Create WebAuthn registration verification

POST /api/experience/verification/web-authn/registration

Create a new WebAuthn registration verification record. The verification record can be used to bind a new WebAuthn credential to the user's profile.

Responses

200 application/json

WebAuthn registration successfully created.
Hide response attributes Show response attributes object
- verificationId string Required
  
  The unique verification ID for the WebAuthn registration record. This ID is required to verify the WebAuthn registration challenge.
- registrationOptions object Required
  
  The WebAuthn registration options that the user needs to create a new WebAuthn credential.
  
  Additional properties are allowed.
  
  Hide registrationOptions attributes Show registrationOptions attributes object
  
  rp object Required
  
  Additional properties are allowed.
  
  Hide rp attributes Show rp attributes object
  
  name string Required
  
  id string
  
  user object Required
  
  Additional properties are allowed.
  
  Hide user attributes Show user attributes object
  
  id string Required
  
  name string Required
  
  displayName string Required
  
  challenge string Required
  
  pubKeyCredParams array[object] Required
  
  Hide pubKeyCredParams attributes Show pubKeyCredParams attributes object
  
  type string("public-key") Required
  
  alg number Required
  
  timeout number
  
  excludeCredentials array[object]
  
  Hide excludeCredentials attributes Show excludeCredentials attributes object
  
  type string("public-key") Required
  
  id string Required
  
  transports array[string]
  
  Values are usb, nfc, ble, internal, cable, hybrid, or smart-card.
  
  authenticatorSelection object
  
  Additional properties are allowed.
  
  Hide authenticatorSelection attributes Show authenticatorSelection attributes object
  
  authenticatorAttachment string
  
  Values are platform or cross-platform.
  
  requireResidentKey boolean
  
  residentKey string
  
  Values are discouraged, preferred, or required.
  
  userVerification string
  
  Values are required, preferred, or discouraged.
  
  attestation string
  
  Values are none, indirect, direct, or enterprise.
  
  extensions object
  
  Additional properties are allowed.
  
  Hide extensions attributes Show extensions attributes object
  
  appid string
  
  credProps boolean
  
  hmacCreateSecret boolean
400

Bad Request
404

Entity not found.
- session.identifier_not_found: The current interaction is not identified yet. All MFA verification records must be associated with a identified user.

POST /api/experience/verification/web-authn/registration

curl \
 -X POST https://[tenant_id].logto.app/api/experience/verification/web-authn/registration

Response examples (200)

{
  "verificationId": "string",
  "registrationOptions": {
    "rp": {
      "name": "string",
      "id": "string"
    },
    "user": {
      "id": "string",
      "name": "string",
      "displayName": "string"
    },
    "challenge": "string",
    "pubKeyCredParams": [
      {
        "type": "string",
        "alg": 42.0
      }
    ],
    "timeout": 42.0,
    "excludeCredentials": [
      {
        "type": "string",
        "id": "string",
        "transports": [
          "usb"
        ]
      }
    ],
    "authenticatorSelection": {
      "authenticatorAttachment": "platform",
      "requireResidentKey": true,
      "residentKey": "discouraged",
      "userVerification": "required"
    },
    "attestation": "none",
    "extensions": {
      "appid": "string",
      "credProps": true,
      "hmacCreateSecret": true
    }
  }
}