Skip to main content
POST
/
verify
/
passkey
Verify Authentication
curl --request POST \
  --url https://api.authsignal.com/v1/client/verify/passkey \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "challengeId": "<string>",
  "authenticationCredential": {},
  "deviceId": "<string>"
}
'
{
  "isVerified": true,
  "accessToken": "<string>"
}

Documentation Index

Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Use a short-lived token obtained from the Server API's Track Action endpoint. The token is valid for 10 minutes and should be passed in the Authorization header as 'Bearer {token}'.

Body

application/json
challengeId
string
required

The ID of the passkey challenge returned when generating authentication options.

authenticationCredential
object
required

The authentication credential object, based on https://w3c.github.io/webauthn/#dictdef-authenticationresponsejson.

deviceId
string

The ID of the device.

Response

OK

isVerified
boolean
required

True if the passkey challenge was valid and the device was authenticated successfully.

accessToken
string

A token which can be used to validate the passkey challenge server-side.