Generate WebAuthn registration options

POST /api/verifications/web-authn/registration

Generate WebAuthn registration options for the user to register a new WebAuthn device.

Responses

200 application/json

Successfully generated the WebAuthn registration options.
Hide response attributes Show response attributes object
- verificationRecordId string Required
- registrationOptions object Required
  
  Hide registrationOptions attributes Show registrationOptions attributes object
  
  rp object Required
  
  Hide rp attributes Show rp attributes object
  
  name string Required
  
  id string
  
  user object Required
  
  Hide user attributes Show user attributes object
  
  id string Required
  
  name string Required
  
  displayName string Required
  
  challenge string Required
  
  pubKeyCredParams array[object] Required
  
  Hide pubKeyCredParams attributes Show pubKeyCredParams attributes object
  
  type string("public-key") Required
  
  alg number Required
  
  timeout number
  
  excludeCredentials array[object]
  
  Hide excludeCredentials attributes Show excludeCredentials attributes object
  
  type string("public-key") Required
  
  id string Required
  
  transports array[string]
  
  Values are usb, nfc, ble, internal, cable, hybrid, or smart-card.
  
  authenticatorSelection object
  
  Hide authenticatorSelection attributes Show authenticatorSelection attributes object
  
  authenticatorAttachment string
  
  Values are platform or cross-platform.
  
  requireResidentKey boolean
  
  residentKey string
  
  Values are discouraged, preferred, or required.
  
  userVerification string
  
  Values are required, preferred, or discouraged.
  
  attestation string
  
  Values are none, indirect, direct, or enterprise.
  
  extensions object
  
  Hide extensions attributes Show extensions attributes object
  
  appid string
  
  credProps boolean
  
  hmacCreateSecret boolean
- expiresAt string Required
401

Unauthorized
403

Forbidden

POST /api/verifications/web-authn/registration

curl \
 --request POST 'https://[tenant_id].logto.app/api/verifications/web-authn/registration' \
 --header "Authorization: Bearer $ACCESS_TOKEN"

Response examples (200)

{
  "verificationRecordId": "string",
  "registrationOptions": {
    "rp": {
      "name": "string",
      "id": "string"
    },
    "user": {
      "id": "string",
      "name": "string",
      "displayName": "string"
    },
    "challenge": "string",
    "pubKeyCredParams": [
      {
        "type": "string",
        "alg": 42.0
      }
    ],
    "timeout": 42.0,
    "excludeCredentials": [
      {
        "type": "string",
        "id": "string",
        "transports": [
          "usb"
        ]
      }
    ],
    "authenticatorSelection": {
      "authenticatorAttachment": "platform",
      "requireResidentKey": true,
      "residentKey": "discouraged",
      "userVerification": "required"
    },
    "attestation": "none",
    "extensions": {
      "appid": "string",
      "credProps": true,
      "hmacCreateSecret": true
    }
  },
  "expiresAt": "string"
}