Verify WebAuthn registration

POST /api/verifications/web-authn/registration/verify

Verify the WebAuthn registration by the user's response.

application/json

Body Required

  • verificationRecordId string Required

    The ID of the verification record.

  • payload object Required

    The payload of the WebAuthn device.

    Hide payload attributes Show payload attributes object
    • type string("WebAuthn") Required
    • id string Required
    • rawId string Required
    • response object Required
      Hide response attributes Show response attributes object
      • clientDataJSON string Required
      • attestationObject string Required
      • authenticatorData string
      • transports array[string]

        Values are usb, nfc, ble, internal, cable, hybrid, or smart-card.

      • publicKeyAlgorithm number
      • publicKey string
    • authenticatorAttachment string

      Values are cross-platform or platform.

    • clientExtensionResults object Required
      Hide clientExtensionResults attributes Show clientExtensionResults attributes object
      • appid boolean
      • crepProps object
        Hide crepProps attribute Show crepProps attribute object
        • rk boolean
      • hmacCreateSecret boolean

Responses

  • 200 application/json

    The WebAuthn registration has been successfully verified.

    Hide response attribute Show response attribute object
    • verificationRecordId string Required
  • 400

    Bad Request

  • 401

    Unauthorized

  • 403

    Forbidden

  • 404

    Not Found

POST /api/verifications/web-authn/registration/verify
curl \
 --request POST 'https://[tenant_id].logto.app/api/verifications/web-authn/registration/verify' \
 --header "Authorization: Bearer $ACCESS_TOKEN" \
 --header "Content-Type: application/json" \
 --data '{"verificationRecordId":"string","payload":{"type":"string","id":"string","rawId":"string","response":{"clientDataJSON":"string","attestationObject":"string","authenticatorData":"string","transports":["usb"],"publicKeyAlgorithm":42.0,"publicKey":"string"},"authenticatorAttachment":"cross-platform","clientExtensionResults":{"appid":true,"crepProps":{"rk":true},"hmacCreateSecret":true}}}'
Request examples
{
  "verificationRecordId": "string",
  "payload": {
    "type": "string",
    "id": "string",
    "rawId": "string",
    "response": {
      "clientDataJSON": "string",
      "attestationObject": "string",
      "authenticatorData": "string",
      "transports": [
        "usb"
      ],
      "publicKeyAlgorithm": 42.0,
      "publicKey": "string"
    },
    "authenticatorAttachment": "cross-platform",
    "clientExtensionResults": {
      "appid": true,
      "crepProps": {
        "rk": true
      },
      "hmacCreateSecret": true
    }
  }
}
Response examples (200)
{
  "verificationRecordId": "string"
}