Dynamic Environments API
Retrieve and update environment (project) configuration and settings, and programmatically provision isolated sandbox and live environments.
Retrieve and update environment (project) configuration and settings, and programmatically provision isolated sandbox and live environments.
openapi: 3.0.3
info:
title: Dynamic API
description: >-
Representative OpenAPI description of the Dynamic environment-scoped REST API
for web3 authentication and embedded wallets. Admin endpoints authenticate
with an environment-scoped bearer API token (dyn_ prefixed); SDK endpoints
authenticate with a user JWT obtained via the client SDK. This document is a
faithful, non-exhaustive representation of publicly documented surfaces at
https://docs.dynamic.xyz/api-reference. Consult the live API reference for the
complete schema catalog.
termsOfService: https://www.dynamic.xyz/terms
contact:
name: Dynamic Support
url: https://www.dynamic.xyz/contact
version: 'v0'
servers:
- url: https://app.dynamicauth.com/api/v0
description: Production
- url: https://app.dynamic.xyz/api/v0
description: Production (alternate host)
security:
- bearerAuth: []
tags:
- name: Users
description: List and manage end users authenticated into an environment.
- name: Wallets
description: View and manage wallets linked to users.
- name: Embedded Wallets
description: Provision MPC-TSS embedded wallets for users.
- name: Environments
description: Retrieve and update environment (project) configuration.
- name: API Tokens
description: Create and revoke environment-scoped API tokens.
- name: Webhooks
description: Manage webhook endpoints for event notifications.
- name: JWKS
description: Fetch the JSON Web Key Set used to verify Dynamic JWTs.
- name: Allowlists
description: Gate authentication with allowlists.
- name: Analytics
description: Retrieve aggregate environment analytics.
- name: Exports
description: Download data exports.
paths:
/environments/{environmentId}:
get:
operationId: getEnvironment
tags:
- Environments
summary: Get an environment by ID.
description: Returns the configuration and settings for the specified environment (project).
parameters:
- $ref: '#/components/parameters/EnvironmentId'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Environment'
'401':
$ref: '#/components/responses/Unauthorized'
patch:
operationId: updateEnvironment
tags:
- Environments
summary: Update an environment.
description: Updates settings for the specified environment.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/EnvironmentUpdate'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Environment'
'401':
$ref: '#/components/responses/Unauthorized'
/environments/{environmentId}/users:
get:
operationId: getUsers
tags:
- Users
summary: Get users for an environment.
description: Returns a paginated list of users authenticated into the specified environment.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/Offset'
- name: filterValue
in: query
required: false
description: Optional filter (for example an email or alias) to search users by.
schema:
type: string
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/UserList'
'401':
$ref: '#/components/responses/Unauthorized'
/environments/{environmentId}/users/{userId}:
get:
operationId: getUserById
tags:
- Users
summary: Get a user by ID.
description: Returns the specified user, including linked verified credentials.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
- $ref: '#/components/parameters/UserId'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/User'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
put:
operationId: updateUser
tags:
- Users
summary: Update a user.
description: Updates metadata and fields for the specified user.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
- $ref: '#/components/parameters/UserId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/UserUpdate'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/User'
'401':
$ref: '#/components/responses/Unauthorized'
delete:
operationId: deleteUser
tags:
- Users
summary: Delete a user.
description: Permanently deletes the specified user from the environment.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
- $ref: '#/components/parameters/UserId'
responses:
'204':
description: User deleted.
'401':
$ref: '#/components/responses/Unauthorized'
/environments/{environmentId}/users/{userId}/wallets:
get:
operationId: getWalletsByUserId
tags:
- Wallets
summary: Get wallets by user.
description: Returns the wallets linked to the specified user.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
- $ref: '#/components/parameters/UserId'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/WalletList'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createEmbeddedWallet
tags:
- Embedded Wallets
summary: Create an embedded wallet for a user.
description: >-
Creates a new MPC-TSS embedded wallet for the specified user. Fails if the
user already has an embedded wallet of the requested chain linked.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
- $ref: '#/components/parameters/UserId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CreateEmbeddedWalletRequest'
responses:
'201':
description: Wallet created.
content:
application/json:
schema:
$ref: '#/components/schemas/Wallet'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
/environments/{environmentId}/tokens:
get:
operationId: getApiTokens
tags:
- API Tokens
summary: Get API tokens for an environment.
description: Returns the API tokens issued for the specified environment.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/ApiTokenList'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createApiToken
tags:
- API Tokens
summary: Create a new API token.
description: Creates a new API token for the specified environment.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CreateApiTokenRequest'
responses:
'201':
description: Token created.
content:
application/json:
schema:
$ref: '#/components/schemas/ApiToken'
'401':
$ref: '#/components/responses/Unauthorized'
/environments/{environmentId}/tokens/{tokenId}:
delete:
operationId: deleteApiToken
tags:
- API Tokens
summary: Delete an API token.
description: Revokes and deletes the specified API token.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
- name: tokenId
in: path
required: true
schema:
type: string
format: uuid
responses:
'204':
description: Token deleted.
'401':
$ref: '#/components/responses/Unauthorized'
/environments/{environmentId}/webhooks:
get:
operationId: getWebhooks
tags:
- Webhooks
summary: Get webhooks for an environment.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/WebhookList'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createWebhook
tags:
- Webhooks
summary: Create a webhook.
description: Registers a new webhook endpoint subscribed to the given event scopes.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CreateWebhookRequest'
responses:
'201':
description: Webhook created.
content:
application/json:
schema:
$ref: '#/components/schemas/Webhook'
'401':
$ref: '#/components/responses/Unauthorized'
/environments/{environmentId}/webhooks/{webhookId}:
get:
operationId: getWebhookById
tags:
- Webhooks
summary: Get a webhook by ID.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
- $ref: '#/components/parameters/WebhookId'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Webhook'
'401':
$ref: '#/components/responses/Unauthorized'
put:
operationId: updateWebhook
tags:
- Webhooks
summary: Update a webhook.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
- $ref: '#/components/parameters/WebhookId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CreateWebhookRequest'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Webhook'
'401':
$ref: '#/components/responses/Unauthorized'
delete:
operationId: deleteWebhook
tags:
- Webhooks
summary: Delete a webhook.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
- $ref: '#/components/parameters/WebhookId'
responses:
'204':
description: Webhook deleted.
'401':
$ref: '#/components/responses/Unauthorized'
/environments/{environmentId}/allowlists:
get:
operationId: getAllowlists
tags:
- Allowlists
summary: Get allowlists for an environment.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/AllowlistList'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createAllowlist
tags:
- Allowlists
summary: Create an allowlist.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CreateAllowlistRequest'
responses:
'201':
description: Allowlist created.
content:
application/json:
schema:
$ref: '#/components/schemas/Allowlist'
'401':
$ref: '#/components/responses/Unauthorized'
/environments/{environmentId}/allowlists/{allowlistId}/entries:
post:
operationId: createAllowlistEntry
tags:
- Allowlists
summary: Add an entry to an allowlist.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
- name: allowlistId
in: path
required: true
schema:
type: string
format: uuid
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AllowlistEntry'
responses:
'201':
description: Entry created.
content:
application/json:
schema:
$ref: '#/components/schemas/AllowlistEntry'
'401':
$ref: '#/components/responses/Unauthorized'
/environments/{environmentId}/analytics/wallets:
get:
operationId: getAnalyticsWallets
tags:
- Analytics
summary: Get wallet analytics for an environment.
description: Returns aggregate wallet analytics for the environment over an optional date range.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
- name: startDate
in: query
required: false
schema:
type: string
format: date
- name: endDate
in: query
required: false
schema:
type: string
format: date
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/WalletAnalytics'
'401':
$ref: '#/components/responses/Unauthorized'
/environments/{environmentId}/exports/{exportId}:
get:
operationId: downloadExport
tags:
- Exports
summary: Download an export by ID.
description: Returns the file content for a previously requested data export.
parameters:
- $ref: '#/components/parameters/EnvironmentId'
- name: exportId
in: path
required: true
schema:
type: string
format: uuid
responses:
'200':
description: OK
content:
application/octet-stream:
schema:
type: string
format: binary
'401':
$ref: '#/components/responses/Unauthorized'
/sdk/{environmentId}/.well-known/jwks.json:
get:
operationId: getJwks
tags:
- JWKS
summary: Find JWKS for public key (JSON format).
description: >-
Returns the JSON Web Key Set (JWKS) for the environment, used to verify the
signature of Dynamic-issued JWT auth tokens server-side. This endpoint does
not require authentication.
security: []
parameters:
- $ref: '#/components/parameters/EnvironmentId'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Jwks'
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: dyn_token
description: >-
Environment-scoped API token with a dyn_ prefix for admin endpoints, or a
user JWT from the client SDK for SDK endpoints. Sent as
Authorization: Bearer <token>.
parameters:
EnvironmentId:
name: environmentId
in: path
required: true
description: The ID of the Dynamic environment (project).
schema:
type: string
format: uuid
UserId:
name: userId
in: path
required: true
description: The ID of the user.
schema:
type: string
format: uuid
WebhookId:
name: webhookId
in: path
required: true
description: The ID of the webhook.
schema:
type: string
format: uuid
Limit:
name: limit
in: query
required: false
description: Maximum number of items to return.
schema:
type: integer
default: 100
maximum: 1000
Offset:
name: offset
in: query
required: false
description: Number of items to skip for pagination.
schema:
type: integer
default: 0
responses:
Unauthorized:
description: The bearer token is missing or invalid.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
NotFound:
description: The requested resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
BadRequest:
description: The request was malformed or a precondition failed.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
schemas:
Error:
type: object
properties:
error:
type: object
properties:
code:
type: string
message:
type: string
required:
- message
required:
- error
Environment:
type: object
properties:
id:
type: string
format: uuid
name:
type: string
live:
type: boolean
description: Whether this is a live (true) or sandbox (false) environment.
projectSettings:
type: object
additionalProperties: true
EnvironmentUpdate:
type: object
properties:
name:
type: string
projectSettings:
type: object
additionalProperties: true
User:
type: object
properties:
id:
type: string
format: uuid
email:
type: string
format: email
nullable: true
alias:
type: string
nullable: true
firstVisit:
type: string
format: date-time
lastVisit:
type: string
format: date-time
verifiedCredentials:
type: array
items:
$ref: '#/components/schemas/VerifiedCredential'
required:
- id
UserUpdate:
type: object
properties:
email:
type: string
format: email
alias:
type: string
metadata:
type: object
additionalProperties: true
UserList:
type: object
properties:
users:
type: array
items:
$ref: '#/components/schemas/User'
count:
type: integer
VerifiedCredential:
type: object
properties:
id:
type: string
format: uuid
format:
type: string
enum:
- blockchain
- email
- oauth
address:
type: string
nullable: true
chain:
type: string
nullable: true
walletName:
type: string
nullable: true
Wallet:
type: object
properties:
id:
type: string
format: uuid
address:
type: string
chain:
type: string
description: The blockchain family, for example EVM, SOL, or BTC.
walletProvider:
type: string
description: How the wallet is provisioned, for example embeddedWallet or browserExtension.
name:
type: string
publicKey:
type: string
nullable: true
WalletList:
type: object
properties:
wallets:
type: array
items:
$ref: '#/components/schemas/Wallet'
CreateEmbeddedWalletRequest:
type: object
properties:
chains:
type: array
description: The chains to provision embedded wallets for.
items:
type: string
enum:
- EVM
- SOL
- BTC
required:
- chains
ApiToken:
type: object
properties:
id:
type: string
format: uuid
name:
type: string
token:
type: string
description: The dyn_ prefixed secret, returned only on creation.
nullable: true
createdAt:
type: string
format: date-time
expiresAt:
type: string
format: date-time
nullable: true
ApiTokenList:
type: object
properties:
tokens:
type: array
items:
$ref: '#/components/schemas/ApiToken'
CreateApiTokenRequest:
type: object
properties:
name:
type: string
expiresAt:
type: string
format: date-time
nullable: true
required:
- name
Webhook:
type: object
properties:
id:
type: string
format: uuid
url:
type: string
format: uri
isEnabled:
type: boolean
scopes:
type: array
items:
type: string
description: Event scope such as user.created, wallet.linked, or user.session.created.
secret:
type: string
description: Signing secret used to verify webhook payloads, returned only on creation.
nullable: true
WebhookList:
type: object
properties:
webhooks:
type: array
items:
$ref: '#/components/schemas/Webhook'
CreateWebhookRequest:
type: object
properties:
url:
type: string
format: uri
isEnabled:
type: boolean
default: true
scopes:
type: array
items:
type: string
required:
- url
- scopes
Allowlist:
type: object
properties:
id:
type: string
format: uuid
name:
type: string
type:
type: string
enum:
- email
- walletAddress
- country
entries:
type: array
items:
$ref: '#/components/schemas/AllowlistEntry'
AllowlistList:
type: object
properties:
allowlists:
type: array
items:
$ref: '#/components/schemas/Allowlist'
CreateAllowlistRequest:
type: object
properties:
name:
type: string
type:
type: string
enum:
- email
- walletAddress
- country
required:
- name
- type
AllowlistEntry:
type: object
properties:
id:
type: string
format: uuid
value:
type: string
description: The email, wallet address, or country code allowed.
required:
- value
WalletAnalytics:
type: object
properties:
totalWallets:
type: integer
embeddedWallets:
type: integer
externalWallets:
type: integer
byChain:
type: object
additionalProperties:
type: integer
Jwks:
type: object
properties:
keys:
type: array
items:
type: object
properties:
kty:
type: string
use:
type: string
kid:
type: string
alg:
type: string
n:
type: string
e:
type: string