> ## Documentation Index
> Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Enroll Verified Authenticator

> Enroll an authenticator on behalf of a user. This operation should only be used in cases where you have already verified a user's email address or phone number in your own system.



## OpenAPI

````yaml server-api POST /users/{userId}/authenticators
openapi: 3.0.0
info:
  description: Authsignal's Server API.
  version: 1.0.0
  title: Server API
  termsOfService: https://www.authsignal.com/legal/terms-of-service
  contact:
    email: hello@authsignal.com
servers:
  - url: https://api.authsignal.com/v1
  - url: https://au.api.authsignal.com/v1
  - url: https://eu.api.authsignal.com/v1
  - url: https://ca.api.authsignal.com/v1
security:
  - basicAuth: []
tags:
  - name: users
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: challenge
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: authenticator configurations
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: actions
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: query
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: email
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: sms
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: verify
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: challenges
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: sessions
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: devices
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
externalDocs:
  description: Find out more about Authsignal
  url: https://docs.authsignal.com
paths:
  /users/{userId}/authenticators:
    post:
      tags:
        - users
      summary: Enroll verified authenticator
      description: >-
        Enroll an authenticator on behalf of a user. This operation should only
        be used in cases where you have already verified a user's email address
        or phone number in your own system.
      operationId: enrollVerifiedAuthenticator
      parameters:
        - $ref: '#/components/parameters/userId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                verificationMethod:
                  type: string
                  enum:
                    - EMAIL_MAGIC_LINK
                    - EMAIL_OTP
                    - SMS
                    - AUTHENTICATOR_APP
                    - PASSKEY
                    - WHATSAPP
                  description: The verification method of the authenticator being enrolled.
                email:
                  type: string
                  description: >-
                    The user's email address. Required for EMAIL_MAGIC_LINK and
                    EMAIL_OTP.
                phoneNumber:
                  type: string
                  description: The user's phone number in E.164 format. Required for SMS.
                otpUri:
                  type: string
                  description: The formatted OTP URI. Required for AUTHENTICATOR_APP.
                oobChannel:
                  type: string
                  enum:
                    - EMAIL_MAGIC_LINK
                    - EMAIL_OTP
                    - SMS
                  description: Deprecated - use 'verificationMethod' instead.
                credentialId:
                  type: string
                  description: >-
                    The passkey credential ID from the WebAuthn credential.
                    Required for PASSKEY.
                credentialPublicKey:
                  type: string
                  description: >-
                    The passkey credential public key (base64url-encoded).
                    Required for PASSKEY.
                counter:
                  type: number
                  description: >-
                    The signature counter from the WebAuthn authenticator. Used
                    for PASSKEY to detect cloned credentials.
                name:
                  type: string
                  description: >-
                    A display name for the passkey authenticator (e.g. device or
                    browser name). Used for PASSKEY.
                username:
                  type: string
                  description: >-
                    The WebAuthn username associated with the passkey (e.g. the
                    user's email or handle shown in the browser's passkey
                    picker). Used for PASSKEY.
                transports:
                  type: array
                  items:
                    type: string
                  description: >-
                    Transport hints for the passkey (e.g. "internal", "hybrid").
                    Used for PASSKEY.
                aaguid:
                  type: string
                  description: >-
                    The AAGUID of the authenticator that created the passkey.
                    Used for PASSKEY.
                isDefault:
                  type: boolean
                  description: >-
                    Whether this authenticator should be set as the user's
                    default.
              required:
                - verificationMethod
            example:
              verificationMethod: SMS
              phoneNumber: '+12345678901'
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                properties:
                  authenticator:
                    $ref: '#/components/schemas/UserAuthenticator'
                  recoveryCodes:
                    type: array
                    items:
                      type: string
        '400':
          $ref: '#/components/responses/InvalidRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
components:
  parameters:
    userId:
      name: userId
      in: path
      description: The ID of the user.
      required: true
      schema:
        type: string
  schemas:
    UserAuthenticator:
      type: object
      properties:
        userAuthenticatorId:
          type: string
        verificationMethod:
          $ref: '#/components/schemas/VerificationMethod'
        email:
          type: string
        phoneNumber:
          type: string
        username:
          type: string
        displayName:
          type: string
        createdAt:
          type: string
          format: date-time
        verifiedAt:
          type: string
          format: date-time
        lastVerifiedAt:
          type: string
          format: date-time
        previousSmsChannel:
          type: string
          enum:
            - DEFAULT
            - WHATSAPP
          description: >-
            The channel that was last used by the user to complete an SMS
            challenge. Only defined if the verification method is SMS.
        webauthnCredential:
          type: object
          properties:
            credentialId:
              type: string
            deviceId:
              type: string
            name:
              type: string
              description: >-
                The name of the passkey. Defaults to `aaguidMapping.name` if
                available.
            aaguid:
              type: string
            aaguidMapping:
              type: object
              properties:
                name:
                  type: string
                  description: >-
                    The name of the credential manager where the passkey is
                    stored e.g. 'iCloud Keychain'.
                svgIconLight:
                  type: string
                  description: >-
                    A base64 encoded light variant SVG icon for the credential
                    manager.
                svgIconDark:
                  type: string
                  description: >-
                    A base64 encoded dark variant SVG icon for the credential
                    manager.
            credentialBackedUp:
              type: boolean
            credentialDeviceType:
              type: string
              enum:
                - singleDevice
                - multiDevice
            authenticatorAttachment:
              type: string
              enum:
                - cross-platform
                - platform
            parsedUserAgent:
              type: object
              properties:
                ua:
                  type: string
                browser:
                  type: object
                  properties:
                    name:
                      type: string
                    version:
                      type: string
                    major:
                      type: string
                device:
                  type: object
                  properties:
                    model:
                      type: string
                    type:
                      type: string
                    vendor:
                      type: string
                engine:
                  type: object
                  properties:
                    name:
                      type: string
                    version:
                      type: string
                os:
                  type: object
                  properties:
                    name:
                      type: string
                    version:
                      type: string
                cpu:
                  type: object
                  properties:
                    architecture:
                      type: string
        deviceName:
          type: string
          description: >-
            The name of the device (e.g. 'iPhone 16 Pro'). Only used for PUSH
            verification methods.
      required:
        - userAuthenticatorId
        - verificationMethod
        - createdAt
      example:
        userAuthenticatorId: 4efd2d0d-3278-4e03-8143-d9a0850bebc0
        verificationMethod: PASSKEY
        username: jane.smith@authsignal.com
        displayName: Jane Smith
        createdAt: '2024-05-13T04:59:02.640Z'
        lastVerifiedAt: '2024-07-13T02:43:37.640Z'
        verifiedAt: '2024-05-13T04:59:17.640Z'
        webauthnCredential:
          credentialId: 71273a99-4a7b-47d4-82ab-9ea72b8f0a72
          deviceId: d5a13d2d-8c34-4c90-938b-d8c6e3a88c5d
          name: iCloud Keychain
          aaguid: fbfc3007-154e-4ecc-8c0b-6e020557d7bd
          aaguidMapping:
            name: iCloud Keychain
            svgIconDark: data:image/svg+xml;base64...
            svgIconLight: data:image/svg+xml;base64...
          credentialBackedUp: true
          credentialDeviceType: multiDevice
          authenticatorAttachment: platform
    VerificationMethod:
      type: string
      enum:
        - SMS
        - AUTHENTICATOR_APP
        - EMAIL_MAGIC_LINK
        - EMAIL_OTP
        - PUSH
        - DEVICE
        - SECURITY_KEY
        - PASSKEY
        - VERIFF
        - IPROOV
        - PALM_BIOMETRICS_RR
        - IDVERSE
    Error:
      type: object
      properties:
        error:
          type: string
        errorDescription:
          type: string
      required:
        - error
  responses:
    InvalidRequest:
      description: Invalid Request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Unauthorized
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic
      description: >-
        Use your Authsignal Server API secret key as the username and leave the
        password empty. The secret key can be found in the API Keys section of
        the Authsignal Portal settings page.

````