Overview
We highly recommend using our Web SDK or Mobile SDKs as the quickest and simplest way to start implementing passkeys in your app.
However, if you prefer to avoid using SDKs and integrate only using REST APIs, then the documentation below outlines the Client API’s passkey endpoints and their authentication model.
Creating a passkey
The following endpoints should be called in sequence when creating a passkey.
These endpoints must be authenticated using bearer auth with a token.
Using a passkey
For MFA
When using passkeys as a secondary factor, i.e. in a context where the user has already been authenticated with a primary factor, you should use the following endpoints in sequence.
These endpoints should be authenticated using bearer auth with a token.
For sign-in
When using passkeys as the primary factor for sign-in, you should use the following endpoints.
These endpoints should be authenticated using basic auth with your tenant ID as the username and an empty password value.
:
after your tenant ID to set an empty password value.This authentication model allows the passkey endpoints to be called when signing in from an unauthenticated context. Typically in this flow you would present the passkey prompt based on whatever credentials are available on the device, then use the result of the Verify Passkey Authentication call to lookup the user account corresponding to the passkey credential which was used.
For more information on how to optimize your sign-in UX with passkeys, refer to our guides on implementing best practice UX for web and mobile.
Was this page helpful?