Skip to main content
POST
/
users
/
{userId}
/
authenticators
Enroll verified authenticator
curl --request POST \
  --url https://api.authsignal.com/v1/users/{userId}/authenticators \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "verificationMethod": "SMS",
  "phoneNumber": "+12345678901"
}
'
{
  "authenticator": {
    "userAuthenticatorId": "4efd2d0d-3278-4e03-8143-d9a0850bebc0",
    "verificationMethod": "PASSKEY",
    "username": "jane.smith@authsignal.com",
    "displayName": "Jane Smith",
    "createdAt": "2024-05-13T04:59:02.640Z",
    "lastVerifiedAt": "2024-07-13T02:43:37.640Z",
    "verifiedAt": "2024-05-13T04:59:17.640Z",
    "webauthnCredential": {
      "credentialId": "71273a99-4a7b-47d4-82ab-9ea72b8f0a72",
      "deviceId": "d5a13d2d-8c34-4c90-938b-d8c6e3a88c5d",
      "name": "iCloud Keychain",
      "aaguid": "fbfc3007-154e-4ecc-8c0b-6e020557d7bd",
      "aaguidMapping": {
        "name": "iCloud Keychain",
        "svgIconDark": "data:image/svg+xml;base64...",
        "svgIconLight": "data:image/svg+xml;base64..."
      },
      "credentialBackedUp": true,
      "credentialDeviceType": "multiDevice",
      "authenticatorAttachment": "platform"
    }
  },
  "recoveryCodes": [
    "<string>"
  ]
}

Authorizations

Authorization
string
header
required

Use your Authsignal Server API secret key as the username and leave the password empty. The secret key can be found in the API Keys section of the Authsignal Portal settings page.

Path Parameters

userId
string
required

The ID of the user.

Body

application/json
verificationMethod
enum<string>
required

The verification method of the authenticator being enrolled.

Available options:
EMAIL_MAGIC_LINK,
EMAIL_OTP,
SMS,
AUTHENTICATOR_APP,
PASSKEY,
WHATSAPP
email
string

The user's email address. Required for EMAIL_MAGIC_LINK and EMAIL_OTP.

phoneNumber
string

The user's phone number in E.164 format. Required for SMS.

otpUri
string

The formatted OTP URI. Required for AUTHENTICATOR_APP.

oobChannel
enum<string>

Deprecated - use 'verificationMethod' instead.

Available options:
EMAIL_MAGIC_LINK,
EMAIL_OTP,
SMS
credentialId
string

The passkey credential ID from the WebAuthn credential. Required for PASSKEY.

credentialPublicKey
string

The passkey credential public key (base64url-encoded). Required for PASSKEY.

counter
number

The signature counter from the WebAuthn authenticator. Used for PASSKEY to detect cloned credentials.

name
string

A display name for the passkey authenticator (e.g. device or browser name). Used for PASSKEY.

isDefault
boolean

Whether this authenticator should be set as the user's default.

Response

OK

authenticator
object
Example:
{
  "userAuthenticatorId": "4efd2d0d-3278-4e03-8143-d9a0850bebc0",
  "verificationMethod": "PASSKEY",
  "username": "jane.smith@authsignal.com",
  "displayName": "Jane Smith",
  "createdAt": "2024-05-13T04:59:02.640Z",
  "lastVerifiedAt": "2024-07-13T02:43:37.640Z",
  "verifiedAt": "2024-05-13T04:59:17.640Z",
  "webauthnCredential": {
    "credentialId": "71273a99-4a7b-47d4-82ab-9ea72b8f0a72",
    "deviceId": "d5a13d2d-8c34-4c90-938b-d8c6e3a88c5d",
    "name": "iCloud Keychain",
    "aaguid": "fbfc3007-154e-4ecc-8c0b-6e020557d7bd",
    "aaguidMapping": {
      "name": "iCloud Keychain",
      "svgIconDark": "data:image/svg+xml;base64...",
      "svgIconLight": "data:image/svg+xml;base64..."
    },
    "credentialBackedUp": true,
    "credentialDeviceType": "multiDevice",
    "authenticatorAttachment": "platform"
  }
}
recoveryCodes
string[]