /** Token id. */
1520
2116
  tokenId: string;
1521
2117
  };
1522
2118
  export type GetPersonalAccessTokenRequest = GetPersonalAccessTokenParams;
1523
2119
  export type GetServiceAccountParams = {
2120
+ /** ID of the service account. */
1524
2121
  serviceAccountId: string;
1525
2122
  };
1526
2123
  export type GetServiceAccountResponse = {
1527
2124
  userInfo: {
2125
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
1528
2126
  username: string;
2127
+ /** Display name of the user. */
1529
2128
  name: string;
1530
2129
  /** User id. */
1531
2130
  userId: string;
1532
2131
  /** User kind. */
1533
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
2132
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
2133
+ /** UUID of the user's primary credential. */
1534
2134
  credentialUuid: string;
1535
- orgId: string;
2135
+ /** Organization id. */
2136
+ orgId?: string | undefined;
2137
+ /** Tenant id. */
2138
+ tenantId?: string | undefined;
2139
+ /** @deprecated - Flat list of API operations the user has access to. */
1536
2140
  permissions?: string[] | undefined;
2141
+ /** Whether the user is active. */
1537
2142
  isActive: boolean;
2143
+ /** Whether the user is a service account. */
1538
2144
  isServiceAccount: boolean;
2145
+ /** Whether the user has completed registration. */
1539
2146
  isRegistered: boolean;
2147
+ /** Permissions (roles) assigned to the user. */
1540
2148
  permissionAssignments: {
2149
+ /** Human-readable name of the permission (role). */
1541
2150
  permissionName: string;
2151
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1542
2152
  permissionId: string;
2153
+ /** ID of the permission assignment. */
1543
2154
  assignmentId: string;
2155
+ /** List of API operations granted by this permission. */
1544
2156
  operations?: string[] | undefined;
1545
2157
  }[];
1546
2158
  };
1547
2159
  accessTokens: {
2160
+ /** The access token. Only returned at creation time. */
1548
2161
  accessToken?: string | undefined;
1549
2162
  dateCreated: string;
2163
+ /** ID of the credential associated with the access token. */
1550
2164
  credId: string;
2165
+ /** Whether the access token is active. */
1551
2166
  isActive: boolean;
1552
2167
  /** Access token kind. */
1553
2168
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
2169
+ /** User id. */
1554
2170
  linkedUserId: string;
2171
+ /** ID of the application the access token is linked to. */
1555
2172
  linkedAppId: string;
2173
+ /** Human-readable name of the access token. */
1556
2174
  name: string;
2175
+ /** Organization id. */
1557
2176
  orgId: string;
2177
+ /** Permissions (roles) assigned to the access token. */
1558
2178
  permissionAssignments: {
2179
+ /** Human-readable name of the permission (role). */
1559
2180
  permissionName: string;
2181
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1560
2182
  permissionId: string;
2183
+ /** ID of the permission assignment. */
1561
2184
  assignmentId: string;
2185
+ /** List of API operations granted by this permission. */
1562
2186
  operations?: string[] | undefined;
1563
2187
  }[];
2188
+ /** Public key associated with the access token. */
1564
2189
  publicKey: string;
2190
+ /** Token id. */
1565
2191
  tokenId: string;
1566
2192
  }[];
1567
2193
  };
1568
2194
  export type GetServiceAccountRequest = GetServiceAccountParams;
1569
2195
  export type GetUserParams = {
2196
+ /** User id. */
1570
2197
  userId: string;
1571
2198
  };
1572
2199
  export type GetUserResponse = {
2200
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
1573
2201
  username: string;
2202
+ /** Display name of the user. */
1574
2203
  name: string;
1575
2204
  /** User id. */
1576
2205
  userId: string;
1577
2206
  /** User kind. */
1578
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
2207
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
2208
+ /** UUID of the user's primary credential. */
1579
2209
  credentialUuid: string;
1580
- orgId: string;
2210
+ /** Organization id. */
2211
+ orgId?: string | undefined;
2212
+ /** Tenant id. */
2213
+ tenantId?: string | undefined;
2214
+ /** @deprecated - Flat list of API operations the user has access to. */
1581
2215
  permissions?: string[] | undefined;
2216
+ /** Whether the user is active. */
1582
2217
  isActive: boolean;
2218
+ /** Whether the user is a service account. */
1583
2219
  isServiceAccount: boolean;
2220
+ /** Whether the user has completed registration. */
1584
2221
  isRegistered: boolean;
2222
+ /** Whether the user must authenticate via SSO. */
1585
2223
  isSSORequired: boolean;
2224
+ /** Permissions (roles) assigned to the user. */
1586
2225
  permissionAssignments: {
2226
+ /** Human-readable name of the permission (role). */
1587
2227
  permissionName: string;
2228
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1588
2229
  permissionId: string;
2230
+ /** ID of the permission assignment. */
1589
2231
  assignmentId: string;
2232
+ /** List of API operations granted by this permission. */
1590
2233
  operations?: string[] | undefined;
1591
2234
  }[];
1592
2235
  };
1593
2236
  export type GetUserRequest = GetUserParams;
2237
+ export type InviteTenantUserBody = {
2238
+ /** Email address of the existing Tenant User. */
2239
+ email: string;
2240
+ /** The kind of user being invited. It can only be "`TenantUser`" */
2241
+ kind: "TenantUser";
2242
+ };
2243
+ export type InviteTenantUserResponse = {};
2244
+ export type InviteTenantUserRequest = {
2245
+ body: InviteTenantUserBody;
2246
+ };
1594
2247
  export type ListApplicationsResponse = {
2248
+ /** Current page items. */
1595
2249
  items: {
2250
+ /** ID of the application (deprecated). */
1596
2251
  appId: string;
1597
2252
  kind: "ServerSideApplication" | "ClientSideApplication";
2253
+ /** Organization id. */
1598
2254
  orgId: string;
2255
+ /** Expected relying party ID for webauthn (deprecated). */
1599
2256
  expectedRpId?: string | undefined;
2257
+ /** Human-readable name of the application. */
1600
2258
  name: string;
2259
+ /** Whether the application is active. */
1601
2260
  isActive: boolean;
2261
+ /** Expected origin for webauthn (deprecated). */
1602
2262
  expectedOrigin?: string | undefined;
2263
+ /** Permissions (roles) assigned to the application. */
1603
2264
  permissionAssignments: {
2265
+ /** Human-readable name of the permission (role). */
1604
2266
  permissionName: string;
2267
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1605
2268
  permissionId: string;
2269
+ /** ID of the permission assignment. */
1606
2270
  assignmentId: string;
2271
+ /** List of API operations granted by this permission. */
1607
2272
  operations?: string[] | undefined;
1608
2273
  }[];
2274
+ /** Access tokens associated with the application. */
1609
2275
  accessTokens: {
2276
+ /** The access token. Only returned at creation time. */
1610
2277
  accessToken?: string | undefined;
1611
2278
  dateCreated: string;
2279
+ /** ID of the credential associated with the access token. */
1612
2280
  credId: string;
2281
+ /** Whether the access token is active. */
1613
2282
  isActive: boolean;
1614
2283
  /** Access token kind. */
1615
2284
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
2285
+ /** User id. */
1616
2286
  linkedUserId: string;
2287
+ /** ID of the application the access token is linked to. */
1617
2288
  linkedAppId: string;
2289
+ /** Human-readable name of the access token. */
1618
2290
  name: string;
2291
+ /** Organization id. */
1619
2292
  orgId: string;
2293
+ /** Permissions (roles) assigned to the access token. */
1620
2294
  permissionAssignments: {
2295
+ /** Human-readable name of the permission (role). */
1621
2296
  permissionName: string;
2297
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1622
2298
  permissionId: string;
2299
+ /** ID of the permission assignment. */
1623
2300
  assignmentId: string;
2301
+ /** List of API operations granted by this permission. */
1624
2302
  operations?: string[] | undefined;
1625
2303
  }[];
2304
+ /** Public key associated with the access token. */
1626
2305
  publicKey: string;
2306
+ /** Token id. */
1627
2307
  tokenId: string;
1628
2308
  }[];
1629
2309
  }[];
@@ -1639,111 +2319,186 @@ export type ListAuditLogsRequest = {
1639
2319
  query?: ListAuditLogsQuery;
1640
2320
  };
1641
2321
  export type ListCredentialsResponse = {
2322
+ /** Current page items. */
1642
2323
  items: {
1643
2324
  kind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
2325
+ /** Credential ID from the WebAuthn authenticator (base64url). */
1644
2326
  credentialId: string;
2327
+ /** Dfns-internal UUID of the credential. */
1645
2328
  credentialUuid: string;
1646
2329
  dateCreated: string;
2330
+ /** Whether the credential is active. */
1647
2331
  isActive: boolean;
2332
+ /** Human-readable name of the credential. */
1648
2333
  name: string;
2334
+ /** Public key of the credential. */
1649
2335
  publicKey: string;
2336
+ /** Relying party identifier associated with the credential. */
1650
2337
  relyingPartyId: string;
2338
+ /** Origin where the credential was created. */
1651
2339
  origin: string;
1652
2340
  }[];
1653
2341
  };
2342
+ export type ListUserCredentialsResponse = ListCredentialsResponse;
1654
2343
  export type ListPersonalAccessTokensResponse = {
2344
+ /** Current page items. */
1655
2345
  items: {
2346
+ /** The access token. Only returned at creation time. */
1656
2347
  accessToken?: string | undefined;
1657
2348
  dateCreated: string;
2349
+ /** ID of the credential associated with the access token. */
1658
2350
  credId: string;
2351
+ /** Whether the access token is active. */
1659
2352
  isActive: boolean;
1660
2353
  /** Access token kind. */
1661
2354
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
2355
+ /** User id. */
1662
2356
  linkedUserId: string;
2357
+ /** ID of the application the access token is linked to. */
1663
2358
  linkedAppId: string;
2359
+ /** Human-readable name of the access token. */
1664
2360
  name: string;
2361
+ /** Organization id. */
1665
2362
  orgId: string;
2363
+ /** Permissions (roles) assigned to the access token. */
1666
2364
  permissionAssignments: {
2365
+ /** Human-readable name of the permission (role). */
1667
2366
  permissionName: string;
2367
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1668
2368
  permissionId: string;
2369
+ /** ID of the permission assignment. */
1669
2370
  assignmentId: string;
2371
+ /** List of API operations granted by this permission. */
1670
2372
  operations?: string[] | undefined;
1671
2373
  }[];
2374
+ /** Public key associated with the access token. */
1672
2375
  publicKey: string;
2376
+ /** Token id. */
1673
2377
  tokenId: string;
1674
2378
  }[];
1675
2379
  };
1676
2380
  export type ListServiceAccountsResponse = {
2381
+ /** Current page items. */
1677
2382
  items: {
1678
2383
  userInfo: {
2384
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
1679
2385
  username: string;
2386
+ /** Display name of the user. */
1680
2387
  name: string;
1681
2388
  /** User id. */
1682
2389
  userId: string;
1683
2390
  /** User kind. */
1684
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
2391
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
2392
+ /** UUID of the user's primary credential. */
1685
2393
  credentialUuid: string;
1686
- orgId: string;
2394
+ /** Organization id. */
2395
+ orgId?: string | undefined;
2396
+ /** Tenant id. */
2397
+ tenantId?: string | undefined;
2398
+ /** @deprecated - Flat list of API operations the user has access to. */
1687
2399
  permissions?: string[] | undefined;
2400
+ /** Whether the user is active. */
1688
2401
  isActive: boolean;
2402
+ /** Whether the user is a service account. */
1689
2403
  isServiceAccount: boolean;
2404
+ /** Whether the user has completed registration. */
1690
2405
  isRegistered: boolean;
2406
+ /** Permissions (roles) assigned to the user. */
1691
2407
  permissionAssignments: {
2408
+ /** Human-readable name of the permission (role). */
1692
2409
  permissionName: string;
2410
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1693
2411
  permissionId: string;
2412
+ /** ID of the permission assignment. */
1694
2413
  assignmentId: string;
2414
+ /** List of API operations granted by this permission. */
1695
2415
  operations?: string[] | undefined;
1696
2416
  }[];
1697
2417
  };
1698
2418
  accessTokens: {
2419
+ /** The access token. Only returned at creation time. */
1699
2420
  accessToken?: string | undefined;
1700
2421
  dateCreated: string;
2422
+ /** ID of the credential associated with the access token. */
1701
2423
  credId: string;
2424
+ /** Whether the access token is active. */
1702
2425
  isActive: boolean;
1703
2426
  /** Access token kind. */
1704
2427
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
2428
+ /** User id. */
1705
2429
  linkedUserId: string;
2430
+ /** ID of the application the access token is linked to. */
1706
2431
  linkedAppId: string;
2432
+ /** Human-readable name of the access token. */
1707
2433
  name: string;
2434
+ /** Organization id. */
1708
2435
  orgId: string;
2436
+ /** Permissions (roles) assigned to the access token. */
1709
2437
  permissionAssignments: {
2438
+ /** Human-readable name of the permission (role). */
1710
2439
  permissionName: string;
2440
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1711
2441
  permissionId: string;
2442
+ /** ID of the permission assignment. */
1712
2443
  assignmentId: string;
2444
+ /** List of API operations granted by this permission. */
1713
2445
  operations?: string[] | undefined;
1714
2446
  }[];
2447
+ /** Public key associated with the access token. */
1715
2448
  publicKey: string;
2449
+ /** Token id. */
1716
2450
  tokenId: string;
1717
2451
  }[];
1718
2452
  }[];
1719
2453
  };
1720
2454
  export type ListUsersQuery = {
2455
+ /** Maximum number of items to return. */
1721
2456
  limit?: number | undefined;
2457
+ /** Opaque token used to retrieve the next page. Returned as `nextPageToken` from the previous request. */
1722
2458
  paginationToken?: string | undefined;
2459
+ /** Filter users by kind. */
1723
2460
  kind?: ("CustomerEmployee" | "EndUser") | undefined;
1724
2461
  };
1725
2462
  export type ListUsersResponse = {
2463
+ /** Current page items. */
1726
2464
  items: {
2465
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
1727
2466
  username: string;
2467
+ /** Display name of the user. */
1728
2468
  name: string;
1729
2469
  /** User id. */
1730
2470
  userId: string;
1731
2471
  /** User kind. */
1732
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
2472
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
2473
+ /** UUID of the user's primary credential. */
1733
2474
  credentialUuid: string;
1734
- orgId: string;
2475
+ /** Organization id. */
2476
+ orgId?: string | undefined;
2477
+ /** Tenant id. */
2478
+ tenantId?: string | undefined;
2479
+ /** @deprecated - Flat list of API operations the user has access to. */
1735
2480
  permissions?: string[] | undefined;
2481
+ /** Whether the user is active. */
1736
2482
  isActive: boolean;
2483
+ /** Whether the user is a service account. */
1737
2484
  isServiceAccount: boolean;
2485
+ /** Whether the user has completed registration. */
1738
2486
  isRegistered: boolean;
2487
+ /** Whether the user must authenticate via SSO. */
1739
2488
  isSSORequired: boolean;
2489
+ /** Permissions (roles) assigned to the user. */
1740
2490
  permissionAssignments: {
2491
+ /** Human-readable name of the permission (role). */
1741
2492
  permissionName: string;
2493
+ /** ID of the permission (also referred to as "role" in the dashboard). */
1742
2494
  permissionId: string;
2495
+ /** ID of the permission assignment. */
1743
2496
  assignmentId: string;
2497
+ /** List of API operations granted by this permission. */
1744
2498
  operations?: string[] | undefined;
1745
2499
  }[];
1746
2500
  }[];
2501
+ /** token to use as `paginationToken` to request the next page. */
1747
2502
  nextPageToken?: string | undefined;
1748
2503
  };
1749
2504
  export type ListUsersRequest = {
@@ -1795,6 +2550,7 @@ export type LoginBody = {
1795
2550
  };
1796
2551
  } | {
1797
2552
  kind: "Password";
2553
+ /** User password. */
1798
2554
  password: string;
1799
2555
  };
1800
2556
  /** Second factor credential used to authenticate a user. */
@@ -1840,12 +2596,15 @@ export type LoginBody = {
1840
2596
  };
1841
2597
  } | {
1842
2598
  kind: "Totp";
2599
+ /** TOTP one-time code. */
1843
2600
  otpCode: string;
1844
2601
  }) | undefined;
1845
2602
  };
1846
2603
  export type LoginResponse = {
2604
+ /** Authentication token issued to the user. */
1847
2605
  token: string;
1848
2606
  } | {
2607
+ /** Identifier of the SSO client to use to complete the login flow. */
1849
2608
  ssoClientId: string;
1850
2609
  };
1851
2610
  export type LoginRequest = {
@@ -1855,6 +2614,7 @@ export type LogoutBody = {
1855
2614
  allSessions?: boolean | undefined;
1856
2615
  } | undefined;
1857
2616
  export type LogoutResponse = {
2617
+ /** Human-readable success message. */
1858
2618
  message: string;
1859
2619
  };
1860
2620
  export type LogoutRequest = {
@@ -1878,288 +2638,424 @@ export type RecoverBody = {
1878
2638
  firstFactorCredential: {
1879
2639
  credentialKind: "Fido2";
1880
2640
  credentialInfo: {
2641
+ /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
1881
2642
  credId: string;
2643
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
1882
2644
  clientData: string;
2645
+ /** Base64url-encoded attestation data returned by the user's WebAuthn client. */
1883
2646
  attestationData: string;
1884
2647
  };
2648
+ /** Human-readable name to assign to the credential. */
1885
2649
  credentialName?: string | undefined;
1886
2650
  } | {
1887
2651
  credentialKind: "Key";
1888
2652
  credentialInfo: {
2653
+ /** Base64url-encoded id of the credential. */
1889
2654
  credId: string;
2655
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
1890
2656
  clientData: string;
2657
+ /** Base64url-encoded public key. */
1891
2658
  attestationData: string;
1892
2659
  };
2660
+ /** Human-readable name to assign to the credential. */
1893
2661
  credentialName?: string | undefined;
1894
2662
  } | {
1895
2663
  credentialKind: "Password";
1896
2664
  credentialInfo: {
2665
+ /** User password. */
1897
2666
  password: string;
1898
2667
  };
2668
+ /** Human-readable name to assign to the credential. */
1899
2669
  credentialName?: string | undefined;
1900
2670
  } | {
1901
2671
  credentialKind: "PasswordProtectedKey";
1902
2672
  credentialInfo: {
2673
+ /** Base64url-encoded id of the credential. */
1903
2674
  credId: string;
2675
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
1904
2676
  clientData: string;
2677
+ /** Base64url-encoded public key. */
1905
2678
  attestationData: string;
1906
2679
  };
2680
+ /** User-encrypted private key. Dfns does not have the password to decrypt it. */
1907
2681
  encryptedPrivateKey: string;
2682
+ /** Human-readable name to assign to the credential. */
1908
2683
  credentialName?: string | undefined;
1909
2684
  };
1910
2685
  secondFactorCredential?: ({
1911
2686
  credentialKind: "Fido2";
1912
2687
  credentialInfo: {
2688
+ /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
1913
2689
  credId: string;
2690
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
1914
2691
  clientData: string;
2692
+ /** Base64url-encoded attestation data returned by the user's WebAuthn client. */
1915
2693
  attestationData: string;
1916
2694
  };
2695
+ /** Human-readable name to assign to the credential. */
1917
2696
  credentialName?: string | undefined;
1918
2697
  } | {
1919
2698
  credentialKind: "Key";
1920
2699
  credentialInfo: {
2700
+ /** Base64url-encoded id of the credential. */
1921
2701
  credId: string;
2702
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
1922
2703
  clientData: string;
2704
+ /** Base64url-encoded public key. */
1923
2705
  attestationData: string;
1924
2706
  };
2707
+ /** Human-readable name to assign to the credential. */
1925
2708
  credentialName?: string | undefined;
1926
2709
  } | {
1927
2710
  credentialKind: "Totp";
1928
2711
  credentialInfo: {
2712
+ /** TOTP one-time code. */
1929
2713
  otpCode: string;
1930
2714
  };
2715
+ /** Human-readable name to assign to the credential. */
1931
2716
  credentialName?: string | undefined;
1932
2717
  } | {
1933
2718
  credentialKind: "PasswordProtectedKey";
1934
2719
  credentialInfo: {
2720
+ /** Base64url-encoded id of the credential. */
1935
2721
  credId: string;
2722
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
1936
2723
  clientData: string;
2724
+ /** Base64url-encoded public key. */
1937
2725
  attestationData: string;
1938
2726
  };
2727
+ /** User-encrypted private key. Dfns does not have the password to decrypt it. */
1939
2728
  encryptedPrivateKey: string;
2729
+ /** Human-readable name to assign to the credential. */
1940
2730
  credentialName?: string | undefined;
1941
2731
  }) | undefined;
1942
2732
  /** Register a recovery key. See [Account Recovery](https://docs.dfns.co/api-reference/auth/account-recovery) for more details. */
1943
2733
  recoveryCredential?: {
1944
2734
  credentialKind: "RecoveryKey";
1945
2735
  credentialInfo: {
2736
+ /** Base64url-encoded id of the recovery credential. */
1946
2737
  credId: string;
2738
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
1947
2739
  clientData: string;
2740
+ /** Base64url-encoded public key. */
1948
2741
  attestationData: string;
1949
2742
  };
2743
+ /** User-encrypted private key for the recovery credential. */
1950
2744
  encryptedPrivateKey?: string | undefined;
2745
+ /** Human-readable name to assign to the credential. */
1951
2746
  credentialName?: string | undefined;
1952
2747
  } | undefined;
1953
2748
  };
1954
2749
  };
1955
2750
  export type RecoverResponse = {
1956
2751
  credential: {
2752
+ /** UUID of the credential that was registered. */
1957
2753
  uuid: string;
2754
+ /** Kind of credential that was registered. */
1958
2755
  kind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
2756
+ /** Human-readable name of the credential. */
1959
2757
  name: string;
1960
2758
  };
1961
2759
  user: {
2760
+ /** User id. */
1962
2761
  id: string;
2762
+ /** Username/identifier of the user. */
1963
2763
  username: string;
1964
- orgId: string;
2764
+ /** Organization id. */
2765
+ orgId?: string | undefined;
2766
+ /** Tenant id. */
2767
+ tenantId?: string | undefined;
1965
2768
  };
1966
2769
  };
1967
2770
  export type RecoverRequest = {
1968
2771
  body: RecoverBody;
1969
2772
  };
2773
+ export type CreateUserRecoveryBody = RecoverBody;
2774
+ export type CreateUserRecoveryResponse = RecoverResponse;
2775
+ export type CreateUserRecoveryRequest = RecoverRequest;
1970
2776
  export type RegisterBody = {
1971
2777
  firstFactorCredential: {
1972
2778
  credentialKind: "Fido2";
1973
2779
  credentialInfo: {
2780
+ /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
1974
2781
  credId: string;
2782
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
1975
2783
  clientData: string;
2784
+ /** Base64url-encoded attestation data returned by the user's WebAuthn client. */
1976
2785
  attestationData: string;
1977
2786
  };
2787
+ /** Human-readable name to assign to the credential. */
1978
2788
  credentialName?: string | undefined;
1979
2789
  } | {
1980
2790
  credentialKind: "Key";
1981
2791
  credentialInfo: {
2792
+ /** Base64url-encoded id of the credential. */
1982
2793
  credId: string;
2794
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
1983
2795
  clientData: string;
2796
+ /** Base64url-encoded public key. */
1984
2797
  attestationData: string;
1985
2798
  };
2799
+ /** Human-readable name to assign to the credential. */
1986
2800
  credentialName?: string | undefined;
1987
2801
  } | {
1988
2802
  credentialKind: "Password";
1989
2803
  credentialInfo: {
2804
+ /** User password. */
1990
2805
  password: string;
1991
2806
  };
2807
+ /** Human-readable name to assign to the credential. */
1992
2808
  credentialName?: string | undefined;
1993
2809
  } | {
1994
2810
  credentialKind: "PasswordProtectedKey";
1995
2811
  credentialInfo: {
2812
+ /** Base64url-encoded id of the credential. */
1996
2813
  credId: string;
2814
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
1997
2815
  clientData: string;
2816
+ /** Base64url-encoded public key. */
1998
2817
  attestationData: string;
1999
2818
  };
2819
+ /** User-encrypted private key. Dfns does not have the password to decrypt it. */
2000
2820
  encryptedPrivateKey: string;
2821
+ /** Human-readable name to assign to the credential. */
2001
2822
  credentialName?: string | undefined;
2002
2823
  };
2003
2824
  secondFactorCredential?: ({
2004
2825
  credentialKind: "Fido2";
2005
2826
  credentialInfo: {
2827
+ /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
2006
2828
  credId: string;
2829
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
2007
2830
  clientData: string;
2831
+ /** Base64url-encoded attestation data returned by the user's WebAuthn client. */
2008
2832
  attestationData: string;
2009
2833
  };
2834
+ /** Human-readable name to assign to the credential. */
2010
2835
  credentialName?: string | undefined;
2011
2836
  } | {
2012
2837
  credentialKind: "Key";
2013
2838
  credentialInfo: {
2839
+ /** Base64url-encoded id of the credential. */
2014
2840
  credId: string;
2841
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
2015
2842
  clientData: string;
2843
+ /** Base64url-encoded public key. */
2016
2844
  attestationData: string;
2017
2845
  };
2846
+ /** Human-readable name to assign to the credential. */
2018
2847
  credentialName?: string | undefined;
2019
2848
  } | {
2020
2849
  credentialKind: "Totp";
2021
2850
  credentialInfo: {
2851
+ /** TOTP one-time code. */
2022
2852
  otpCode: string;
2023
2853
  };
2854
+ /** Human-readable name to assign to the credential. */
2024
2855
  credentialName?: string | undefined;
2025
2856
  } | {
2026
2857
  credentialKind: "PasswordProtectedKey";
2027
2858
  credentialInfo: {
2859
+ /** Base64url-encoded id of the credential. */
2028
2860
  credId: string;
2861
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
2029
2862
  clientData: string;
2863
+ /** Base64url-encoded public key. */
2030
2864
  attestationData: string;
2031
2865
  };
2866
+ /** User-encrypted private key. Dfns does not have the password to decrypt it. */
2032
2867
  encryptedPrivateKey: string;
2868
+ /** Human-readable name to assign to the credential. */
2033
2869
  credentialName?: string | undefined;
2034
2870
  }) | undefined;
2035
2871
  /** Register a recovery key. See [Account Recovery](https://docs.dfns.co/api-reference/auth/account-recovery) for more details. */
2036
2872
  recoveryCredential?: {
2037
2873
  credentialKind: "RecoveryKey";
2038
2874
  credentialInfo: {
2875
+ /** Base64url-encoded id of the recovery credential. */
2039
2876
  credId: string;
2877
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
2040
2878
  clientData: string;
2879
+ /** Base64url-encoded public key. */
2041
2880
  attestationData: string;
2042
2881
  };
2882
+ /** User-encrypted private key for the recovery credential. */
2043
2883
  encryptedPrivateKey?: string | undefined;
2884
+ /** Human-readable name to assign to the credential. */
2044
2885
  credentialName?: string | undefined;
2045
2886
  } | undefined;
2046
2887
  };
2047
2888
  export type RegisterResponse = {
2048
2889
  credential: {
2890
+ /** UUID of the credential that was registered. */
2049
2891
  uuid: string;
2892
+ /** Kind of credential that was registered. */
2050
2893
  kind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
2894
+ /** Human-readable name of the credential. */
2051
2895
  name: string;
2052
2896
  };
2053
2897
  user: {
2898
+ /** User id. */
2054
2899
  id: string;
2900
+ /** Username/identifier of the user. */
2055
2901
  username: string;
2056
- orgId: string;
2902
+ /** Organization id. */
2903
+ orgId?: string | undefined;
2904
+ /** Tenant id. */
2905
+ tenantId?: string | undefined;
2057
2906
  };
2058
2907
  };
2059
2908
  export type RegisterRequest = {
2060
2909
  body: RegisterBody;
2061
2910
  };
2911
+ export type CreateUserRegistrationBody = RegisterBody;
2912
+ export type CreateUserRegistrationResponse = RegisterResponse;
2913
+ export type CreateUserRegistrationRequest = RegisterRequest;
2062
2914
  export type RegisterEndUserBody = {
2063
2915
  firstFactorCredential: {
2064
2916
  credentialKind: "Fido2";
2065
2917
  credentialInfo: {
2918
+ /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
2066
2919
  credId: string;
2920
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
2067
2921
  clientData: string;
2922
+ /** Base64url-encoded attestation data returned by the user's WebAuthn client. */
2068
2923
  attestationData: string;
2069
2924
  };
2925
+ /** Human-readable name to assign to the credential. */
2070
2926
  credentialName?: string | undefined;
2071
2927
  } | {
2072
2928
  credentialKind: "Key";
2073
2929
  credentialInfo: {
2930
+ /** Base64url-encoded id of the credential. */
2074
2931
  credId: string;
2932
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
2075
2933
  clientData: string;
2934
+ /** Base64url-encoded public key. */
2076
2935
  attestationData: string;
2077
2936
  };
2937
+ /** Human-readable name to assign to the credential. */
2078
2938
  credentialName?: string | undefined;
2079
2939
  } | {
2080
2940
  credentialKind: "Password";
2081
2941
  credentialInfo: {
2942
+ /** User password. */
2082
2943
  password: string;
2083
2944
  };
2945
+ /** Human-readable name to assign to the credential. */
2084
2946
  credentialName?: string | undefined;
2085
2947
  } | {
2086
2948
  credentialKind: "PasswordProtectedKey";
2087
2949
  credentialInfo: {
2950
+ /** Base64url-encoded id of the credential. */
2088
2951
  credId: string;
2952
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
2089
2953
  clientData: string;
2954
+ /** Base64url-encoded public key. */
2090
2955
  attestationData: string;
2091
2956
  };
2957
+ /** User-encrypted private key. Dfns does not have the password to decrypt it. */
2092
2958
  encryptedPrivateKey: string;
2959
+ /** Human-readable name to assign to the credential. */
2093
2960
  credentialName?: string | undefined;
2094
2961
  };
2095
2962
  secondFactorCredential?: ({
2096
2963
  credentialKind: "Fido2";
2097
2964
  credentialInfo: {
2965
+ /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
2098
2966
  credId: string;
2967
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
2099
2968
  clientData: string;
2969
+ /** Base64url-encoded attestation data returned by the user's WebAuthn client. */
2100
2970
  attestationData: string;
2101
2971
  };
2972
+ /** Human-readable name to assign to the credential. */
2102
2973
  credentialName?: string | undefined;
2103
2974
  } | {
2104
2975
  credentialKind: "Key";
2105
2976
  credentialInfo: {
2977
+ /** Base64url-encoded id of the credential. */
2106
2978
  credId: string;
2979
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
2107
2980
  clientData: string;
2981
+ /** Base64url-encoded public key. */
2108
2982
  attestationData: string;
2109
2983
  };
2984
+ /** Human-readable name to assign to the credential. */
2110
2985
  credentialName?: string | undefined;
2111
2986
  } | {
2112
2987
  credentialKind: "Totp";
2113
2988
  credentialInfo: {
2989
+ /** TOTP one-time code. */
2114
2990
  otpCode: string;
2115
2991
  };
2992
+ /** Human-readable name to assign to the credential. */
2116
2993
  credentialName?: string | undefined;
2117
2994
  } | {
2118
2995
  credentialKind: "PasswordProtectedKey";
2119
2996
  credentialInfo: {
2997
+ /** Base64url-encoded id of the credential. */
2120
2998
  credId: string;
2999
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
2121
3000
  clientData: string;
3001
+ /** Base64url-encoded public key. */
2122
3002
  attestationData: string;
2123
3003
  };
3004
+ /** User-encrypted private key. Dfns does not have the password to decrypt it. */
2124
3005
  encryptedPrivateKey: string;
3006
+ /** Human-readable name to assign to the credential. */
2125
3007
  credentialName?: string | undefined;
2126
3008
  }) | undefined;
2127
3009
  /** Register a recovery key. See [Account Recovery](https://docs.dfns.co/api-reference/auth/account-recovery) for more details. */
2128
3010
  recoveryCredential?: {
2129
3011
  credentialKind: "RecoveryKey";
2130
3012
  credentialInfo: {
3013
+ /** Base64url-encoded id of the recovery credential. */
2131
3014
  credId: string;
3015
+ /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object. */
2132
3016
  clientData: string;
3017
+ /** Base64url-encoded public key. */
2133
3018
  attestationData: string;
2134
3019
  };
3020
+ /** User-encrypted private key for the recovery credential. */
2135
3021
  encryptedPrivateKey?: string | undefined;
3022
+ /** Human-readable name to assign to the credential. */
2136
3023
  credentialName?: string | undefined;
2137
3024
  } | undefined;
2138
3025
  wallets: {
2139
- network: ("Algorand" | "AlgorandTestnet" | "Aptos" | "AptosTestnet" | "ArbitrumOne" | "ArbitrumGoerli" | "ArbitrumSepolia" | "ArcTestnet" | "Areum" | "AvalancheC" | "AvalancheCFuji" | "Adi" | "AdiTestnet" | "AdiTestnetAb" | "BabylonGenesis" | "BabylonTestnet5" | "Base" | "BaseGoerli" | "BaseSepolia" | "Berachain" | "BerachainBArtio" | "BerachainBepolia" | "BesuTestnet" | "Bitcoin" | "BitcoinSignet" | "BitcoinTestnet3" | "BitcoinTestnet4" | "BitcoinCash" | "BitcoinCashTestnet" | "Bob" | "BobSepolia" | "Bsc" | "BscTestnet" | "Canton" | "CantonDevnet" | "CantonTestnet" | "Cardano" | "CardanoPreprod" | "Concordium" | "ConcordiumTestnet" | "Celo" | "CeloAlfajores" | "Codex" | "CodexSepolia" | "CosmosHub4" | "CosmosIcsTestnet" | "Dogecoin" | "DogecoinTestnet" | "Ethereum" | "EthereumClassic" | "EthereumClassicMordor" | "EthereumGoerli" | "EthereumSepolia" | "EthereumHolesky" | "EthereumHoodi" | "FantomOpera" | "FantomTestnet" | "FlareC" | "FlareCCoston2" | "FlowEvm" | "FlowEvmTestnet" | "Hedera" | "HederaTestnet" | "Ink" | "InkSepolia" | "InternetComputer" | "Ion" | "IonTestnet" | "Iota" | "IotaTestnet" | "IotaZodianet" | "Kaspa" | "KaspaTestnet11" | "Kusama" | "KusamaAssetHub" | "Litecoin" | "LitecoinTestnet" | "Near" | "NearTestnet" | "Optimism" | "OptimismGoerli" | "OptimismSepolia" | "Origyn" | "Plasma" | "PlasmaTestnet" | "Plume" | "PlumeSepolia" | "Paseo" | "PaseoAssetHub" | "Polkadot" | "PolkadotAssetHub" | "Polygon" | "PolygonAmoy" | "PolygonMumbai" | "Polymesh" | "PolymeshTestnet" | "Race" | "RaceSepolia" | "SeiAtlantic2" | "SeiPacific1" | "Solana" | "SolanaDevnet" | "Sonic" | "SonicTestnet" | "Starknet" | "StarknetSepolia" | "Stellar" | "StellarTestnet" | "Sui" | "SuiTestnet" | "Tezos" | "TezosGhostnet" | "TezosShadownet" | "Tempo" | "TempoAndantino" | "TempoModerato" | "Tsc" | "TscTestnet1" | "Ton" | "TonTestnet" | "Tron" | "TronNile" | "Westend" | "WestendAssetHub" | "Xdc" | "XdcApothem" | "XLayer" | "XLayerSepolia" | "XrpLedger" | "XrpLedgerTestnet") | ("KeyECDSA" | "KeyEdDSA" | "KeyECDSAStark");
3026
+ network: ("Algorand" | "AlgorandTestnet" | "Aptos" | "AptosTestnet" | "ArbitrumOne" | "ArbitrumGoerli" | "ArbitrumSepolia" | "ArcTestnet" | "Areum" | "AvalancheC" | "AvalancheCFuji" | "Adi" | "AdiTestnet" | "AdiTestnetAb" | "BabylonGenesis" | "BabylonTestnet5" | "Base" | "BaseGoerli" | "BaseSepolia" | "Berachain" | "BerachainBArtio" | "BerachainBepolia" | "BesuTestnet" | "BesuTestnet2" | "Bitcoin" | "BitcoinSignet" | "BitcoinTestnet3" | "BitcoinTestnet4" | "BitcoinCash" | "BitcoinCashTestnet" | "Bob" | "BobSepolia" | "Bsc" | "BscTestnet" | "Canton" | "CantonDevnet" | "CantonTestnet" | "Cardano" | "CardanoPreprod" | "Concordium" | "ConcordiumTestnet" | "Celo" | "CeloAlfajores" | "Codex" | "CodexSepolia" | "CosmosHub4" | "CosmosIcsTestnet" | "Dogecoin" | "DogecoinTestnet" | "Ethereum" | "EthereumClassic" | "EthereumClassicMordor" | "EthereumGoerli" | "EthereumSepolia" | "EthereumHolesky" | "EthereumHoodi" | "FantomOpera" | "FantomTestnet" | "FlareC" | "FlareCCoston2" | "FlowEvm" | "FlowEvmTestnet" | "IconTestnet" | "Hedera" | "HederaTestnet" | "Ink" | "InkSepolia" | "InternetComputer" | "Ion" | "IonTestnet" | "Iota" | "IotaTestnet" | "IotaZodianet" | "Kaspa" | "KaspaTestnet11" | "Kusama" | "KusamaAssetHub" | "Litecoin" | "LitecoinTestnet" | "Movement" | "MovementTestnet" | "Near" | "NearTestnet" | "Optimism" | "OptimismGoerli" | "OptimismSepolia" | "Origyn" | "Plasma" | "PlasmaTestnet" | "Plume" | "PlumeSepolia" | "Paseo" | "PaseoAssetHub" | "Polkadot" | "PolkadotAssetHub" | "Polygon" | "PolygonAmoy" | "PolygonMumbai" | "Polymesh" | "PolymeshTestnet" | "Race" | "RaceSepolia" | "Rayls" | "RaylsTestnet" | "Robinhood" | "RobinhoodSepolia" | "SeiAtlantic2" | "SeiPacific1" | "Solana" | "SolanaDevnet" | "Sonic" | "SonicTestnet" | "Starknet" | "StarknetSepolia" | "Stellar" | "StellarTestnet" | "Sui" | "SuiTestnet" | "Tezos" | "TezosGhostnet" | "TezosShadownet" | "Tempo" | "TempoAndantino" | "TempoModerato" | "Tsc" | "TscTestnet1" | "Ton" | "TonTestnet" | "Tron" | "TronNile" | "Westend" | "WestendAssetHub" | "Xdc" | "XdcApothem" | "XLayer" | "XLayerSepolia" | "XrpLedger" | "XrpLedgerTestnet") | ("KeyECDSA" | "KeyEdDSA" | "KeyECDSAStark");
2140
3027
  /** Wallet nickname. */
2141
3028
  name?: string | undefined;
2142
3029
  }[];
2143
3030
  };
2144
3031
  export type RegisterEndUserResponse = {
2145
3032
  credential: {
3033
+ /** UUID of the credential that was registered. */
2146
3034
  uuid: string;
3035
+ /** Kind of credential that was registered. */
2147
3036
  kind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
3037
+ /** Human-readable name of the credential. */
2148
3038
  name: string;
2149
3039
  };
2150
3040
  user: {
3041
+ /** User id. */
2151
3042
  id: string;
3043
+ /** Username/identifier of the user. */
2152
3044
  username: string;
2153
- orgId: string;
3045
+ /** Organization id. */
3046
+ orgId?: string | undefined;
3047
+ /** Tenant id. */
3048
+ tenantId?: string | undefined;
2154
3049
  };
2155
3050
  authentication: {
3051
+ /** Authentication token issued to the user. */
2156
3052
  token: string;
2157
3053
  };
2158
3054
  wallets: {
2159
3055
  /** ID of the wallet. */
2160
3056
  id: string;
2161
3057
  /** Network this wallet is bound to. */
2162
- network: ("Algorand" | "AlgorandTestnet" | "Aptos" | "AptosTestnet" | "ArbitrumOne" | "ArbitrumGoerli" | "ArbitrumSepolia" | "ArcTestnet" | "Areum" | "AvalancheC" | "AvalancheCFuji" | "Adi" | "AdiTestnet" | "AdiTestnetAb" | "BabylonGenesis" | "BabylonTestnet5" | "Base" | "BaseGoerli" | "BaseSepolia" | "Berachain" | "BerachainBArtio" | "BerachainBepolia" | "BesuTestnet" | "Bitcoin" | "BitcoinSignet" | "BitcoinTestnet3" | "BitcoinTestnet4" | "BitcoinCash" | "BitcoinCashTestnet" | "Bob" | "BobSepolia" | "Bsc" | "BscTestnet" | "Canton" | "CantonDevnet" | "CantonTestnet" | "Cardano" | "CardanoPreprod" | "Concordium" | "ConcordiumTestnet" | "Celo" | "CeloAlfajores" | "Codex" | "CodexSepolia" | "CosmosHub4" | "CosmosIcsTestnet" | "Dogecoin" | "DogecoinTestnet" | "Ethereum" | "EthereumClassic" | "EthereumClassicMordor" | "EthereumGoerli" | "EthereumSepolia" | "EthereumHolesky" | "EthereumHoodi" | "FantomOpera" | "FantomTestnet" | "FlareC" | "FlareCCoston2" | "FlowEvm" | "FlowEvmTestnet" | "Hedera" | "HederaTestnet" | "Ink" | "InkSepolia" | "InternetComputer" | "Ion" | "IonTestnet" | "Iota" | "IotaTestnet" | "IotaZodianet" | "Kaspa" | "KaspaTestnet11" | "Kusama" | "KusamaAssetHub" | "Litecoin" | "LitecoinTestnet" | "Near" | "NearTestnet" | "Optimism" | "OptimismGoerli" | "OptimismSepolia" | "Origyn" | "Plasma" | "PlasmaTestnet" | "Plume" | "PlumeSepolia" | "Paseo" | "PaseoAssetHub" | "Polkadot" | "PolkadotAssetHub" | "Polygon" | "PolygonAmoy" | "PolygonMumbai" | "Polymesh" | "PolymeshTestnet" | "Race" | "RaceSepolia" | "SeiAtlantic2" | "SeiPacific1" | "Solana" | "SolanaDevnet" | "Sonic" | "SonicTestnet" | "Starknet" | "StarknetSepolia" | "Stellar" | "StellarTestnet" | "Sui" | "SuiTestnet" | "Tezos" | "TezosGhostnet" | "TezosShadownet" | "Tempo" | "TempoAndantino" | "TempoModerato" | "Tsc" | "TscTestnet1" | "Ton" | "TonTestnet" | "Tron" | "TronNile" | "Westend" | "WestendAssetHub" | "Xdc" | "XdcApothem" | "XLayer" | "XLayerSepolia" | "XrpLedger" | "XrpLedgerTestnet") | ("KeyECDSA" | "KeyEdDSA" | "KeyECDSAStark");
3058
+ network: ("Algorand" | "AlgorandTestnet" | "Aptos" | "AptosTestnet" | "ArbitrumOne" | "ArbitrumGoerli" | "ArbitrumSepolia" | "ArcTestnet" | "Areum" | "AvalancheC" | "AvalancheCFuji" | "Adi" | "AdiTestnet" | "AdiTestnetAb" | "BabylonGenesis" | "BabylonTestnet5" | "Base" | "BaseGoerli" | "BaseSepolia" | "Berachain" | "BerachainBArtio" | "BerachainBepolia" | "BesuTestnet" | "BesuTestnet2" | "Bitcoin" | "BitcoinSignet" | "BitcoinTestnet3" | "BitcoinTestnet4" | "BitcoinCash" | "BitcoinCashTestnet" | "Bob" | "BobSepolia" | "Bsc" | "BscTestnet" | "Canton" | "CantonDevnet" | "CantonTestnet" | "Cardano" | "CardanoPreprod" | "Concordium" | "ConcordiumTestnet" | "Celo" | "CeloAlfajores" | "Codex" | "CodexSepolia" | "CosmosHub4" | "CosmosIcsTestnet" | "Dogecoin" | "DogecoinTestnet" | "Ethereum" | "EthereumClassic" | "EthereumClassicMordor" | "EthereumGoerli" | "EthereumSepolia" | "EthereumHolesky" | "EthereumHoodi" | "FantomOpera" | "FantomTestnet" | "FlareC" | "FlareCCoston2" | "FlowEvm" | "FlowEvmTestnet" | "IconTestnet" | "Hedera" | "HederaTestnet" | "Ink" | "InkSepolia" | "InternetComputer" | "Ion" | "IonTestnet" | "Iota" | "IotaTestnet" | "IotaZodianet" | "Kaspa" | "KaspaTestnet11" | "Kusama" | "KusamaAssetHub" | "Litecoin" | "LitecoinTestnet" | "Movement" | "MovementTestnet" | "Near" | "NearTestnet" | "Optimism" | "OptimismGoerli" | "OptimismSepolia" | "Origyn" | "Plasma" | "PlasmaTestnet" | "Plume" | "PlumeSepolia" | "Paseo" | "PaseoAssetHub" | "Polkadot" | "PolkadotAssetHub" | "Polygon" | "PolygonAmoy" | "PolygonMumbai" | "Polymesh" | "PolymeshTestnet" | "Race" | "RaceSepolia" | "Rayls" | "RaylsTestnet" | "Robinhood" | "RobinhoodSepolia" | "SeiAtlantic2" | "SeiPacific1" | "Solana" | "SolanaDevnet" | "Sonic" | "SonicTestnet" | "Starknet" | "StarknetSepolia" | "Stellar" | "StellarTestnet" | "Sui" | "SuiTestnet" | "Tezos" | "TezosGhostnet" | "TezosShadownet" | "Tempo" | "TempoAndantino" | "TempoModerato" | "Tsc" | "TscTestnet1" | "Ton" | "TonTestnet" | "Tron" | "TronNile" | "Westend" | "WestendAssetHub" | "Xdc" | "XdcApothem" | "XLayer" | "XLayerSepolia" | "XrpLedger" | "XrpLedgerTestnet") | ("KeyECDSA" | "KeyEdDSA" | "KeyECDSAStark");
2163
3059
  /** Wallet address on its corresponding network. */
2164
3060
  address?: string | undefined;
2165
3061
  /** Details about the key underlying the wallet. */
@@ -2197,41 +3093,60 @@ export type RegisterEndUserRequest = {
2197
3093
  body: RegisterEndUserBody;
2198
3094
  };
2199
3095
  export type ResendRegistrationCodeBody = {
3096
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
2200
3097
  username: string;
2201
- orgId: string;
3098
+ /** Organization id. */
3099
+ orgId?: string | undefined;
3100
+ /** Tenant id. */
3101
+ tenantId?: string | undefined;
2202
3102
  };
2203
3103
  export type ResendRegistrationCodeResponse = {
3104
+ /** Human-readable success message. */
2204
3105
  message: string;
2205
3106
  };
2206
3107
  export type ResendRegistrationCodeRequest = {
2207
3108
  body: ResendRegistrationCodeBody;
2208
3109
  };
2209
3110
  export type SendLoginCodeBody = {
3111
+ /** Username/identifier of the user to send the login code to. */
2210
3112
  username: string;
2211
- orgId: string;
3113
+ /** Organization id. */
3114
+ orgId?: string | undefined;
3115
+ /** Tenant id. */
3116
+ tenantId?: string | undefined;
2212
3117
  };
2213
3118
  export type SendLoginCodeResponse = {
3119
+ /** Human-readable success message. */
2214
3120
  message: string;
2215
3121
  };
2216
3122
  export type SendLoginCodeRequest = {
2217
3123
  body: SendLoginCodeBody;
2218
3124
  };
2219
3125
  export type SendRecoveryCodeBody = {
3126
+ /** Username/identifier of the user to send the recovery code to. */
2220
3127
  username: string;
2221
- orgId: string;
3128
+ /** Organization id. */
3129
+ orgId?: string | undefined;
3130
+ /** Tenant id. */
3131
+ tenantId?: string | undefined;
2222
3132
  };
2223
3133
  export type SendRecoveryCodeResponse = {
3134
+ /** Human-readable success message. */
2224
3135
  message: string;
2225
3136
  };
2226
3137
  export type SendRecoveryCodeRequest = {
2227
3138
  body: SendRecoveryCodeBody;
2228
3139
  };
2229
3140
  export type SocialLoginBody = {
3141
+ /** Organization id. */
2230
3142
  orgId?: string | undefined;
3143
+ /** Social login provider used to issue the JWT. */
2231
3144
  socialLoginProviderKind: "Oidc";
3145
+ /** JWT id token issued by the social login provider. */
2232
3146
  idToken: string;
2233
3147
  };
2234
3148
  export type SocialLoginResponse = {
3149
+ /** Authentication token issued to the user. */
2235
3150
  token: string;
2236
3151
  };
2237
3152
  export type SocialLoginRequest = {
@@ -2244,6 +3159,7 @@ export type SsoLoginBody = {
2244
3159
  state: string;
2245
3160
  };
2246
3161
  export type SsoLoginResponse = {
3162
+ /** Authentication token issued to the user. */
2247
3163
  token: string;
2248
3164
  };
2249
3165
  export type SsoLoginRequest = {
@@ -2265,81 +3181,130 @@ export type SsoLoginInitRequest = {
2265
3181
  body: SsoLoginInitBody;
2266
3182
  };
2267
3183
  export type UpdatePersonalAccessTokenBody = {
3184
+ /** Updated human-readable name of the Personal Access Token. */
2268
3185
  name?: string | undefined;
3186
+ /** Value that can be used to correlate the entity with an external system. */
2269
3187
  externalId?: string | undefined;
2270
3188
  };
2271
3189
  export type UpdatePersonalAccessTokenParams = {
3190
+ /** Token id. */
2272
3191
  tokenId: string;
2273
3192
  };
2274
3193
  export type UpdatePersonalAccessTokenResponse = {
3194
+ /** The access token. Only returned at creation time. */
2275
3195
  accessToken?: string | undefined;
2276
3196
  dateCreated: string;
3197
+ /** ID of the credential associated with the access token. */
2277
3198
  credId: string;
3199
+ /** Whether the access token is active. */
2278
3200
  isActive: boolean;
2279
3201
  /** Access token kind. */
2280
3202
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
3203
+ /** User id. */
2281
3204
  linkedUserId: string;
3205
+ /** ID of the application the access token is linked to. */
2282
3206
  linkedAppId: string;
3207
+ /** Human-readable name of the access token. */
2283
3208
  name: string;
3209
+ /** Organization id. */
2284
3210
  orgId: string;
3211
+ /** Permissions (roles) assigned to the access token. */
2285
3212
  permissionAssignments: {
3213
+ /** Human-readable name of the permission (role). */
2286
3214
  permissionName: string;
3215
+ /** ID of the permission (also referred to as "role" in the dashboard). */
2287
3216
  permissionId: string;
3217
+ /** ID of the permission assignment. */
2288
3218
  assignmentId: string;
3219
+ /** List of API operations granted by this permission. */
2289
3220
  operations?: string[] | undefined;
2290
3221
  }[];
3222
+ /** Public key associated with the access token. */
2291
3223
  publicKey: string;
3224
+ /** Token id. */
2292
3225
  tokenId: string;
2293
3226
  };
2294
3227
  export type UpdatePersonalAccessTokenRequest = UpdatePersonalAccessTokenParams & {
2295
3228
  body: UpdatePersonalAccessTokenBody;
2296
3229
  };
2297
3230
  export type UpdateServiceAccountBody = {
3231
+ /** Updated human-readable name of the Service Account. */
2298
3232
  name?: string | undefined;
3233
+ /** Value that can be used to correlate the entity with an external system. */
2299
3234
  externalId?: string | undefined;
2300
3235
  };
2301
3236
  export type UpdateServiceAccountParams = {
3237
+ /** ID of the service account. */
2302
3238
  serviceAccountId: string;
2303
3239
  };
2304
3240
  export type UpdateServiceAccountResponse = {
2305
3241
  userInfo: {
3242
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
2306
3243
  username: string;
3244
+ /** Display name of the user. */
2307
3245
  name: string;
2308
3246
  /** User id. */
2309
3247
  userId: string;
2310
3248
  /** User kind. */
2311
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
3249
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
3250
+ /** UUID of the user's primary credential. */
2312
3251
  credentialUuid: string;
2313
- orgId: string;
3252
+ /** Organization id. */
3253
+ orgId?: string | undefined;
3254
+ /** Tenant id. */
3255
+ tenantId?: string | undefined;
3256
+ /** @deprecated - Flat list of API operations the user has access to. */
2314
3257
  permissions?: string[] | undefined;
3258
+ /** Whether the user is active. */
2315
3259
  isActive: boolean;
3260
+ /** Whether the user is a service account. */
2316
3261
  isServiceAccount: boolean;
3262
+ /** Whether the user has completed registration. */
2317
3263
  isRegistered: boolean;
3264
+ /** Permissions (roles) assigned to the user. */
2318
3265
  permissionAssignments: {
3266
+ /** Human-readable name of the permission (role). */
2319
3267
  permissionName: string;
3268
+ /** ID of the permission (also referred to as "role" in the dashboard). */
2320
3269
  permissionId: string;
3270
+ /** ID of the permission assignment. */
2321
3271
  assignmentId: string;
3272
+ /** List of API operations granted by this permission. */
2322
3273
  operations?: string[] | undefined;
2323
3274
  }[];
2324
3275
  };
2325
3276
  accessTokens: {
3277
+ /** The access token. Only returned at creation time. */
2326
3278
  accessToken?: string | undefined;
2327
3279
  dateCreated: string;
3280
+ /** ID of the credential associated with the access token. */
2328
3281
  credId: string;
3282
+ /** Whether the access token is active. */
2329
3283
  isActive: boolean;
2330
3284
  /** Access token kind. */
2331
3285
  kind: "Pat" | "ServiceAccount" | "Token" | "Code" | "Recovery" | "Temp" | "Application";
3286
+ /** User id. */
2332
3287
  linkedUserId: string;
3288
+ /** ID of the application the access token is linked to. */
2333
3289
  linkedAppId: string;
3290
+ /** Human-readable name of the access token. */
2334
3291
  name: string;
3292
+ /** Organization id. */
2335
3293
  orgId: string;
3294
+ /** Permissions (roles) assigned to the access token. */
2336
3295
  permissionAssignments: {
3296
+ /** Human-readable name of the permission (role). */
2337
3297
  permissionName: string;
3298
+ /** ID of the permission (also referred to as "role" in the dashboard). */
2338
3299
  permissionId: string;
3300
+ /** ID of the permission assignment. */
2339
3301
  assignmentId: string;
3302
+ /** List of API operations granted by this permission. */
2340
3303
  operations?: string[] | undefined;
2341
3304
  }[];
3305
+ /** Public key associated with the access token. */
2342
3306
  publicKey: string;
3307
+ /** Token id. */
2343
3308
  tokenId: string;
2344
3309
  }[];
2345
3310
  };
@@ -2350,26 +3315,43 @@ export type UpdateUserBody = {
2350
3315
  isSSORequired: boolean;
2351
3316
  };
2352
3317
  export type UpdateUserParams = {
3318
+ /** User id. */
2353
3319
  userId: string;
2354
3320
  };
2355
3321
  export type UpdateUserResponse = {
3322
+ /** Username/identifier of the user (any unique string accepted, e.g. your internal user ID or email). */
2356
3323
  username: string;
3324
+ /** Display name of the user. */
2357
3325
  name: string;
2358
3326
  /** User id. */
2359
3327
  userId: string;
2360
3328
  /** User kind. */
2361
- kind: "DfnsStaff" | "AccountUser" | "CustomerEmployee" | "EndUser";
3329
+ kind: "DfnsStaff" | "TenantUser" | "CustomerEmployee" | "EndUser";
3330
+ /** UUID of the user's primary credential. */
2362
3331
  credentialUuid: string;
2363
- orgId: string;
3332
+ /** Organization id. */
3333
+ orgId?: string | undefined;
3334
+ /** Tenant id. */
3335
+ tenantId?: string | undefined;
3336
+ /** @deprecated - Flat list of API operations the user has access to. */
2364
3337
  permissions?: string[] | undefined;
3338
+ /** Whether the user is active. */
2365
3339
  isActive: boolean;
3340
+ /** Whether the user is a service account. */
2366
3341
  isServiceAccount: boolean;
3342
+ /** Whether the user has completed registration. */
2367
3343
  isRegistered: boolean;
3344
+ /** Whether the user must authenticate via SSO. */
2368
3345
  isSSORequired: boolean;
3346
+ /** Permissions (roles) assigned to the user. */
2369
3347
  permissionAssignments: {
3348
+ /** Human-readable name of the permission (role). */
2370
3349
  permissionName: string;
3350
+ /** ID of the permission (also referred to as "role" in the dashboard). */
2371
3351
  permissionId: string;
3352
+ /** ID of the permission assignment. */
2372
3353
  assignmentId: string;
3354
+ /** List of API operations granted by this permission. */
2373
3355
  operations?: string[] | undefined;
2374
3356
  }[];
2375
3357
  };