Skip to main content
POST
Verify Authentication

Authorizations

Authorization
string
header
required

Use a short-lived token obtained from the Server API's Track Action endpoint. The token is valid for 10 minutes and should be passed in the Authorization header as 'Bearer {token}'.

Body

application/json
challengeId
string
required

The ID of the passkey challenge returned when generating authentication options.

authenticationCredential
object
required

The authentication credential object, based on https://w3c.github.io/webauthn/#dictdef-authenticationresponsejson.

deviceId
string

The ID of the device.

Response

OK

isVerified
boolean
required

True if the passkey challenge was valid and the device was authenticated successfully.

accessToken
string

A token which can be used to validate the passkey challenge server-side.

userId
string

The ID of the Authsignal user associated with the passkey.

userAuthenticatorId
string

The ID of the user's authenticator which is associated with the passkey credential.

username
string

The username associated with the passkey.

userDisplayName
string

The display name associated with the passkey.