Skip to main content
All Web SDK methods for security keys require you to initiate an action first.
Security keys are roaming hardware authenticators (such as YubiKeys) that authenticate using the WebAuthn standard. Unlike passkeys, they are not synced across devices.

Enroll

Start enrollment for a new security key by prompting the user to register their hardware authenticator.
const response = await authsignal.securityKey.enroll();

Parameters

hints
string[]
An array of WebAuthn credential hints which guide the browser’s UI, e.g. ["security-key"].

Response

response
AuthsignalResponse<EnrollResponse>

Verify

Re-authenticate an existing security key by prompting the user to present their hardware authenticator.
const response = await authsignal.securityKey.verify();

if (response.data?.token) {
  // Send the response token to your server to validate the result of the challenge
}

Response

response
AuthsignalResponse<VerifyResponse>

Security key error handling

When any of the underlying native browser WebAuthn APIs fail, the SDK will throw a WebAuthnError. Most of these errors are benign and can be safely ignored, for example when the user cancels the ceremony. If you wish to handle them, catch the error in a try/catch block. See Passkey error handling for the common error codes.