Skip to main content
POST
Authenticate a passkey

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

environmentId
string
required

ID of the environment

Required string length: 36
Pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$
Example:

"95b11417-f18f-457f-8804-68e361f9164f"

Body

application/json

passkey authentication data

id
string
required
Pattern: ^(?=\S)[\p{L}\p{N}a-zA-Z _.,:!?&%@\/+\-'|]+(?<=\S)$
Example:

"An example name"

rawId
string
required
Pattern: ^(?=\S)[\p{L}\p{N}a-zA-Z _.,:!?&%@\/+\-'|]+(?<=\S)$
Example:

"An example name"

response
object
required
clientExtensionResults
object
required
type
enum<string>
required
Available options:
public-key
authenticatorAttachment
enum<string>
Available options:
cross-platform,
platform
createMfaToken
object

Response

successful operation

user
object
required
expiresAt
number
required

Format is a unix-based timestamp. When set, this will be the expiration timestamp on the JWT sent using either the jwt field or a response httpOnly cookie set by the server.

Example:

"1715620310"

mfaToken
string
jwt
string

Encoded JWT token. This will only be returned when cookie-based authentication is disabled in favor of standard Auth header based authentication.

Example:

"jwt_value"

minifiedJwt
string

Encoded JWT token. This will only be returned when cookie-based authentication is disabled in favor of standard Auth header based authentication.

Example:

"jwt_value"

Last modified on January 28, 2026