Create passkey sign-in WebAuthn authentication with identifier

POST /api/experience/verification/sign-in-web-authn/authentication

Create WebAuthn authentication options for passkey sign-in with an identifier. The identifier is used to look up the user's WebAuthn credentials and generate non-discoverable authentication options.

application/json

Body Required

  • identifier object Required

    The identifier used to look up the user.

    Hide identifier attributes Show identifier attributes object
    • type string Required

      Values are username, email, or phone.

    • value string Required

Responses

  • 200 application/json

    Passkey sign-in WebAuthn authentication options have been successfully created.

    Hide response attributes Show response attributes object
    • verificationId string Required

      The unique verification ID of the passkey sign-in WebAuthn authentication record.

    • authenticationOptions object Required

      The WebAuthn authentication options for initiating passkey sign-in.

      Hide authenticationOptions attributes Show authenticationOptions attributes object
      • challenge string Required
      • timeout number
      • rpId string
      • allowCredentials array[object]
        Hide allowCredentials attributes Show allowCredentials attributes object
        • type string("public-key") Required
        • id string Required
        • transports array[string]

          Values are usb, nfc, ble, internal, cable, hybrid, or smart-card.

      • userVerification string

        Values are required, preferred, or discouraged.

      • extensions object
        Hide extensions attributes Show extensions attributes object
        • appid string
        • credProps boolean
        • hmacCreateSecret boolean
  • 400

    Invalid request.

  • 404

    User not found.

POST /api/experience/verification/sign-in-web-authn/authentication 
curl \
 --request POST 'https://[tenant_id].logto.app/api/experience/verification/sign-in-web-authn/authentication' \
 --header "Content-Type: application/json" \
 --data '{"identifier":{"type":"username","value":"string"}}'
Request examples 
{
  "identifier": {
    "type": "username",
    "value": "string"
  }
}
Response examples (200) 
{
  "verificationId": "string",
  "authenticationOptions": {
    "challenge": "string",
    "timeout": 42.0,
    "rpId": "string",
    "allowCredentials": [
      {
        "type": "string",
        "id": "string",
        "transports": [
          "usb"
        ]
      }
    ],
    "userVerification": "required",
    "extensions": {
      "appid": "string",
      "credProps": true,
      "hmacCreateSecret": true
    }
  }
}