FIDO2 API (2.0)
RESTful API for handling WebAuthn logic with support for FIDO2 flows with passkeys.
Delete a user profile and all associated passkey
Authorizations:
apiKey_header_Authorization
path Parameters
| id required | string Example: 2a363a42-a397-4af0-b089-0935fc223017 Internal user identifier |
Responses
Response samples
- 404
- 500
Content type
application/json
{- "msg": "A serious error",
- "msgCode": "serious_error"
}Delete email from the profile
Authorizations:
apiKey_header_Authorization
path Parameters
| id required | string Example: 2a363a42-a397-4af0-b089-0935fc223017 Internal user identifier |
Request Body schema: application/jsonrequired
| email required | string Email address |
Responses
Request samples
- Payload
Content type
application/json
{- "email": "test@loginid.io"
}Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "A serious error",
- "msgCode": "serious_error"
}Update profile email address
Authorizations:
apiKey_header_Authorization
path Parameters
| id required | string Example: 2a363a42-a397-4af0-b089-0935fc223017 Internal user identifier |
Request Body schema: application/jsonrequired
| email required | string Email address |
| requestVerification | boolean Default: true Whether to update the email address immediately or send an authorization code to verify. |
Responses
Request samples
- Payload
Content type
application/json
{- "email": "luke.skywalker@tatuin.com",
- "requestVerification": true
}Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "A serious error",
- "msgCode": "serious_error"
}Update the profile phone number
Authorizations:
apiKey_header_Authorization
path Parameters
| id required | string Example: 2a363a42-a397-4af0-b089-0935fc223017 Internal user identifier |
Request Body schema: application/jsonrequired
| messagingConsent | boolean Default: false Whether the user consents to receiving SMS messages on this number. The phone will not be used for sending messages if no consent is provided. |
| phoneNumber required | string Phone number |
| requestVerification | boolean Default: true Whether to update the phone number immediately or send an authorization code to verify. This method will fail if verification is requested but no consent is provided. |
Responses
Request samples
- Payload
Content type
application/json
{- "messagingConsent": true,
- "phoneNumber": "+14161234567",
- "requestVerification": true
}Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "A serious error",
- "msgCode": "serious_error"
}Verify phone number with received authorization code
Request Body schema: application/jsonrequired
| authCode required | string Verification code |
| username required | string Username associated with the code |
Responses
Request samples
- Payload
Content type
application/json
{- "authCode": "123456",
- "username": "user@example.com"
}Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "A serious error",
- "msgCode": "serious_error"
}Verify phone number with received authorization code
Request Body schema: application/jsonrequired
| authCode required | string Verification code |
| username required | string Username associated with the code |
Responses
Request samples
- Payload
Content type
application/json
{- "authCode": "123456",
- "username": "user@example.com"
}Response samples
- 400
- 404
- 500
Content type
application/json
{- "msg": "A serious error",
- "msgCode": "serious_error"
}Complete WebAuthn authentication
Request Body schema: application/jsonrequired
required | object (AuthenticatorAssertionResponse) |
| session required | string >= 16 characters An opaque object containing session data. |
Responses
Request samples
- Payload
Content type
application/json
{- "assertionResult": {
- "authenticatorData": "ix523n3XniH01jM4CIuOn1z0Jw6QbRATXYOsCUyQN...",
- "clientDataJSON": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "credentialId": "2aChi2dALRLdVP5i/zKr7yvMrP8FIy7MK4lbyUsjO...",
- "signature": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "userHandle": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo..."
}, - "session": "w5zY9tpNgePsqkTsQlNPVCR2rwUlCdhCLhVwXsN2r..."
}Response samples
- 200
- 400
- 404
- 500
Content type
application/json
{- "deviceId": "8222fe14-4973-469f-843d-73b0f9e0a3a9",
- "jwtAccess": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "passkeyId": "482b7723-eb3e-4814-809f-05af16284fcc",
- "userId": "2a363a42-a397-4af0-b089-0935fc223017"
}Start WebAuthn authentication flow
header Parameters
| User-Agent | string Example: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 Raw user-agent header as set by a browser |
Request Body schema: application/jsonrequired
required | object (Application) Application making the request. It contains additional info about the caller to distinguish between tenants. |
required | object (DeviceInfo) Information about the device. All of these attributes are optional and should be provided on best effort basis. If provide, they will be taken into consideration in order to improve user experience. |
object (UserLogin) |
Responses
Request samples
- Payload
Content type
application/json
{- "app": {
- "id": "2a363a42-a397-4af0-b089-0935fc223017"
}, - "deviceInfo": {
- "clientName": "Chrome",
- "clientType": "browser",
- "clientVersion": "120.0.0.0",
- "deviceId": "2a363a42-a397-4af0-b089-0935fc223017",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "osArch": "aarch64",
- "osName": "iOS",
- "osVersion": "14.2.1",
- "screenHeight": 1080,
- "screenWidth": 1920
}, - "user": {
- "username": "admin@example.com",
- "usernameType": "email"
}
}Response samples
- 200
- 400
- 404
- 500
Content type
application/json
{- "action": "proceed",
- "assertionOptions": {
- "allowCredentials": [
- {
- "id": "oAjxAhjnoQXLmRRAczwPg2E/S2zVS+DKlO6WNvgH9ys=",
- "transports": [
- "usb",
- "internal"
], - "type": "public-key"
}, - {
- "id": "dqJvLVzdodYfQfKPB8zgF+rtoxNx5WUgH7kFHp8SegY=",
- "type": "public-key"
}
], - "challenge": "gUEHYYYEpkj+eNo9DOPb/17K36VT0rTUAPyM03JeoeM=",
- "timeout": 5000,
- "userVerification": "preferred"
}, - "crossAuthMethods": [
- "otp",
- "otp:sms",
- "otp:email"
], - "fallbackMethods": [
- "ciam"
], - "passkeyType": "device",
- "session": "w5zY9tpNgePsqkTsQlNPVCR2rwUlCdhCLhVwXsN2r..."
}Request OTP code by an authenticated user
An authenticated user can request an authentication code directly using this method. The code can be used for authentication from another device.
Authorizations:
jwt_header_Authorization
Responses
Response samples
- 200
- 401
- 403
- 404
- 500
Content type
application/json
{- "code": "123456",
- "expiresAt": "2021-01-01T00:00:00Z"
}Request OTP code to be sent via email.
Send authentication code to the provided email. The SMS will only be sent if the email address is known to the application, however, this method will return success regardless.
Request Body schema: application/jsonrequired
required | object (UserLogin) | ||||
| |||||
Responses
Request samples
- Payload
Content type
application/json
{- "user": {
- "username": "admin@example.com",
- "usernameType": "email"
}
}Response samples
- 400
- 404
- 500
Content type
application/json
{- "msg": "A serious error",
- "msgCode": "serious_error"
}Request OTP code to be sent via SMS.
Send authentication code to the provided phone number. The SMS will only be sent if the phone is registered with the application, however, it will return success regardless.
Request Body schema: application/jsonrequired
required | object (UserLogin) | ||||
| |||||
Responses
Request samples
- Payload
Content type
application/json
{- "user": {
- "username": "admin@example.com",
- "usernameType": "email"
}
}Response samples
- 400
- 404
- 500
Content type
application/json
{- "msg": "A serious error",
- "msgCode": "serious_error"
}Verify authentication code and return JWT access token with appropriate scopes
Request Body schema: application/jsonrequired
| authCode required | string Authentication code |
required | object (UserLogin) |
Responses
Request samples
- Payload
Content type
application/json
{- "authCode": "123456",
- "user": {
- "username": "admin@example.com",
- "usernameType": "email"
}
}Response samples
- 200
- 400
- 404
- 500
Content type
application/json
{- "deviceId": "8222fe14-4973-469f-843d-73b0f9e0a3a9",
- "jwtAccess": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "passkeyId": "482b7723-eb3e-4814-809f-05af16284fcc",
- "userId": "2a363a42-a397-4af0-b089-0935fc223017"
}Complete WebAuthn registration flow
Request Body schema: application/jsonrequired
required | object (CreationResult) |
| session required | string >= 16 characters An opaque object containing session data. |
Responses
Request samples
- Payload
Content type
application/json
{- "creationResult": {
- "attestationObject": "5lvuZBkX1w7/0+XKcldttzA7vTwilEq3qnnXSq/a0...",
- "authenticatorData": "ix523n3XniH01jM4CIuOn1z0Jw6QbRATXYOsCUyQN...",
- "clientDataJSON": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "credentialId": "2aChi2dALRLdVP5i/zKr7yvMrP8FIy7MK4lbyUsjO...",
- "publicKey": "wDUH6JkyU7SMswFPjyqEvhMB5GlhtqzS1VtfM/91Y...",
- "publicKeyAlgorithm": -8,
- "transports": [
- "nfc",
- "nfc",
- "hybrid",
- "internal"
]
}, - "session": "w5zY9tpNgePsqkTsQlNPVCR2rwUlCdhCLhVwXsN2r..."
}Response samples
- 200
- 400
- 403
- 500
Content type
application/json
{- "deviceId": "8222fe14-4973-469f-843d-73b0f9e0a3a9",
- "jwtAccess": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "passkeyId": "482b7723-eb3e-4814-809f-05af16284fcc",
- "userId": "2a363a42-a397-4af0-b089-0935fc223017"
}Start WebAuthn registration flow
Authorizations:
jwt_header_Authorization
header Parameters
| User-Agent | string Example: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 Raw user-agent header as set by a browser |
Request Body schema: application/jsonrequired
required | object (Application) Application making the request. It contains additional info about the caller to distinguish between tenants. |
required | object (DeviceInfo) Information about the device. All of these attributes are optional and should be provided on best effort basis. If provide, they will be taken into consideration in order to improve user experience. |
object (PasskeyOptions) | |
object (User) |
Responses
Request samples
- Payload
Content type
application/json
{- "app": {
- "id": "2a363a42-a397-4af0-b089-0935fc223017"
}, - "deviceInfo": {
- "clientName": "Chrome",
- "clientType": "browser",
- "clientVersion": "120.0.0.0",
- "deviceId": "2a363a42-a397-4af0-b089-0935fc223017",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "osArch": "aarch64",
- "osName": "iOS",
- "osVersion": "14.2.1",
- "screenHeight": 1080,
- "screenWidth": 1920
}, - "passkeyOptions": {
- "conditionalCreate": false
}, - "user": {
- "displayName": "System Administrator",
- "username": "admin@example.com",
- "usernameType": "email"
}
}Response samples
- 200
- 400
- 401
- 403
- 500
Content type
application/json
{- "action": "proceed",
- "registrationRequestOptions": {
- "attestation": "none",
- "authenticatorSelection": {
- "authenticatorAttachment": "platform",
- "requireResidentKey": true,
- "residentKey": "required",
- "userVerification": "preferred"
}, - "challenge": "gUEHYYYEpkj+eNo9DOPb/17K36VT0rTUAPyM03JeoeM=",
- "excludeCredentials": [
- {
- "id": "oAjxAhjnoQXLmRRAczwPg2E/S2zVS+DKlO6WNvgH9ys=",
- "transports": [
- "usb",
- "internal"
], - "type": "public-key"
}, - {
- "id": "dqJvLVzdodYfQfKPB8zgF+rtoxNx5WUgH7kFHp8SegY=",
- "type": "public-key"
}
], - "pubKeyCredParams": [
- {
- "alg": -7,
- "type": "public-key"
}, - {
- "alg": -257,
- "type": "public-key"
}
], - "rp": {
- "id": "api.loginid.io",
- "name": "Login ID Inc."
}, - "timeout": 10000,
- "user": {
- "displayName": "System Administrator",
- "id": "5e084987-3b3d-4cd7-8b19-385f8f5e253b",
- "name": "admin"
}
}, - "session": "w5zY9tpNgePsqkTsQlNPVCR2rwUlCdhCLhVwXsN2r..."
}Complete transaction confirmation
Request Body schema: application/jsonrequired
| authenticatorData required | string This attribute contains the authenticator data returned by the authenticator. |
| clientData required | string Base64 encoded byte array which is a JSON-compatible serialization of client data passed to the authenticator by the client in order to generate this assertion. The exact JSON serialization MUST be preserved, as the hash of the serialized client data has been computed over it. |
| keyHandle required | string Identified of the passkey credential. |
| session required | string >= 16 characters An opaque object containing session data. |
| signature required | string Base64 encoded the raw signature returned from the authenticator. |
Responses
Request samples
- Payload
Content type
application/json
{- "authenticatorData": "ix523n3XniH01jM4CIuOn1z0Jw6QbRATXYOsCUyQN...",
- "clientData": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "keyHandle": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "session": "w5zY9tpNgePsqkTsQlNPVCR2rwUlCdhCLhVwXsN2r...",
- "signature": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo..."
}Response samples
- 200
- 400
- 403
- 500
Content type
application/json
{- "authCred": {
- "aaguid": "fbfc3007-154e-4ecc-8c0b-6e020557d7bd",
- "createdAt": "2023-06-15 13:29:41 EDT",
- "credentialSynced": true,
- "id": "861ee00b-b40d-493a-a10b-457a0d527b48",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "lastUsedFromDevice": {
- "clientName": "Chrome",
- "clientType": "browser",
- "clientVersion": "120.0.0.0",
- "deviceId": "ab715482-4089-4818-9f79-80523d8eb3c6",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "osArch": "arm64",
- "osName": "iOS",
- "osVersion": "18.1.1"
}, - "name": "My Phone",
- "providerName": "iCloud Keychain"
}, - "credentialId": "2a363a42-a397-4af0-b089-0935fc223017",
- "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}Start transaction confirmation flow
Request Body schema: application/jsonrequired
| nonce required | string Random string |
| txPayload required | string Payload of transaction |
| txType required | string Type of transaction |
| username required | string Username of user |
Responses
Request samples
- Payload
Content type
application/json
{- "nonce": "w5zY9tpNgePsqkTsQlNPVCR2rwUlCdhCLhVwXsN2r...",
- "txPayload": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "txType": "raw",
- "username": "testUser"
}Response samples
- 200
- 400
- 404
- 500
Content type
application/json
{- "assertionOptions": {
- "allowCredentials": [
- {
- "id": "oAjxAhjnoQXLmRRAczwPg2E/S2zVS+DKlO6WNvgH9ys=",
- "transports": [
- "usb",
- "internal"
], - "type": "public-key"
}, - {
- "id": "dqJvLVzdodYfQfKPB8zgF+rtoxNx5WUgH7kFHp8SegY=",
- "type": "public-key"
}
], - "challenge": "gUEHYYYEpkj+eNo9DOPb/17K36VT0rTUAPyM03JeoeM=",
- "timeout": 5000,
- "userVerification": "preferred"
}, - "session": "w5zY9tpNgePsqkTsQlNPVCR2rwUlCdhCLhVwXsN2r...",
- "txId": "2a363a42-a397-4af0-b089-0935fc223017"
}Response samples
- 200
- 401
- 403
- 404
- 500
Content type
application/json
[- {
- "createdAt": "2023-06-15 13:29:41 EDT",
- "credentialSynced": false,
- "id": "eb385800-d35e-4108-9b49-48010731cd37",
- "lastUsedAt": "2023-06-15 13:29:41 EDT",
- "lastUsedFrom": {
- "clientName": "Chrome",
- "clientType": "browser",
- "clientVersion": "120.0.0.0",
- "deviceId": "ab715482-4089-4818-9f79-80523d8eb3c6",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "osArch": "arm64",
- "osName": "iOS",
- "osVersion": "18.1.1"
}, - "name": "My Phone"
}, - {
- "createdAt": "2023-06-15 13:29:41 EDT",
- "credentialSynced": true,
- "id": "1b385800-d35e-4108-9b49-48010731cd37",
- "lastUsedAt": "2023-06-15 13:29:41 EDT",
- "lastUsedFrom": {
- "clientName": "Chrome",
- "clientType": "browser",
- "clientVersion": "120.0.0.0",
- "deviceId": "ab715482-4089-4818-9f79-80523d8eb3c6",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "osArch": "x86_64",
- "osName": "Darwin",
- "osVersion": "15.4.1"
}, - "name": "My Laptop"
}, - {
- "createdAt": "2023-06-15 13:29:41 EDT",
- "credentialSynced": false,
- "id": "ab385800-d35e-4108-9b49-48010731cd37",
- "name": "My Tablet"
}
]Rename passkey
Authorizations:
jwt_header_Authorization
path Parameters
| id required | string Example: 2a363a42-a397-4af0-b089-0935fc223017 Internal passkey identifier |
Request Body schema: application/jsonrequired
| name required | string Internal passkey identifier |
Responses
Request samples
- Payload
Content type
application/json
{- "name": "My iPhone SE"
}Response samples
- 400
- 401
- 403
- 404
- 500
Content type
application/json
{- "msg": "A serious error",
- "msgCode": "serious_error"
}Get AAGUID Metadata
Authorizations:
jwt_header_Authorization
path Parameters
| aaguid required | string Example: 2a363a42-a397-4af0-b089-0935fc223017 AAGUID identifier |
Responses
Response samples
- 200
- 400
- 401
- 403
- 404
- 500
Content type
application/json
{- "iconDark": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2aWV3Qm94PSIwIDAgNDggNDgiPgogIDxkZWZzPgogICAgPGxpbmVhckdyYWRpZW50IGlkPSJhIiB4MT0iMy4yMTczIiB5MT0iMTUiIHgyPSI0NC43ODEyIiB5Mj0iMTUiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KICAgICAgPHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjZDkzMDI1Ii8+CiAgICAgIDxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2VhNDMzNSIvPgogICAgPC9saW5lYXJHcmFkaWVudD4KICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iYiIgeDE9IjIwLjcyMTkiIHkxPSI0Ny42NzkxIiB4Mj0iNDEuNTAzOSIgeTI9IjExLjY4MzciIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KICAgICAgPHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjZmNjOTM0Ii8+CiAgICAgIDxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2ZiYmMwNCIvPgogICAgPC9saW5lYXJHcmFkaWVudD4KICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iYyIgeDE9IjI2LjU5ODEiIHkxPSI0Ni41MDE1IiB4Mj0iNS44MTYxIiB5Mj0iMTAuNTA2IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CiAgICAgIDxzdG9wIG9mZnNldD0iMCIgc3RvcC1jb2xvcj0iIzFlOGUzZSIvPgogICAgICA8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMzNGE4NTMiLz4KICAgIDwvbGluZWFyR3JhZGllbnQ+CiAgICAKICAgIDxwYXRoIGlkPSJwIiBkPSJNMTMuNjA4NiAzMC4wMDMxIDMuMjE4IDEyLjAwNkEyMy45OTQgMjMuOTk0IDAgMCAwIDI0LjAwMjUgNDhsMTAuMzkwNi0xNy45OTcxLS4wMDY3LS4wMDY4YTExLjk4NTIgMTEuOTg1MiAwIDAgMS0yMC43Nzc4LjAwN1oiLz4KICA8L2RlZnM+CiAgCiAgPHVzZSB4bGluazpocmVmPSIjcCIgZmlsbD0idXJsKCNhKSIgdHJhbnNmb3JtPSJyb3RhdGUoMTIwIDI0IDI0KSIvPgogIDx1c2UgeGxpbms6aHJlZj0iI3AiIGZpbGw9InVybCgjYikiIHRyYW5zZm9ybT0icm90YXRlKC0xMjAgMjQgMjQpIi8+CiAgPHVzZSB4bGluazpocmVmPSIjcCIgZmlsbD0idXJsKCNjKSIvPgogIAogIDxjaXJjbGUgY3g9IjI0IiBjeT0iMjQiIHI9IjEyIiBzdHlsZT0iZmlsbDojZmZmIi8+CiAgPGNpcmNsZSBjeD0iMjQiIGN5PSIyNCIgcj0iOS41IiBzdHlsZT0iZmlsbDojMWE3M2U4Ii8+Cjwvc3ZnPg==",
- "iconLight": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2aWV3Qm94PSIwIDAgNDggNDgiPgogIDxkZWZzPgogICAgPGxpbmVhckdyYWRpZW50IGlkPSJhIiB4MT0iMy4yMTczIiB5MT0iMTUiIHgyPSI0NC43ODEyIiB5Mj0iMTUiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KICAgICAgPHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjZDkzMDI1Ii8+CiAgICAgIDxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2VhNDMzNSIvPgogICAgPC9saW5lYXJHcmFkaWVudD4KICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iYiIgeDE9IjIwLjcyMTkiIHkxPSI0Ny42NzkxIiB4Mj0iNDEuNTAzOSIgeTI9IjExLjY4MzciIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KICAgICAgPHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjZmNjOTM0Ii8+CiAgICAgIDxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2ZiYmMwNCIvPgogICAgPC9saW5lYXJHcmFkaWVudD4KICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iYyIgeDE9IjI2LjU5ODEiIHkxPSI0Ni41MDE1IiB4Mj0iNS44MTYxIiB5Mj0iMTAuNTA2IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CiAgICAgIDxzdG9wIG9mZnNldD0iMCIgc3RvcC1jb2xvcj0iIzFlOGUzZSIvPgogICAgICA8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMzNGE4NTMiLz4KICAgIDwvbGluZWFyR3JhZGllbnQ+CiAgICAKICAgIDxwYXRoIGlkPSJwIiBkPSJNMTMuNjA4NiAzMC4wMDMxIDMuMjE4IDEyLjAwNkEyMy45OTQgMjMuOTk0IDAgMCAwIDI0LjAwMjUgNDhsMTAuMzkwNi0xNy45OTcxLS4wMDY3LS4wMDY4YTExLjk4NTIgMTEuOTg1MiAwIDAgMS0yMC43Nzc4LjAwN1oiLz4KICA8L2RlZnM+CiAgCiAgPHVzZSB4bGluazpocmVmPSIjcCIgZmlsbD0idXJsKCNhKSIgdHJhbnNmb3JtPSJyb3RhdGUoMTIwIDI0IDI0KSIvPgogIDx1c2UgeGxpbms6aHJlZj0iI3AiIGZpbGw9InVybCgjYikiIHRyYW5zZm9ybT0icm90YXRlKC0xMjAgMjQgMjQpIi8+CiAgPHVzZSB4bGluazpocmVmPSIjcCIgZmlsbD0idXJsKCNjKSIvPgogIAogIDxjaXJjbGUgY3g9IjI0IiBjeT0iMjQiIHI9IjEyIiBzdHlsZT0iZmlsbDojZmZmIi8+CiAgPGNpcmNsZSBjeD0iMjQiIGN5PSIyNCIgcj0iOS41IiBzdHlsZT0iZmlsbDojMWE3M2U4Ii8+Cjwvc3ZnPg==",
- "id": "eb385800-d35e-4108-9b49-48010731cd37",
- "name": "Thales"
}Get AAGUID Metadata
Authorizations:
apiKey_header_Authorization
path Parameters
| aaguid required | string Example: 2a363a42-a397-4af0-b089-0935fc223017 AAGUID identifier |
Responses
Response samples
- 200
- 401
- 404
- 500
Content type
application/json
{- "iconDark": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2aWV3Qm94PSIwIDAgNDggNDgiPgogIDxkZWZzPgogICAgPGxpbmVhckdyYWRpZW50IGlkPSJhIiB4MT0iMy4yMTczIiB5MT0iMTUiIHgyPSI0NC43ODEyIiB5Mj0iMTUiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KICAgICAgPHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjZDkzMDI1Ii8+CiAgICAgIDxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2VhNDMzNSIvPgogICAgPC9saW5lYXJHcmFkaWVudD4KICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iYiIgeDE9IjIwLjcyMTkiIHkxPSI0Ny42NzkxIiB4Mj0iNDEuNTAzOSIgeTI9IjExLjY4MzciIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KICAgICAgPHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjZmNjOTM0Ii8+CiAgICAgIDxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2ZiYmMwNCIvPgogICAgPC9saW5lYXJHcmFkaWVudD4KICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iYyIgeDE9IjI2LjU5ODEiIHkxPSI0Ni41MDE1IiB4Mj0iNS44MTYxIiB5Mj0iMTAuNTA2IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CiAgICAgIDxzdG9wIG9mZnNldD0iMCIgc3RvcC1jb2xvcj0iIzFlOGUzZSIvPgogICAgICA8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMzNGE4NTMiLz4KICAgIDwvbGluZWFyR3JhZGllbnQ+CiAgICAKICAgIDxwYXRoIGlkPSJwIiBkPSJNMTMuNjA4NiAzMC4wMDMxIDMuMjE4IDEyLjAwNkEyMy45OTQgMjMuOTk0IDAgMCAwIDI0LjAwMjUgNDhsMTAuMzkwNi0xNy45OTcxLS4wMDY3LS4wMDY4YTExLjk4NTIgMTEuOTg1MiAwIDAgMS0yMC43Nzc4LjAwN1oiLz4KICA8L2RlZnM+CiAgCiAgPHVzZSB4bGluazpocmVmPSIjcCIgZmlsbD0idXJsKCNhKSIgdHJhbnNmb3JtPSJyb3RhdGUoMTIwIDI0IDI0KSIvPgogIDx1c2UgeGxpbms6aHJlZj0iI3AiIGZpbGw9InVybCgjYikiIHRyYW5zZm9ybT0icm90YXRlKC0xMjAgMjQgMjQpIi8+CiAgPHVzZSB4bGluazpocmVmPSIjcCIgZmlsbD0idXJsKCNjKSIvPgogIAogIDxjaXJjbGUgY3g9IjI0IiBjeT0iMjQiIHI9IjEyIiBzdHlsZT0iZmlsbDojZmZmIi8+CiAgPGNpcmNsZSBjeD0iMjQiIGN5PSIyNCIgcj0iOS41IiBzdHlsZT0iZmlsbDojMWE3M2U4Ii8+Cjwvc3ZnPg==",
- "iconLight": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2aWV3Qm94PSIwIDAgNDggNDgiPgogIDxkZWZzPgogICAgPGxpbmVhckdyYWRpZW50IGlkPSJhIiB4MT0iMy4yMTczIiB5MT0iMTUiIHgyPSI0NC43ODEyIiB5Mj0iMTUiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KICAgICAgPHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjZDkzMDI1Ii8+CiAgICAgIDxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2VhNDMzNSIvPgogICAgPC9saW5lYXJHcmFkaWVudD4KICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iYiIgeDE9IjIwLjcyMTkiIHkxPSI0Ny42NzkxIiB4Mj0iNDEuNTAzOSIgeTI9IjExLjY4MzciIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KICAgICAgPHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjZmNjOTM0Ii8+CiAgICAgIDxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2ZiYmMwNCIvPgogICAgPC9saW5lYXJHcmFkaWVudD4KICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iYyIgeDE9IjI2LjU5ODEiIHkxPSI0Ni41MDE1IiB4Mj0iNS44MTYxIiB5Mj0iMTAuNTA2IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CiAgICAgIDxzdG9wIG9mZnNldD0iMCIgc3RvcC1jb2xvcj0iIzFlOGUzZSIvPgogICAgICA8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMzNGE4NTMiLz4KICAgIDwvbGluZWFyR3JhZGllbnQ+CiAgICAKICAgIDxwYXRoIGlkPSJwIiBkPSJNMTMuNjA4NiAzMC4wMDMxIDMuMjE4IDEyLjAwNkEyMy45OTQgMjMuOTk0IDAgMCAwIDI0LjAwMjUgNDhsMTAuMzkwNi0xNy45OTcxLS4wMDY3LS4wMDY4YTExLjk4NTIgMTEuOTg1MiAwIDAgMS0yMC43Nzc4LjAwN1oiLz4KICA8L2RlZnM+CiAgCiAgPHVzZSB4bGluazpocmVmPSIjcCIgZmlsbD0idXJsKCNhKSIgdHJhbnNmb3JtPSJyb3RhdGUoMTIwIDI0IDI0KSIvPgogIDx1c2UgeGxpbms6aHJlZj0iI3AiIGZpbGw9InVybCgjYikiIHRyYW5zZm9ybT0icm90YXRlKC0xMjAgMjQgMjQpIi8+CiAgPHVzZSB4bGluazpocmVmPSIjcCIgZmlsbD0idXJsKCNjKSIvPgogIAogIDxjaXJjbGUgY3g9IjI0IiBjeT0iMjQiIHI9IjEyIiBzdHlsZT0iZmlsbDojZmZmIi8+CiAgPGNpcmNsZSBjeD0iMjQiIGN5PSIyNCIgcj0iOS41IiBzdHlsZT0iZmlsbDojMWE3M2U4Ii8+Cjwvc3ZnPg==",
- "id": "eb385800-d35e-4108-9b49-48010731cd37",
- "name": "Thales"
}Remove AAGUIDs from blacklist
Authorizations:
apiKey_header_Authorization
Request Body schema: application/jsonrequired
| aaguids required | Array of strings List of AAGUIDs to delete from the blacklist |
Responses
Request samples
- Payload
Content type
application/json
{- "aaguids": [
- "bada5566-a7aa-401f-bd96-45619a55120d",
- "531126d6-e717-415c-9320-3d9aa6981239"
]
}Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "A serious error",
- "msgCode": "serious_error"
}Response samples
- 200
- 401
- 500
Content type
application/json
[- {
- "aaguid": "eb385800-d35e-4108-9b49-48010731cd37",
- "auth": true,
- "reg": true
}, - {
- "aaguid": "1b385800-d35e-4108-9b49-48010731cd37",
- "auth": true,
- "reg": false
}, - {
- "aaguid": "ab385800-d35e-4108-9b49-48010731cd37",
- "auth": false,
- "reg": true
}
]Add or Update AAGUIDs in the blacklist
Authorizations:
apiKey_header_Authorization
Request Body schema: application/jsonrequired
required | Array of objects (AaguidBlacklist) List of blacklist items to add/update | ||||||
Array
| |||||||
Responses
Request samples
- Payload
Content type
application/json
{- "items": [
- {
- "aaguid": "bada5566-a7aa-401f-bd96-45619a55120d",
- "auth": true,
- "reg": true
}, - {
- "aaguid": "531126d6-e717-415c-9320-3d9aa6981239",
- "auth": false,
- "reg": true
}
]
}Response samples
- 400
- 401
- 500
Content type
application/json
{- "msg": "A serious error",
- "msgCode": "serious_error"
}Get device details
Authorizations:
apiKey_header_Authorization
path Parameters
| deviceId required | string Example: 0546b8b1-b80a-4ea4-b4f6-60bf2ae314e5 Device identifier |
Responses
Response samples
- 200
- 401
- 404
- 500
Content type
application/json
{- "deviceInfo": {
- "clientName": "Chrome",
- "clientType": "browser",
- "clientVersion": "120.0.0.0",
- "deviceId": "2a363a42-a397-4af0-b089-0935fc223017",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "osArch": "aarch64",
- "osName": "iOS",
- "osVersion": "14.2.1",
- "screenHeight": 1080,
- "screenWidth": 1920
}, - "users": [
- {
- "userId": "3e398f0b-8cf9-4bba-8c79-f56884d656e5",
- "usernames": [
- {
- "username": "user1@example.com",
- "usernameType": "email"
}, - {
- "username": "user1+test@example.com",
- "usernameType": "email"
}
]
}, - {
- "userId": "79715132-6260-4867-986a-2b31d25ba7e2",
- "usernames": [
- {
- "username": "user2@example.com",
- "usernameType": "email"
}
]
}
]
}Discover passkey authentication options
Authorizations:
apiKey_header_Authorization
Request Body schema: application/jsonrequired
object (DeviceInfo) Information about the device. All of these attributes are optional and should be provided on best effort basis. If provide, they will be taken into consideration in order to improve user experience. | |
required | object (User) |
| userAgent required | string Raw user-agent header as set by clients browser |
Responses
Request samples
- Payload
Content type
application/json
{- "deviceInfo": {
- "clientName": "Chrome",
- "clientType": "browser",
- "clientVersion": "120.0.0.0",
- "deviceId": "2a363a42-a397-4af0-b089-0935fc223017",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "osArch": "aarch64",
- "osName": "iOS",
- "osVersion": "14.2.1",
- "screenHeight": 1080,
- "screenWidth": 1920
}, - "user": {
- "displayName": "System Administrator",
- "username": "admin@example.com",
- "usernameType": "email"
}, - "userAgent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
}Response samples
- 200
- 400
- 401
- 500
Content type
application/json
{- "authRequestOptions": {
- "allowCredentials": [
- {
- "id": "oAjxAhjnoQXLmRRAczwPg2E/S2zVS+DKlO6WNvgH9ys=",
- "transports": [
- "usb",
- "internal"
], - "type": "public-key"
}, - {
- "id": "dqJvLVzdodYfQfKPB8zgF+rtoxNx5WUgH7kFHp8SegY=",
- "type": "public-key"
}
], - "challenge": "gUEHYYYEpkj+eNo9DOPb/17K36VT0rTUAPyM03JeoeM=",
- "timeout": 5000,
- "userVerification": "preferred"
}, - "lastLoginDeviceId": "efb15eb3-85bc-497a-9014-e29fb2b49bc0",
- "lastLoginTs": "2025-01-02T15:52:12Z",
- "matchResult": "PasskeyFound",
- "regRequestOptions": {
- "attestation": "none",
- "authenticatorSelection": {
- "authenticatorAttachment": "platform",
- "requireResidentKey": true,
- "residentKey": "required",
- "userVerification": "preferred"
}, - "challenge": "gUEHYYYEpkj+eNo9DOPb/17K36VT0rTUAPyM03JeoeM=",
- "excludeCredentials": [
- {
- "id": "oAjxAhjnoQXLmRRAczwPg2E/S2zVS+DKlO6WNvgH9ys=",
- "transports": [
- "usb",
- "internal"
], - "type": "public-key"
}, - {
- "id": "dqJvLVzdodYfQfKPB8zgF+rtoxNx5WUgH7kFHp8SegY=",
- "type": "public-key"
}
], - "pubKeyCredParams": [
- {
- "alg": -7,
- "type": "public-key"
}, - {
- "alg": -257,
- "type": "public-key"
}
], - "rp": {
- "id": "api.loginid.io",
- "name": "Login ID Inc."
}, - "timeout": 10000,
- "user": {
- "displayName": "System Administrator",
- "id": "5e084987-3b3d-4cd7-8b19-385f8f5e253b",
- "name": "admin"
}
}, - "session": "w5zY9tpNgePsqkTsQlNPVCR2rwUlCdhCLhVwXsN2r...",
- "userId": "OH96SFA59OQP9TG9SB23LCEE"
}Create an authorization token with requested scopes
Authorizations:
apiKey_header_Authorization
Request Body schema: application/jsonrequired
| grants required | Array of strings Items Enum: "passkey:read" "passkey:write" "profile:read" "profile:write" "reg:write" "auth:write" List of requested grants |
| username | string User identifier |
Responses
Request samples
- Payload
Content type
application/json
{- "grants": [
- "passkey:read",
- "passkey:write",
- "reg:write"
], - "username": "testUser"
}Response samples
- 200
- 400
- 401
- 500
Content type
application/json
{- "token": "oWIsYWQl6RB0cFC9jM8Hy85TmqAMyc0QqSXMsh0Fo9U="
}Get passkey details
Authorizations:
apiKey_header_Authorization
path Parameters
| passkeyId required | string Example: testUser Passkey identifier |
Responses
Response samples
- 200
- 401
- 404
- 500
Content type
application/json
{- "passkeyInfo": {
- "aaguid": "fbfc3007-154e-4ecc-8c0b-6e020557d7bd",
- "createdAt": "2023-06-15 13:29:41 EDT",
- "createdFromDeviceId": "213eb710-7b51-456a-9044-eee2dac3b268",
- "id": "861ee00b-b40d-493a-a10b-457a0d527b48",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "lastUsedFromDeviceId": "213eb710-7b51-456a-9044-eee2dac3b268",
- "name": "My Phone",
- "providerName": "iCloud Keychain"
}, - "user": {
- "userId": "3e398f0b-8cf9-4bba-8c79-f56884d656e5",
- "usernames": [
- {
- "username": "user1@example.com",
- "usernameType": "email"
}, - {
- "username": "user1+test@example.com",
- "usernameType": "email"
}
]
}
}Rename a passkey
Authorizations:
apiKey_header_Authorization
path Parameters
| passkeyId required | string Example: testUser Passkey identifier |
Request Body schema: application/jsonrequired
| passkeyName required | string New passkey name |
Responses
Request samples
- Payload
Content type
application/json
{- "passkeyName": "My favorite iCloud passkey"
}Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "A serious error",
- "msgCode": "serious_error"
}Validate JWT Access Token
Authorizations:
apiKey_header_Authorization
Request Body schema: application/jsonrequired
| jwtAccess required | string JWT access token |
Responses
Request samples
- Payload
Content type
application/json
{- "jwtAccess": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}Response samples
- 400
- 401
- 500
Content type
application/json
{- "msg": "A serious error",
- "msgCode": "serious_error"
}Permanently delete the user account and all associated devices and passkeys
Authorizations:
apiKey_header_Authorization
path Parameters
| userId required | string Example: df7c43a5-c721-4818-a68b-e1d7ff55d07c User identifier |
Responses
Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "A serious error",
- "msgCode": "serious_error"
}Permanently delete all devices associated with user account
Authorizations:
apiKey_header_Authorization
path Parameters
| userId required | string Example: df7c43a5-c721-4818-a68b-e1d7ff55d07c User identifier |
Responses
Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "A serious error",
- "msgCode": "serious_error"
}Permanently delete all passkeys associated with user account
Authorizations:
apiKey_header_Authorization
path Parameters
| userId required | string Example: df7c43a5-c721-4818-a68b-e1d7ff55d07c User identifier |
Responses
Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "A serious error",
- "msgCode": "serious_error"
}Find user and retrieve user details
Authorizations:
apiKey_header_Authorization
query Parameters
| username required | string Example: username=testUser A username the user can be identified by |
Responses
Response samples
- 200
- 400
- 401
- 404
- 500
Content type
application/json
{- "devices": [
- {
- "createdAt": "2025-01-02T16:40:44Z",
- "deviceId": "ab715482-4089-4818-9f79-80523d8eb3c6",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "name": "iPhone SE"
}, - {
- "createdAt": "2025-01-02T16:40:44Z",
- "deviceId": "6c1762a3-96ce-4d58-a920-5ef427ef4407",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "name": "Windows 10 (x86_64)"
}
], - "passkeys": [
- {
- "aaguid": "d548826e-79b4-db40-a3d8-11116f7e8349",
- "createdAt": "2025-01-02T16:40:44Z",
- "createdFromDeviceId": "213eb710-7b51-456a-9044-eee2dac3b268",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "lastUsedFromDeviceId": "213eb710-7b51-456a-9044-eee2dac3b268",
- "name": "My Macbook",
- "passkeyId": "ab715482-4089-4818-9f79-80523d8eb3c6",
- "providerName": "Bitwarden"
}, - {
- "aaguid": "d548826e-79b4-db40-a3d8-11116f7e8349",
- "createdAt": "2025-01-02T16:40:44Z",
- "createdFromDeviceId": "9459018d-df97-4b95-860f-750763ffb943",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "lastUsedFromDeviceId": "c7c57456-8c9d-4786-a8d3-983a64cbf97f",
- "name": "My Linux Desktop",
- "passkeyId": "6c1762a3-96ce-4d58-a920-5ef427ef4407",
- "providerName": "Bitwarden"
}
], - "user": {
- "userId": "3e398f0b-8cf9-4bba-8c79-f56884d656e5",
- "usernames": [
- {
- "username": "user1@example.com",
- "usernameType": "email"
}, - {
- "username": "user1+test@example.com",
- "usernameType": "email"
}
]
}
}Response samples
- 200
- 404
- 500
Content type
application/json
{- "keys": [
- {
- "alg": "ES256",
- "crv": "P-256",
- "key_ops": [
- "verify"
], - "kid": "unique-key-id",
- "kty": "EC",
- "use": "sig",
- "x": "-a4DlQ0kMffMB1wZJSjNAA1YTVB0dXrTUGszywNy-e4",
- "y": "y5gcJVgSq7B5hr7vN1rbNaGQ3mqMN7soz5Ua1SqzWGw"
}, - {
- "alg": "ES256",
- "crv": "P-256",
- "key_ops": [
- "verify"
], - "kid": "unique-key-id",
- "kty": "EC",
- "use": "sig",
- "x": "-a4DlQ0kMffMB1wZJSjNAA1YTVB0dXrTUGszywNy-e4",
- "y": "y5gcJVgSq7B5hr7vN1rbNaGQ3mqMN7soz5Ua1SqzWGw"
}
]
}