Skip to main content
POST
/
user-authenticators
/
passkey
Verify Registration
curl --request POST \
  --url https://api.authsignal.com/v1/client/user-authenticators/passkey \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "challengeId": "<string>",
  "registrationCredential": {}
}
'
{
  "isVerified": true,
  "accessToken": "<string>",
  "userAuthenticatorId": "<string>"
}

Authorizations

Authorization
string
header
required

Use a short-lived token obtained from the Server API's Track Action endpoint. The token is valid for 10 minutes and should be passed in the Authorization header as 'Bearer {token}'.

Body

application/json
challengeId
string
required

TThe ID of the passkey challenge returned when generating registration options.

registrationCredential
object
required

The registration credential object, based on https://w3c.github.io/webauthn/#dictdef-registrationresponsejson.

Response

OK

isVerified
boolean
required

True if the passkey challenge was valid and the device was enrolled successfully.

accessToken
string

A new short-term token with scopes to manage authenticators (e.g. add secondary authenticators, remove authenticators, view or regenerate recovery codes). Only present if the challenge succeeded.

userAuthenticatorId
string

The ID of the user's new authenticator which is associated with the passkey credential.