Create WebAuthn registration verification

POST /api/experience/verification/web-authn/registration

Create a new WebAuthn registration verification record. The verification record can be used to bind a new WebAuthn credential to the user's profile.

Responses

  • 200 application/json

    WebAuthn registration successfully created.

    Hide response attributes Show response attributes object
    • verificationId string Required

      The unique verification ID for the WebAuthn registration record. This ID is required to verify the WebAuthn registration challenge.

    • registrationOptions object Required

      The WebAuthn registration options that the user needs to create a new WebAuthn credential.

      Hide registrationOptions attributes Show registrationOptions attributes object
      • rp object Required
        Hide rp attributes Show rp attributes object
        • name string Required
        • id string
      • user object Required
        Hide user attributes Show user attributes object
        • id string Required
        • name string Required
        • displayName string Required
      • challenge string Required
      • pubKeyCredParams array[object] Required
        Hide pubKeyCredParams attributes Show pubKeyCredParams attributes object
        • type string("public-key") Required
        • alg number Required
      • timeout number
      • excludeCredentials array[object]
        Hide excludeCredentials attributes Show excludeCredentials attributes object
        • type string("public-key") Required
        • id string Required
        • transports array[string]

          Values are usb, nfc, ble, internal, cable, hybrid, or smart-card.

      • authenticatorSelection object
        Hide authenticatorSelection attributes Show authenticatorSelection attributes object
        • authenticatorAttachment string

          Values are platform or cross-platform.

        • requireResidentKey boolean
        • residentKey string

          Values are discouraged, preferred, or required.

        • userVerification string

          Values are required, preferred, or discouraged.

      • attestation string

        Values are none, indirect, direct, or enterprise.

      • extensions object
        Hide extensions attributes Show extensions attributes object
        • appid string
        • credProps boolean
        • hmacCreateSecret boolean
  • 400

    Bad Request

  • 404

    Entity not found.
    - session.identifier_not_found: The current interaction is not identified yet. All MFA verification records must be associated with a identified user.

POST /api/experience/verification/web-authn/registration
curl \
 --request POST 'https://[tenant_id].logto.app/api/experience/verification/web-authn/registration'
Response examples (200)
{
  "verificationId": "string",
  "registrationOptions": {
    "rp": {
      "name": "string",
      "id": "string"
    },
    "user": {
      "id": "string",
      "name": "string",
      "displayName": "string"
    },
    "challenge": "string",
    "pubKeyCredParams": [
      {
        "type": "string",
        "alg": 42.0
      }
    ],
    "timeout": 42.0,
    "excludeCredentials": [
      {
        "type": "string",
        "id": "string",
        "transports": [
          "usb"
        ]
      }
    ],
    "authenticatorSelection": {
      "authenticatorAttachment": "platform",
      "requireResidentKey": true,
      "residentKey": "discouraged",
      "userVerification": "required"
    },
    "attestation": "none",
    "extensions": {
      "appid": "string",
      "credProps": true,
      "hmacCreateSecret": true
    }
  }
}