> ## Documentation Index
> Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Generate Passkey Authentication Options

> Generate options to authenticate with an existing passkey.



## OpenAPI

````yaml client-api POST /user-authenticators/passkey/authentication-options
openapi: 3.0.0
info:
  description: Authsignal's Client API.
  version: 1.0.0
  title: Client API
  termsOfService: https://www.authsignal.com/legal/terms-of-service
  contact:
    email: hello@authsignal.com
servers:
  - url: https://api.authsignal.com/v1/client
  - url: https://au.api.authsignal.com/v1/client
  - url: https://eu.api.authsignal.com/v1/client
  - url: https://ca.api.authsignal.com/v1/client
security:
  - bearerAuth: []
tags:
  - name: User authenticators
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: SMS
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: WhatsApp
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: Email Magic Link
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: Email OTP
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: Authenticator App
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: Passkeys
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
externalDocs:
  description: Find out more about Authsignal
  url: https://docs.authsignal.com
paths:
  /user-authenticators/passkey/authentication-options:
    post:
      tags:
        - Passkeys
      summary: Generate Authentication Options
      description: Generate options to authenticate with an existing passkey.
      operationId: generateAuthenticationOptions
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                challengeId:
                  type: string
                  description: >-
                    The ID of the challenge returned by Initiate Challenge. Only
                    required if you want to customize the action code associated
                    with the passkey sign-in.
                username:
                  type: string
                  description: >-
                    If passed, will restrict the allowed credentials for the
                    passkey sign-in to those associated with the given username.
                    Recommended for when using passkeys for MFA or step-up
                    authentication.
                securePaymentConfirmation:
                  type: boolean
                  description: >-
                    Request a Secure Payment Confirmation (SPC) ceremony for a
                    3-D Secure payment. When true, the response offers only
                    payment-capable credentials and includes the `payment`
                    transaction set server-side via `track` custom data.
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                properties:
                  challengeId:
                    type: string
                    description: >-
                      The ID of the passkey challenge. Should be passed back to
                      the complete the challenge.
                  options:
                    type: object
                    description: >-
                      The options for public key credential authentication,
                      including rpId and challenge.
                  payment:
                    type: object
                    description: >-
                      For a Secure Payment Confirmation request, the transaction
                      set server-side on the action (via `track` custom data)
                      that the cardholder is asked to confirm. The client
                      renders these values; it does not supply them.
                    properties:
                      amount:
                        type: string
                        description: >-
                          The transaction amount as a decimal string, e.g.
                          "42.00".
                      currency:
                        type: string
                        description: The ISO-4217 currency code, e.g. "USD".
                      payeeName:
                        type: string
                        description: The display name of the payee / merchant.
                      payeeOrigin:
                        type: string
                        description: >-
                          The origin of the payee, e.g.
                          "https://merchant.example".
                  paymentInstruments:
                    type: array
                    description: >-
                      For a Secure Payment Confirmation request, the persisted
                      instrument label for each payment-capable credential, used
                      as the SPC instrument in the payment dialog.
                    items:
                      type: object
                      properties:
                        credentialId:
                          type: string
                          description: The ID of the payment-capable passkey credential.
                        displayName:
                          type: string
                          description: The instrument label, e.g. "Visa ••1234".
                required:
                  - challengeId
                  - options
        '400':
          $ref: '#/components/responses/InvalidRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
components:
  responses:
    InvalidRequest:
      description: Invalid Request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Unauthorized
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorWithCode'
    NotFound:
      description: Not Found
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  schemas:
    Error:
      type: object
      properties:
        error:
          type: string
        errorDescription:
          type: string
      required:
        - error
    ErrorWithCode:
      type: object
      properties:
        error:
          type: string
        errorDescription:
          type: string
        errorCode:
          type: string
      required:
        - error
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        Use a short-lived token obtained from the Server API's Track Action
        endpoint. The token is valid for 10 minutes and should be passed in the
        Authorization header as 'Bearer {token}'.

````