Configuration
Enabling the JWKS URL
To use Authsignal session APIs, you must first enable a JWKS URL in the Authsignal Portal under Settings -> API keys.

Creating app clients
Next, create an app client in the Authsignal Portal under Settings -> App clients.
aud
claim.

Creating sessions
In order to create an authenticated session, you must first obtain an Authsignal client token either by using a Client SDK or the pre-built UI.OTP auth (email, SMS, TOTP)
For an OTP authentication method such as Email OTP you can follow the integration steps below to create a session. 1. Backend - Track action In your app’s backend, use an Authsignal Server SDK to track an action and obtain an initial client token.setToken
with the client token obtained in step 1, then use the relevant SDK methods to progress the user through a challenge and obtain a new client token.
Passkeys
When using a device-bound authentication method like passkeys, only two steps are required to create a session. 1. Frontend - Use a Client SDK Use our web SDK to present a passkey sign-in prompt in the browser, or use one of our mobile SDKs to present the native passkey UI in an iOS or Android app.Validating sessions
Using the JWKS URL
Access tokens are signed using an RS256 algorithm. A JWKS endpoint for your tenant’s keys is available at the following location:- The
AUTHSIGNAL_URL
value is the URL for your tenant’s region. - The
AUTHSIGNAL_TENANT
value is your tenant ID.
Using the SDK
You can also use the Authsignal Server SDK to validate an access token.In addition to verifying the access token’s signature, the Authsignal SDK’s
validateSession
method will also check that the token has not been revoked.Refreshing sessions
A refresh token can be exchanged for a new access token and refresh token.Revoking sessions
An individual access token can be revoked so that thevalidateSession
method will no longer accept it.