Overview
Endpoint: https://api.authsignal.com/v1/client
The Authsignal Client API can be used to perform challenges using different authentication methods and verify users.
This API is designed to be used if you're not using Authsignal's pre-built UI and are building your own web or native app UI.
Region selection
Use the appropriate base URL for your region.
Region | Base URL |
---|---|
US (Oregon) | https://api.authsignal.com/v1 |
AU (Sydney) | https://au.api.authsignal.com/v1 |
EU (Dublin) | https://eu.api.authsignal.com/v1 |
Authentication
The Authsignal Client API uses bearer authentication with a short-lived token obtained from the Server API or via a Server SDK.
1. Track an action
You should first track an action that represents what the user is doing (e.g. "signIn") and get a token which is valid for 10 minutes.
- Node.js
- C#
- Java
- Go
- Ruby
- PHP
- Python
const result = await authsignal.track({
userId: user.id,
action: "signIn",
scope: "read:authenticators add:authenticators",
});
const token = result.token;
var request = new TrackRequest(UserId: user.Id, Action: "signIn", Scope: "read:authenticators add:authenticators");
var response = await authsignal.Track(request);
var token = response.Token;
TrackRequest request = new TrackRequest();
request.userId = userId;
request.action = "signIn";
request.scope = "read:authenticators add:authenticators";
CompletableFuture<String> token = authsignal.track(request).thenApply(response -> response.token);
response, err := authsignal.TrackAction(
client.TrackRequest{UserId: user.Id, Action: "signIn", Scope: "read:authenticators add:authenticators"},
)
token := response.Token;
result = Authsignal.track({
user_id: user_id,
action: "signIn",
scope: "read:authenticators add:authenticators",
})
token = result[:token]
$result = Authsignal::track(userId: $userId, action: "signIn", scope: "read:authenticators add:authenticators");
$token = $result["token"]
result = authsignal_client.track_action(
user_id=user_id,
action="signIn",
scope="read:authenticators add:authenticators"
)
token = result["token"]
When tracking an action to enroll an authenticator, the scope add:authenticators
must be explicitly specified if the user is already enrolled with at least one authentication method (e.g. passkey).
In such cases you should ensure users are strongly authenticated with one of their existing methods before they can enroll an additional authenticator.
2. Use bearer auth
This token can then be used to authenticate to the Client API using bearer auth.
curl https://api.authsignal.com/v1/client/user-authenticators \
-H "Accept: application/json" \
-H "Authorization: Bearer TOKEN_RETURNED_FROM_SERVER_API"
The authentication model is designed so you can call the Authsignal Client API directly from your web browser or mobile app (though you can also communicate via your backend where convenient).
In addition, it means that the series of calls you make to perform different challenge flows can be grouped together under one action, providing observability via the Authsignal Portal.