Delegate Key
Delegates a key to an end user. Only keys created with delayDelegation: true can be delegated using this endpoint. This requirement ensures that you intentionally designate a key for later delegation, helping prevent accidental delegation of sensitive or treasury‑level keys.
When a key is delegated to an end user, all wallets that use this key as their signing key are also automatically delegated to the same user. This keeps key and wallet ownership consistent across the system.This operation is irreversible. After delegation, ownership of the key is permanently transferred to the end user.In most cases, if you want to implement wallet delegation, create the wallet by directly delegating it to an end user from the start, making it non‑custodial immediately. The delayed delegation feature is intended for situations where the key or wallet must be created before the end user has access to the system.
- HTTP request
- POST /keys/{keyId}/delegate
- Authorization requirements
-
Header Type Required Description Authorizationstring Yes Bearer token used to authenticate the request. See Authentication flows for instructions on generating this token. X-DFNS-USERACTIONstring Yes User action signature used to authorize change-inducing requests. See User Action Signing flows for instructions on generating this signature. - Path parameter
-
Parameter Type Required Description keyId string Yes ID of the key to delegate. Minimum length: 1. - Request body
-
Field Type Required Description delegateTo string Yes ID of the end user to whom the key will be delegated. Minimum length: 1. curl --request POST \ --url https://api.digitalassets.ibm.com/keys/{keyId}/delegate \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --header 'X-DFNS-USERACTION: <api-key>' \ --data ' { "delegateTo": "<string>" } ' - Response
- 200: Success
Example response:
{ "keyId": "<string>", "status": "Delegated" }