Skip to main content




On iOS, passkeys are supported only on iOS 15 and above and synced via iCloud Keychain. Autofill requires iOS 16 and above.

To use passkeys you must first setup an associated domain with the webcredentials service type.

  1. Host an apple-app-site-association file on the domain that matches your relying party:

    GET https://<yourrelyingparty>/.well-known/apple-app-site-association
  2. The response JSON should look something like this:

    "applinks": {},
    "webcredentials": {
    "apps": [""]
    "appclips": {}

    where ABCDE12345 is your team id and is your bundle identifier.

  3. In XCode under "Signing & Capabilities" add a webcredentials entry for your domain / relying party e.g.



Add Authsignal to your Podfile:

pod 'Authsignal', '~> 0.2.0'

Swift Package Manager

Add authsignal-ios to the dependencies value of your Package.swift.

dependencies: [
.package(url: "", .upToNextMajor(from: "0.2.0"))


import Authsignal

let authsignal = Authsignal(clientID: "YOUR_TENANT_ID", baseURL: "YOUR_REGION_BASE_URL")

You can find your client or tenant ID in the Authsignal Portal.

You must specify the correct base URL for your tenant's region.

RegionBase URL
US (Oregon)
AU (Sydney)
EU (Dublin)


For more detail on passkeys refer to our getting started guide.

Registering a new passkey

let result = await authsignal.passkey.signUp(token: token, userName: userName)

Authenticating with an existing passkey

let result = await authsignal.passkey.signIn()

Using passkey autofill

let result = await authsignal.passkey.signIn(autofill: true)

Cancelling a pending autofill request



Adding a device credential

Adding a new credential must be authorized with a short-lived token. You can obtain this by calling the track endpoint on the Server API which will return a token in the response. This should be done at a point in your application when the user is strongly authenticated.

await authsignal.push.addCredential(token: token)

Removing a device credential

await authsignal.push.removeCredential()

Getting a challenge

let challengeId = await authsignal.push.getChallenge()

Updating a challenge

let approved: Bool = true // true if the user has approved the challenge

await authsignal.push.updateChallenge(challengeID: challengeId, approved: approved)