FIDO2 API (2.0)
RESTful API for handling WebAuthn logic with support for FIDO2 flows with passkeys.
Report a client side event.
Report a client event. It does not change state of the flow.
Authorizations:
sessionAuth_header_Authorization
Request Body schema: application/jsonrequired
| event required | string Client side event. |
| isError | boolean Default: false Whether the event is a result of an error. |
Responses
Request samples
- Payload
Content type
application/json
{- "event": "ERROR_DISCOVERABLE_CREDENTIALS_UNSUPPORTED",
- "isError": true
}Response samples
- 200
- 400
- 401
- 404
- 500
Content type
application/json
{- "session": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo..."
}Delete a user profile and all associated passkey
Authorizations:
apiKey_header_Authorization
path Parameters
| id required | string Example: 2a363a42-a397-4af0-b089-0935fc223017 Internal user identifier |
Responses
Response samples
- 401
- 404
- 500
Content type
application/json
{- "msg": "Internal error",
- "msgCode": "internal_error"
}Delete email from the profile
Authorizations:
apiKey_header_Authorization
path Parameters
| id required | string Example: 2a363a42-a397-4af0-b089-0935fc223017 Internal user identifier |
Request Body schema: application/jsonrequired
| email required | string Email address |
Responses
Request samples
- Payload
Content type
application/json
{- "email": "test@loginid.io"
}Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "Internal error",
- "msgCode": "internal_error"
}Update profile email address
Authorizations:
apiKey_header_Authorization
path Parameters
| id required | string Example: 2a363a42-a397-4af0-b089-0935fc223017 Internal user identifier |
Request Body schema: application/jsonrequired
| email required | string Email address |
| requestVerification | boolean Default: true Whether to update the email address immediately or send an authorization code to verify. |
Responses
Request samples
- Payload
Content type
application/json
{- "email": "luke.skywalker@tatuin.com",
- "requestVerification": true
}Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "Internal error",
- "msgCode": "internal_error"
}Update the profile phone number
Authorizations:
apiKey_header_Authorization
path Parameters
| id required | string Example: 2a363a42-a397-4af0-b089-0935fc223017 Internal user identifier |
Request Body schema: application/jsonrequired
| messagingConsent | boolean Default: false Whether the user consents to receiving SMS messages on this number. The phone will not be used for sending messages if no consent is provided. |
| phoneNumber required | string Phone number |
| requestVerification | boolean Default: true Whether to update the phone number immediately or send an authorization code to verify. This method will fail if verification is requested but no consent is provided. |
Responses
Request samples
- Payload
Content type
application/json
{- "messagingConsent": true,
- "phoneNumber": "+14161234567",
- "requestVerification": true
}Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "Internal error",
- "msgCode": "internal_error"
}Verify phone number with received authorization code
Request Body schema: application/jsonrequired
| authCode required | string Verification code |
| username required | string Username associated with the code |
Responses
Request samples
- Payload
Content type
application/json
{- "authCode": "123456",
- "username": "user@example.com"
}Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "Internal error",
- "msgCode": "internal_error"
}Verify phone number with received authorization code
Request Body schema: application/jsonrequired
| authCode required | string Verification code |
| username required | string Username associated with the code |
Responses
Request samples
- Payload
Content type
application/json
{- "authCode": "123456",
- "username": "user@example.com"
}Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "Internal error",
- "msgCode": "internal_error"
}Complete transaction confirmation
Request Body schema: application/jsonrequired
| authenticatorData required | string This attribute contains the authenticator data returned by the authenticator. |
| clientData required | string Base64 encoded byte array which is a JSON-compatible serialization of client data passed to the authenticator by the client in order to generate this assertion. The exact JSON serialization MUST be preserved, as the hash of the serialized client data has been computed over it. |
| keyHandle required | string Identified of the passkey credential. |
| session required | string >= 16 characters An opaque object containing session data. |
| signature required | string Base64 encoded the raw signature returned from the authenticator. |
Responses
Request samples
- Payload
Content type
application/json
{- "authenticatorData": "ix523n3XniH01jM4CIuOn1z0Jw6QbRATXYOsCUyQN...",
- "clientData": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "keyHandle": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "session": "w5zY9tpNgePsqkTsQlNPVCR2rwUlCdhCLhVwXsN2r...",
- "signature": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo..."
}Response samples
- 200
- 400
- 403
- 500
Content type
application/json
{- "authCred": {
- "aaguid": "fbfc3007-154e-4ecc-8c0b-6e020557d7bd",
- "createdAt": "2023-06-15 13:29:41 EDT",
- "credentialSynced": false,
- "id": "861ee00b-b40d-493a-a10b-457a0d527b48",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "lastUsedFromDevice": {
- "clientName": "Chrome",
- "clientType": "browser",
- "clientVersion": "120.0.0.0",
- "deviceId": "ab715482-4089-4818-9f79-80523d8eb3c6",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "osArch": "arm64",
- "osName": "iOS",
- "osVersion": "18.1.1"
}, - "name": "My Phone",
- "providerName": "iCloud Keychain"
}, - "credentialId": "2a363a42-a397-4af0-b089-0935fc223017",
- "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}Start transaction confirmation flow
Request Body schema: application/jsonrequired
| nonce required | string Random string |
| txPayload required | string Payload of transaction |
| txType required | string Type of transaction |
| username required | string Username of user |
Responses
Request samples
- Payload
Content type
application/json
{- "nonce": "w5zY9tpNgePsqkTsQlNPVCR2rwUlCdhCLhVwXsN2r...",
- "txPayload": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "txType": "raw",
- "username": "testUser"
}Response samples
- 200
- 400
- 404
- 500
Content type
application/json
{- "assertionOptions": {
- "allowCredentials": [
- {
- "id": "oAjxAhjnoQXLmRRAczwPg2E/S2zVS+DKlO6WNvgH9ys=",
- "transports": [
- "usb",
- "internal"
], - "type": "public-key"
}, - {
- "id": "dqJvLVzdodYfQfKPB8zgF+rtoxNx5WUgH7kFHp8SegY=",
- "type": "public-key"
}
], - "challenge": "gUEHYYYEpkj+eNo9DOPb/17K36VT0rTUAPyM03JeoeM=",
- "timeout": 5000,
- "userVerification": "discouraged"
}, - "session": "w5zY9tpNgePsqkTsQlNPVCR2rwUlCdhCLhVwXsN2r...",
- "txId": "2a363a42-a397-4af0-b089-0935fc223017"
}Complete WebAuthn authentication
Request Body schema: application/jsonrequired
required | object (AuthenticatorAssertionResponse) |
| session required | string >= 16 characters An opaque object containing session data. |
Responses
Request samples
- Payload
Content type
application/json
{- "assertionResult": {
- "authenticatorData": "ix523n3XniH01jM4CIuOn1z0Jw6QbRATXYOsCUyQN...",
- "clientDataJSON": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "credentialId": "2aChi2dALRLdVP5i/zKr7yvMrP8FIy7MK4lbyUsjO...",
- "signature": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "userHandle": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo..."
}, - "session": "w5zY9tpNgePsqkTsQlNPVCR2rwUlCdhCLhVwXsN2r..."
}Response samples
- 200
- 400
- 404
- 500
Content type
application/json
{- "deviceId": "8222fe14-4973-469f-843d-73b0f9e0a3a9",
- "jwtAccess": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "passkeyId": "482b7723-eb3e-4814-809f-05af16284fcc",
- "userId": "2a363a42-a397-4af0-b089-0935fc223017"
}Start WebAuthn authentication flow
header Parameters
| User-Agent | string Example: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 Raw user-agent header as set by a browser |
Request Body schema: application/jsonrequired
required | object (Application) Application making the request. It contains additional info about the caller to distinguish between tenants. |
required | object (DeviceInfo) Information about the device. All of these attributes are optional and should be provided on best effort basis. If provide, they will be taken into consideration in order to improve user experience. |
object TrustIDs provided with the request | |
object (UserLogin) |
Responses
Request samples
- Payload
Content type
application/json
{- "app": {
- "id": "2a363a42-a397-4af0-b089-0935fc223017"
}, - "deviceInfo": {
- "clientName": "Chrome",
- "clientType": "browser",
- "clientVersion": "120.0.0.0",
- "deviceId": "2a363a42-a397-4af0-b089-0935fc223017",
- "hasBluetooth": true,
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "osArch": "aarch64",
- "osName": "iOS",
- "osVersion": "14.2.1",
- "screenHeight": 1080,
- "screenWidth": 1920,
- "webauthnCapabilities": "{\n \"conditionalCreate\": true,\n \"conditionalGet\": true,\n \"hybridTransport\": true,\n \"passkeyPlatformAuthenticator\": true,\n \"userVerifyingPlatformAuthenticator\": true,\n \"relatedOrigins\": true,\n \"signalAllAcceptedCredentials\": true,\n \"signalCurrentUserDetails\": true,\n \"signalUnknownCredential\": true\n}"
}, - "trustItems": {
- "auth": "DqjUIcwnq7edyyeMGCxWNqs1cNBrEjBXlB2mVxfja8s=",
- "merchant": "gpOLtpZWhxkKgwEJyYzB2ckXn9IXDID7jjiaYFYTfS4=",
- "wallet": "NlPsJDfILKo0nCxuu2lrv6q9SBqgKLvpIuqSI4izk9k="
}, - "user": {
- "username": "admin@example.com",
- "usernameType": "email"
}
}Response samples
- 200
- 400
- 403
- 404
- 500
Content type
application/json
{- "action": "proceed",
- "assertionOptions": {
- "allowCredentials": [
- {
- "id": "oAjxAhjnoQXLmRRAczwPg2E/S2zVS+DKlO6WNvgH9ys=",
- "transports": [
- "usb",
- "internal"
], - "type": "public-key"
}, - {
- "id": "dqJvLVzdodYfQfKPB8zgF+rtoxNx5WUgH7kFHp8SegY=",
- "type": "public-key"
}
], - "challenge": "gUEHYYYEpkj+eNo9DOPb/17K36VT0rTUAPyM03JeoeM=",
- "timeout": 5000,
- "userVerification": "discouraged"
}, - "crossAuthMethods": [
- "otp",
- "otp:sms",
- "otp:email"
], - "fallbackMethods": [
- "ciam"
], - "passkeyType": "device",
- "session": "w5zY9tpNgePsqkTsQlNPVCR2rwUlCdhCLhVwXsN2r..."
}Request OTP code by an authenticated user
An authenticated user can request an authentication code directly using this method. The code can be used for authentication from another device.
Authorizations:
jwt_header_Authorization
Responses
Response samples
- 200
- 401
- 403
- 404
- 500
Content type
application/json
{- "code": "123456",
- "expiresAt": "2021-01-01T00:00:00Z"
}Request OTP code to be sent via email.
Send authentication code to the provided email. The SMS will only be sent if the email address is known to the application, however, this method will return success regardless.
Request Body schema: application/jsonrequired
required | object (UserLogin) | ||||
| |||||
Responses
Request samples
- Payload
Content type
application/json
{- "user": {
- "username": "admin@example.com",
- "usernameType": "email"
}
}Response samples
- 400
- 404
- 500
Content type
application/json
{- "msg": "Internal error",
- "msgCode": "internal_error"
}Request OTP code to be sent via SMS.
Send authentication code to the provided phone number. The SMS will only be sent if the phone is registered with the application, however, it will return success regardless.
Request Body schema: application/jsonrequired
required | object (UserLogin) | ||||
| |||||
Responses
Request samples
- Payload
Content type
application/json
{- "user": {
- "username": "admin@example.com",
- "usernameType": "email"
}
}Response samples
- 400
- 404
- 500
Content type
application/json
{- "msg": "Internal error",
- "msgCode": "internal_error"
}Verify authentication code and return JWT access token with appropriate scopes
Request Body schema: application/jsonrequired
| authCode required | string Authentication code |
required | object (UserLogin) |
Responses
Request samples
- Payload
Content type
application/json
{- "authCode": "123456",
- "user": {
- "username": "admin@example.com",
- "usernameType": "email"
}
}Response samples
- 200
- 400
- 404
- 500
Content type
application/json
{- "deviceId": "8222fe14-4973-469f-843d-73b0f9e0a3a9",
- "jwtAccess": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "passkeyId": "482b7723-eb3e-4814-809f-05af16284fcc",
- "userId": "2a363a42-a397-4af0-b089-0935fc223017"
}Begin and appropriate flow for the provided username.
Perform pre-authentication.
header Parameters
| User-Agent required | string Example: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 Raw user-agent header as set by a browser |
Request Body schema: application/jsonrequired
object (DeviceInfo) Information about the device. All of these attributes are optional and should be provided on best effort basis. If provide, they will be taken into consideration in order to improve user experience. | |
| payload | string Payload to be signed |
object TrustIDs provided with the request | |
object (User) |
Responses
Request samples
- Payload
Content type
application/json
{- "deviceInfo": {
- "clientName": "Chrome",
- "clientType": "browser",
- "clientVersion": "120.0.0.0",
- "deviceId": "2a363a42-a397-4af0-b089-0935fc223017",
- "hasBluetooth": true,
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "osArch": "aarch64",
- "osName": "iOS",
- "osVersion": "14.2.1",
- "screenHeight": 1080,
- "screenWidth": 1920,
- "webauthnCapabilities": "{\n \"conditionalCreate\": true,\n \"conditionalGet\": true,\n \"hybridTransport\": true,\n \"passkeyPlatformAuthenticator\": true,\n \"userVerifyingPlatformAuthenticator\": true,\n \"relatedOrigins\": true,\n \"signalAllAcceptedCredentials\": true,\n \"signalCurrentUserDetails\": true,\n \"signalUnknownCredential\": true\n}"
}, - "payload": "ak4BXFgauyDtsRvnXWfaTW1DyetX7fTViGY9DRQGQ+g=",
- "trustItems": {
- "auth": "DqjUIcwnq7edyyeMGCxWNqs1cNBrEjBXlB2mVxfja8s=",
- "merchant": "gpOLtpZWhxkKgwEJyYzB2ckXn9IXDID7jjiaYFYTfS4=",
- "wallet": "NlPsJDfILKo0nCxuu2lrv6q9SBqgKLvpIuqSI4izk9k="
}, - "user": {
- "displayName": "System Administrator",
- "username": "admin@example.com",
- "usernameType": "email"
}
}Response samples
- 200
- 400
- 403
- 404
- 500
Content type
application/json
{- "flow": "signIn",
- "msg": "Additional authentication is required.",
- "msgCode": "additional_auth_required",
- "next": [
- {
- "action": {
- "label": "Passkey",
- "name": "passkey"
}, - "options": [
- {
- "name": "assertionOptions",
- "value": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo..."
}
]
}, - {
- "action": {
- "label": "External Auth",
- "name": "external"
}
}, - {
- "action": {
- "desc": "OTP will be sent to one of the email addresses provided by the user.",
- "label": "OTP via Email",
- "name": "otp:email"
}, - "options": [
- {
- "label": "primary@example.com",
- "name": "email:primary",
- "value": "3df8feb9-5dc0-451e-8799-ec5d7e1fe1f7"
}, - {
- "label": "secondary@example.com",
- "name": "email:secondary",
- "value": "9c568230-243a-43ee-8b19-7b544ba8fd9f"
}
]
}, - {
- "action": {
- "desc": "OTP will be sent via SMS to one of the phone numbers provided by the user.",
- "label": "OTP via SMS",
- "name": "otp:sms"
}, - "options": [
- {
- "label": "+1(631)842-0398",
- "value": "ee9ce8f0-1471-47c4-b1e5-c40923aee83a"
}, - {
- "label": "+1(661)942-5456",
- "value": "3e3092dc-eb0c-4064-9276-7687fe5cef57"
}
]
}
], - "session": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo..."
}Request OTP authentication using one of the available methods.
Request OTP.
Authorizations:
sessionAuth_header_Authorization
Request Body schema: application/jsonrequired
| method required | string Enum: "email" "sms" OTP method |
| option | string An OTP option selected by the user (i.e. address to send the OTP request to - phone, email, etc.) |
Responses
Request samples
- Payload
Content type
application/json
{- "method": "email",
- "option": "user@example.com"
}Response samples
- 200
- 400
- 401
- 500
Content type
application/json
{- "session": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo..."
}Confirm OTP received in a previous step.
Verify OTP received by one of the methods.
Authorizations:
sessionAuth_header_Authorization
Request Body schema: application/jsonrequired
| otp required | string |
Responses
Request samples
- Payload
Content type
application/json
{- "otp": "123456"
}Response samples
- 200
- 400
- 401
- 500
Content type
application/json
{- "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT...",
- "deviceId": "8222fe14-4973-469f-843d-73b0f9e0a3a9",
- "flow": "signIn",
- "idToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT...",
- "payload": "JfeMhXGH1GABxRAXRopd7vtsLEJe16f9ok3oiA8DoEADZ8TOqvgYy...",
- "payloadSignature": "eyJhbGciOiJIUzI1NiJ9.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA...",
- "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT..."
}Authenticate using passkey.
Authenticate with a passkeys.
Authorizations:
sessionAuth_header_Authorization
Request Body schema: application/jsonrequired
required | object (AuthenticatorAssertionResponse) | ||||||||||
| |||||||||||
Responses
Request samples
- Payload
Content type
application/json
{- "assertionResult": {
- "authenticatorData": "ix523n3XniH01jM4CIuOn1z0Jw6QbRATXYOsCUyQN...",
- "clientDataJSON": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "credentialId": "2aChi2dALRLdVP5i/zKr7yvMrP8FIy7MK4lbyUsjO...",
- "signature": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "userHandle": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo..."
}
}Response samples
- 200
- 400
- 401
- 500
Content type
application/json
{- "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT...",
- "deviceId": "8222fe14-4973-469f-843d-73b0f9e0a3a9",
- "flow": "signIn",
- "idToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT...",
- "payload": "JfeMhXGH1GABxRAXRopd7vtsLEJe16f9ok3oiA8DoEADZ8TOqvgYy...",
- "payloadSignature": "eyJhbGciOiJIUzI1NiJ9.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA...",
- "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT..."
}Register a new passkey.
Register a new passkey.
Authorizations:
sessionAuth_header_Authorization
Request Body schema: application/jsonrequired
required | object (CreationResult) | ||||||||||||||
| |||||||||||||||
Responses
Request samples
- Payload
Content type
application/json
{- "creationResult": {
- "attestationObject": "5lvuZBkX1w7/0+XKcldttzA7vTwilEq3qnnXSq/a0...",
- "authenticatorData": "ix523n3XniH01jM4CIuOn1z0Jw6QbRATXYOsCUyQN...",
- "clientDataJSON": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "credentialId": "2aChi2dALRLdVP5i/zKr7yvMrP8FIy7MK4lbyUsjO...",
- "publicKey": "wDUH6JkyU7SMswFPjyqEvhMB5GlhtqzS1VtfM/91Y...",
- "publicKeyAlgorithm": -8,
- "transports": [
- "internal",
- "internal",
- "usb"
]
}
}Response samples
- 200
- 400
- 401
- 500
Content type
application/json
{- "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT...",
- "deviceId": "8222fe14-4973-469f-843d-73b0f9e0a3a9",
- "flow": "signIn",
- "idToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT...",
- "payload": "JfeMhXGH1GABxRAXRopd7vtsLEJe16f9ok3oiA8DoEADZ8TOqvgYy...",
- "payloadSignature": "eyJhbGciOiJIUzI1NiJ9.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA...",
- "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT..."
}Transaction confirmation using passkey.
Confirm a transaction with a passkey.
Authorizations:
sessionAuth_header_Authorization
Request Body schema: application/jsonrequired
required | object (AuthenticatorAssertionResponse) | ||||||||||
| |||||||||||
Responses
Request samples
- Payload
Content type
application/json
{- "assertionResult": {
- "authenticatorData": "ix523n3XniH01jM4CIuOn1z0Jw6QbRATXYOsCUyQN...",
- "clientDataJSON": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "credentialId": "2aChi2dALRLdVP5i/zKr7yvMrP8FIy7MK4lbyUsjO...",
- "signature": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "userHandle": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo..."
}
}Response samples
- 200
- 400
- 401
- 500
Content type
application/json
{- "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT...",
- "deviceId": "8222fe14-4973-469f-843d-73b0f9e0a3a9",
- "flow": "signIn",
- "idToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT...",
- "payload": "JfeMhXGH1GABxRAXRopd7vtsLEJe16f9ok3oiA8DoEADZ8TOqvgYy...",
- "payloadSignature": "eyJhbGciOiJIUzI1NiJ9.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA...",
- "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT..."
}Verify auth token created by a third party via management API.
Verify authentication token received from a third party.
Authorizations:
sessionAuth_header_Authorization
Request Body schema: application/jsonrequired
| token required | string Authorization token produced by mgmt API. |
Responses
Request samples
- Payload
Content type
application/json
{- "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}Response samples
- 200
- 400
- 401
- 500
Content type
application/json
{- "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT...",
- "deviceId": "8222fe14-4973-469f-843d-73b0f9e0a3a9",
- "flow": "signIn",
- "idToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT...",
- "payload": "JfeMhXGH1GABxRAXRopd7vtsLEJe16f9ok3oiA8DoEADZ8TOqvgYy...",
- "payloadSignature": "eyJhbGciOiJIUzI1NiJ9.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA...",
- "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT..."
}Complete WebAuthn registration flow
Request Body schema: application/jsonrequired
required | object (CreationResult) |
| passkeyName | string Passkey name that will be shown to the user in passkey list. |
| session required | string >= 16 characters An opaque object containing session data. |
Responses
Request samples
- Payload
Content type
application/json
{- "creationResult": {
- "attestationObject": "5lvuZBkX1w7/0+XKcldttzA7vTwilEq3qnnXSq/a0...",
- "authenticatorData": "ix523n3XniH01jM4CIuOn1z0Jw6QbRATXYOsCUyQN...",
- "clientDataJSON": "UxaynsCYdykyHKaA0G7IeWaBG6DGJoGFN8mbJgvRo...",
- "credentialId": "2aChi2dALRLdVP5i/zKr7yvMrP8FIy7MK4lbyUsjO...",
- "publicKey": "wDUH6JkyU7SMswFPjyqEvhMB5GlhtqzS1VtfM/91Y...",
- "publicKeyAlgorithm": -8,
- "transports": [
- "internal",
- "internal",
- "usb"
]
}, - "passkeyName": "Windows Hello (Win11,Chrome) - 2025-04-07 20:46",
- "session": "w5zY9tpNgePsqkTsQlNPVCR2rwUlCdhCLhVwXsN2r..."
}Response samples
- 200
- 400
- 403
- 500
Content type
application/json
{- "deviceId": "8222fe14-4973-469f-843d-73b0f9e0a3a9",
- "jwtAccess": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "passkeyId": "482b7723-eb3e-4814-809f-05af16284fcc",
- "userId": "2a363a42-a397-4af0-b089-0935fc223017"
}Start WebAuthn registration flow
Authorizations:
jwt_header_Authorization
header Parameters
| User-Agent | string Example: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 Raw user-agent header as set by a browser |
Request Body schema: application/jsonrequired
required | object (Application) Application making the request. It contains additional info about the caller to distinguish between tenants. |
required | object (DeviceInfo) Information about the device. All of these attributes are optional and should be provided on best effort basis. If provide, they will be taken into consideration in order to improve user experience. |
object (PasskeyOptions) | |
object TrustIDs provided with the request | |
object (User) |
Responses
Request samples
- Payload
Content type
application/json
{- "app": {
- "id": "2a363a42-a397-4af0-b089-0935fc223017"
}, - "deviceInfo": {
- "clientName": "Chrome",
- "clientType": "browser",
- "clientVersion": "120.0.0.0",
- "deviceId": "2a363a42-a397-4af0-b089-0935fc223017",
- "hasBluetooth": true,
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "osArch": "aarch64",
- "osName": "iOS",
- "osVersion": "14.2.1",
- "screenHeight": 1080,
- "screenWidth": 1920,
- "webauthnCapabilities": "{\n \"conditionalCreate\": true,\n \"conditionalGet\": true,\n \"hybridTransport\": true,\n \"passkeyPlatformAuthenticator\": true,\n \"userVerifyingPlatformAuthenticator\": true,\n \"relatedOrigins\": true,\n \"signalAllAcceptedCredentials\": true,\n \"signalCurrentUserDetails\": true,\n \"signalUnknownCredential\": true\n}"
}, - "passkeyOptions": {
- "conditionalCreate": false,
- "securityKey": false
}, - "trustItems": {
- "auth": "DqjUIcwnq7edyyeMGCxWNqs1cNBrEjBXlB2mVxfja8s=",
- "merchant": "gpOLtpZWhxkKgwEJyYzB2ckXn9IXDID7jjiaYFYTfS4=",
- "wallet": "NlPsJDfILKo0nCxuu2lrv6q9SBqgKLvpIuqSI4izk9k="
}, - "user": {
- "displayName": "System Administrator",
- "username": "admin@example.com",
- "usernameType": "email"
}
}Response samples
- 200
- 400
- 401
- 403
- 500
Content type
application/json
{- "action": "proceed",
- "registrationRequestOptions": {
- "attestation": "enterprise",
- "authenticatorSelection": {
- "authenticatorAttachment": "platform",
- "requireResidentKey": true,
- "residentKey": "required",
- "userVerification": "preferred"
}, - "challenge": "gUEHYYYEpkj+eNo9DOPb/17K36VT0rTUAPyM03JeoeM=",
- "excludeCredentials": [
- {
- "id": "oAjxAhjnoQXLmRRAczwPg2E/S2zVS+DKlO6WNvgH9ys=",
- "transports": [
- "usb",
- "internal"
], - "type": "public-key"
}, - {
- "id": "dqJvLVzdodYfQfKPB8zgF+rtoxNx5WUgH7kFHp8SegY=",
- "type": "public-key"
}
], - "pubKeyCredParams": [
- {
- "alg": -7,
- "type": "public-key"
}, - {
- "alg": -257,
- "type": "public-key"
}
], - "rp": {
- "id": "api.loginid.io",
- "name": "Login ID Inc."
}, - "timeout": 10000,
- "user": {
- "displayName": "System Administrator",
- "id": "5e084987-3b3d-4cd7-8b19-385f8f5e253b",
- "name": "admin"
}
}, - "session": "w5zY9tpNgePsqkTsQlNPVCR2rwUlCdhCLhVwXsN2r..."
}Response samples
- 200
- 401
- 403
- 404
- 500
Content type
application/json
[- {
- "createdAt": "2023-06-15 13:29:41 EDT",
- "credentialSynced": false,
- "id": "eb385800-d35e-4108-9b49-48010731cd37",
- "lastUsedAt": "2023-06-15 13:29:41 EDT",
- "lastUsedFrom": {
- "clientName": "Chrome",
- "clientType": "browser",
- "clientVersion": "120.0.0.0",
- "deviceId": "ab715482-4089-4818-9f79-80523d8eb3c6",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "osArch": "arm64",
- "osName": "iOS",
- "osVersion": "18.1.1"
}, - "name": "My Phone"
}, - {
- "createdAt": "2023-06-15 13:29:41 EDT",
- "credentialSynced": true,
- "id": "1b385800-d35e-4108-9b49-48010731cd37",
- "lastUsedAt": "2023-06-15 13:29:41 EDT",
- "lastUsedFrom": {
- "clientName": "Chrome",
- "clientType": "browser",
- "clientVersion": "120.0.0.0",
- "deviceId": "ab715482-4089-4818-9f79-80523d8eb3c6",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "osArch": "x86_64",
- "osName": "Darwin",
- "osVersion": "15.4.1"
}, - "name": "My Laptop"
}, - {
- "createdAt": "2023-06-15 13:29:41 EDT",
- "credentialSynced": false,
- "id": "ab385800-d35e-4108-9b49-48010731cd37",
- "name": "My Tablet"
}
]Rename passkey
Authorizations:
jwt_header_Authorization
path Parameters
| id required | string Example: 2a363a42-a397-4af0-b089-0935fc223017 Internal passkey identifier |
Request Body schema: application/jsonrequired
| name required | string Internal passkey identifier |
Responses
Request samples
- Payload
Content type
application/json
{- "name": "My iPhone SE"
}Response samples
- 400
- 401
- 403
- 404
- 500
Content type
application/json
{- "msg": "Internal error",
- "msgCode": "internal_error"
}Get AAGUID Metadata
Authorizations:
jwt_header_Authorization
path Parameters
| aaguid required | string Example: 2a363a42-a397-4af0-b089-0935fc223017 AAGUID identifier |
Responses
Response samples
- 200
- 400
- 401
- 403
- 404
- 500
Content type
application/json
{- "iconDark": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2aWV3Qm94PSIwIDAgNDggNDgiPgogIDxkZWZzPgogICAgPGxpbmVhckdyYWRpZW50IGlkPSJhIiB4MT0iMy4yMTczIiB5MT0iMTUiIHgyPSI0NC43ODEyIiB5Mj0iMTUiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KICAgICAgPHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjZDkzMDI1Ii8+CiAgICAgIDxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2VhNDMzNSIvPgogICAgPC9saW5lYXJHcmFkaWVudD4KICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iYiIgeDE9IjIwLjcyMTkiIHkxPSI0Ny42NzkxIiB4Mj0iNDEuNTAzOSIgeTI9IjExLjY4MzciIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KICAgICAgPHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjZmNjOTM0Ii8+CiAgICAgIDxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2ZiYmMwNCIvPgogICAgPC9saW5lYXJHcmFkaWVudD4KICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iYyIgeDE9IjI2LjU5ODEiIHkxPSI0Ni41MDE1IiB4Mj0iNS44MTYxIiB5Mj0iMTAuNTA2IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CiAgICAgIDxzdG9wIG9mZnNldD0iMCIgc3RvcC1jb2xvcj0iIzFlOGUzZSIvPgogICAgICA8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMzNGE4NTMiLz4KICAgIDwvbGluZWFyR3JhZGllbnQ+CiAgICAKICAgIDxwYXRoIGlkPSJwIiBkPSJNMTMuNjA4NiAzMC4wMDMxIDMuMjE4IDEyLjAwNkEyMy45OTQgMjMuOTk0IDAgMCAwIDI0LjAwMjUgNDhsMTAuMzkwNi0xNy45OTcxLS4wMDY3LS4wMDY4YTExLjk4NTIgMTEuOTg1MiAwIDAgMS0yMC43Nzc4LjAwN1oiLz4KICA8L2RlZnM+CiAgCiAgPHVzZSB4bGluazpocmVmPSIjcCIgZmlsbD0idXJsKCNhKSIgdHJhbnNmb3JtPSJyb3RhdGUoMTIwIDI0IDI0KSIvPgogIDx1c2UgeGxpbms6aHJlZj0iI3AiIGZpbGw9InVybCgjYikiIHRyYW5zZm9ybT0icm90YXRlKC0xMjAgMjQgMjQpIi8+CiAgPHVzZSB4bGluazpocmVmPSIjcCIgZmlsbD0idXJsKCNjKSIvPgogIAogIDxjaXJjbGUgY3g9IjI0IiBjeT0iMjQiIHI9IjEyIiBzdHlsZT0iZmlsbDojZmZmIi8+CiAgPGNpcmNsZSBjeD0iMjQiIGN5PSIyNCIgcj0iOS41IiBzdHlsZT0iZmlsbDojMWE3M2U4Ii8+Cjwvc3ZnPg==",
- "iconLight": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2aWV3Qm94PSIwIDAgNDggNDgiPgogIDxkZWZzPgogICAgPGxpbmVhckdyYWRpZW50IGlkPSJhIiB4MT0iMy4yMTczIiB5MT0iMTUiIHgyPSI0NC43ODEyIiB5Mj0iMTUiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KICAgICAgPHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjZDkzMDI1Ii8+CiAgICAgIDxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2VhNDMzNSIvPgogICAgPC9saW5lYXJHcmFkaWVudD4KICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iYiIgeDE9IjIwLjcyMTkiIHkxPSI0Ny42NzkxIiB4Mj0iNDEuNTAzOSIgeTI9IjExLjY4MzciIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KICAgICAgPHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjZmNjOTM0Ii8+CiAgICAgIDxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2ZiYmMwNCIvPgogICAgPC9saW5lYXJHcmFkaWVudD4KICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iYyIgeDE9IjI2LjU5ODEiIHkxPSI0Ni41MDE1IiB4Mj0iNS44MTYxIiB5Mj0iMTAuNTA2IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CiAgICAgIDxzdG9wIG9mZnNldD0iMCIgc3RvcC1jb2xvcj0iIzFlOGUzZSIvPgogICAgICA8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMzNGE4NTMiLz4KICAgIDwvbGluZWFyR3JhZGllbnQ+CiAgICAKICAgIDxwYXRoIGlkPSJwIiBkPSJNMTMuNjA4NiAzMC4wMDMxIDMuMjE4IDEyLjAwNkEyMy45OTQgMjMuOTk0IDAgMCAwIDI0LjAwMjUgNDhsMTAuMzkwNi0xNy45OTcxLS4wMDY3LS4wMDY4YTExLjk4NTIgMTEuOTg1MiAwIDAgMS0yMC43Nzc4LjAwN1oiLz4KICA8L2RlZnM+CiAgCiAgPHVzZSB4bGluazpocmVmPSIjcCIgZmlsbD0idXJsKCNhKSIgdHJhbnNmb3JtPSJyb3RhdGUoMTIwIDI0IDI0KSIvPgogIDx1c2UgeGxpbms6aHJlZj0iI3AiIGZpbGw9InVybCgjYikiIHRyYW5zZm9ybT0icm90YXRlKC0xMjAgMjQgMjQpIi8+CiAgPHVzZSB4bGluazpocmVmPSIjcCIgZmlsbD0idXJsKCNjKSIvPgogIAogIDxjaXJjbGUgY3g9IjI0IiBjeT0iMjQiIHI9IjEyIiBzdHlsZT0iZmlsbDojZmZmIi8+CiAgPGNpcmNsZSBjeD0iMjQiIGN5PSIyNCIgcj0iOS41IiBzdHlsZT0iZmlsbDojMWE3M2U4Ii8+Cjwvc3ZnPg==",
- "id": "eb385800-d35e-4108-9b49-48010731cd37",
- "name": "Thales"
}Get AAGUID Metadata
Authorizations:
apiKey_header_Authorization
path Parameters
| aaguid required | string Example: 2a363a42-a397-4af0-b089-0935fc223017 AAGUID identifier |
Responses
Response samples
- 200
- 401
- 404
- 500
Content type
application/json
{- "iconDark": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2aWV3Qm94PSIwIDAgNDggNDgiPgogIDxkZWZzPgogICAgPGxpbmVhckdyYWRpZW50IGlkPSJhIiB4MT0iMy4yMTczIiB5MT0iMTUiIHgyPSI0NC43ODEyIiB5Mj0iMTUiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KICAgICAgPHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjZDkzMDI1Ii8+CiAgICAgIDxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2VhNDMzNSIvPgogICAgPC9saW5lYXJHcmFkaWVudD4KICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iYiIgeDE9IjIwLjcyMTkiIHkxPSI0Ny42NzkxIiB4Mj0iNDEuNTAzOSIgeTI9IjExLjY4MzciIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KICAgICAgPHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjZmNjOTM0Ii8+CiAgICAgIDxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2ZiYmMwNCIvPgogICAgPC9saW5lYXJHcmFkaWVudD4KICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iYyIgeDE9IjI2LjU5ODEiIHkxPSI0Ni41MDE1IiB4Mj0iNS44MTYxIiB5Mj0iMTAuNTA2IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CiAgICAgIDxzdG9wIG9mZnNldD0iMCIgc3RvcC1jb2xvcj0iIzFlOGUzZSIvPgogICAgICA8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMzNGE4NTMiLz4KICAgIDwvbGluZWFyR3JhZGllbnQ+CiAgICAKICAgIDxwYXRoIGlkPSJwIiBkPSJNMTMuNjA4NiAzMC4wMDMxIDMuMjE4IDEyLjAwNkEyMy45OTQgMjMuOTk0IDAgMCAwIDI0LjAwMjUgNDhsMTAuMzkwNi0xNy45OTcxLS4wMDY3LS4wMDY4YTExLjk4NTIgMTEuOTg1MiAwIDAgMS0yMC43Nzc4LjAwN1oiLz4KICA8L2RlZnM+CiAgCiAgPHVzZSB4bGluazpocmVmPSIjcCIgZmlsbD0idXJsKCNhKSIgdHJhbnNmb3JtPSJyb3RhdGUoMTIwIDI0IDI0KSIvPgogIDx1c2UgeGxpbms6aHJlZj0iI3AiIGZpbGw9InVybCgjYikiIHRyYW5zZm9ybT0icm90YXRlKC0xMjAgMjQgMjQpIi8+CiAgPHVzZSB4bGluazpocmVmPSIjcCIgZmlsbD0idXJsKCNjKSIvPgogIAogIDxjaXJjbGUgY3g9IjI0IiBjeT0iMjQiIHI9IjEyIiBzdHlsZT0iZmlsbDojZmZmIi8+CiAgPGNpcmNsZSBjeD0iMjQiIGN5PSIyNCIgcj0iOS41IiBzdHlsZT0iZmlsbDojMWE3M2U4Ii8+Cjwvc3ZnPg==",
- "iconLight": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2aWV3Qm94PSIwIDAgNDggNDgiPgogIDxkZWZzPgogICAgPGxpbmVhckdyYWRpZW50IGlkPSJhIiB4MT0iMy4yMTczIiB5MT0iMTUiIHgyPSI0NC43ODEyIiB5Mj0iMTUiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KICAgICAgPHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjZDkzMDI1Ii8+CiAgICAgIDxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2VhNDMzNSIvPgogICAgPC9saW5lYXJHcmFkaWVudD4KICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iYiIgeDE9IjIwLjcyMTkiIHkxPSI0Ny42NzkxIiB4Mj0iNDEuNTAzOSIgeTI9IjExLjY4MzciIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KICAgICAgPHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjZmNjOTM0Ii8+CiAgICAgIDxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2ZiYmMwNCIvPgogICAgPC9saW5lYXJHcmFkaWVudD4KICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iYyIgeDE9IjI2LjU5ODEiIHkxPSI0Ni41MDE1IiB4Mj0iNS44MTYxIiB5Mj0iMTAuNTA2IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CiAgICAgIDxzdG9wIG9mZnNldD0iMCIgc3RvcC1jb2xvcj0iIzFlOGUzZSIvPgogICAgICA8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMzNGE4NTMiLz4KICAgIDwvbGluZWFyR3JhZGllbnQ+CiAgICAKICAgIDxwYXRoIGlkPSJwIiBkPSJNMTMuNjA4NiAzMC4wMDMxIDMuMjE4IDEyLjAwNkEyMy45OTQgMjMuOTk0IDAgMCAwIDI0LjAwMjUgNDhsMTAuMzkwNi0xNy45OTcxLS4wMDY3LS4wMDY4YTExLjk4NTIgMTEuOTg1MiAwIDAgMS0yMC43Nzc4LjAwN1oiLz4KICA8L2RlZnM+CiAgCiAgPHVzZSB4bGluazpocmVmPSIjcCIgZmlsbD0idXJsKCNhKSIgdHJhbnNmb3JtPSJyb3RhdGUoMTIwIDI0IDI0KSIvPgogIDx1c2UgeGxpbms6aHJlZj0iI3AiIGZpbGw9InVybCgjYikiIHRyYW5zZm9ybT0icm90YXRlKC0xMjAgMjQgMjQpIi8+CiAgPHVzZSB4bGluazpocmVmPSIjcCIgZmlsbD0idXJsKCNjKSIvPgogIAogIDxjaXJjbGUgY3g9IjI0IiBjeT0iMjQiIHI9IjEyIiBzdHlsZT0iZmlsbDojZmZmIi8+CiAgPGNpcmNsZSBjeD0iMjQiIGN5PSIyNCIgcj0iOS41IiBzdHlsZT0iZmlsbDojMWE3M2U4Ii8+Cjwvc3ZnPg==",
- "id": "eb385800-d35e-4108-9b49-48010731cd37",
- "name": "Thales"
}Remove AAGUIDs from blacklist
Authorizations:
apiKey_header_Authorization
Request Body schema: application/jsonrequired
| aaguids required | Array of strings List of AAGUIDs to delete from the blacklist |
Responses
Request samples
- Payload
Content type
application/json
{- "aaguids": [
- "bada5566-a7aa-401f-bd96-45619a55120d",
- "531126d6-e717-415c-9320-3d9aa6981239"
]
}Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "Internal error",
- "msgCode": "internal_error"
}Response samples
- 200
- 401
- 500
Content type
application/json
[- {
- "aaguid": "eb385800-d35e-4108-9b49-48010731cd37",
- "auth": true,
- "reg": true
}, - {
- "aaguid": "1b385800-d35e-4108-9b49-48010731cd37",
- "auth": true,
- "reg": false
}, - {
- "aaguid": "ab385800-d35e-4108-9b49-48010731cd37",
- "auth": false,
- "reg": true
}
]Add or Update AAGUIDs in the blacklist
Authorizations:
apiKey_header_Authorization
Request Body schema: application/jsonrequired
required | Array of objects (AaguidBlacklist) List of blacklist items to add/update | ||||||
Array
| |||||||
Responses
Request samples
- Payload
Content type
application/json
{- "items": [
- {
- "aaguid": "bada5566-a7aa-401f-bd96-45619a55120d",
- "auth": true,
- "reg": true
}, - {
- "aaguid": "531126d6-e717-415c-9320-3d9aa6981239",
- "auth": false,
- "reg": true
}
]
}Response samples
- 400
- 401
- 500
Content type
application/json
{- "msg": "Internal error",
- "msgCode": "internal_error"
}Get device details
Authorizations:
apiKey_header_Authorization
path Parameters
| deviceId required | string Example: 0546b8b1-b80a-4ea4-b4f6-60bf2ae314e5 Device identifier |
Responses
Response samples
- 200
- 401
- 404
- 500
Content type
application/json
{- "deviceInfo": {
- "clientName": "Chrome",
- "clientType": "browser",
- "clientVersion": "120.0.0.0",
- "deviceId": "2a363a42-a397-4af0-b089-0935fc223017",
- "hasBluetooth": true,
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "osArch": "aarch64",
- "osName": "iOS",
- "osVersion": "14.2.1",
- "screenHeight": 1080,
- "screenWidth": 1920,
- "webauthnCapabilities": "{\n \"conditionalCreate\": true,\n \"conditionalGet\": true,\n \"hybridTransport\": true,\n \"passkeyPlatformAuthenticator\": true,\n \"userVerifyingPlatformAuthenticator\": true,\n \"relatedOrigins\": true,\n \"signalAllAcceptedCredentials\": true,\n \"signalCurrentUserDetails\": true,\n \"signalUnknownCredential\": true\n}"
}, - "users": [
- {
- "userId": "3e398f0b-8cf9-4bba-8c79-f56884d656e5",
- "usernames": [
- {
- "username": "user1@example.com",
- "usernameType": "email"
}, - {
- "username": "user1+test@example.com",
- "usernameType": "email"
}
]
}, - {
- "userId": "79715132-6260-4867-986a-2b31d25ba7e2",
- "usernames": [
- {
- "username": "user2@example.com",
- "usernameType": "email"
}
]
}
]
}Discover passkey authentication options
Authorizations:
apiKey_header_Authorization
Request Body schema: application/jsonrequired
object (DeviceInfo) Information about the device. All of these attributes are optional and should be provided on best effort basis. If provide, they will be taken into consideration in order to improve user experience. | |
| securityKey | boolean Default: false Whether the authenticator is a security key |
| traceId | string A unique id for tracing all events associated with an interaction. A random ID will be generated by the system if not provided. |
required | object (User) |
| userAgent required | string Raw user-agent header as set by clients browser |
Responses
Request samples
- Payload
Content type
application/json
{- "deviceInfo": {
- "clientName": "Chrome",
- "clientType": "browser",
- "clientVersion": "120.0.0.0",
- "deviceId": "2a363a42-a397-4af0-b089-0935fc223017",
- "hasBluetooth": true,
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "osArch": "aarch64",
- "osName": "iOS",
- "osVersion": "14.2.1",
- "screenHeight": 1080,
- "screenWidth": 1920,
- "webauthnCapabilities": "{\n \"conditionalCreate\": true,\n \"conditionalGet\": true,\n \"hybridTransport\": true,\n \"passkeyPlatformAuthenticator\": true,\n \"userVerifyingPlatformAuthenticator\": true,\n \"relatedOrigins\": true,\n \"signalAllAcceptedCredentials\": true,\n \"signalCurrentUserDetails\": true,\n \"signalUnknownCredential\": true\n}"
}, - "securityKey": false,
- "traceId": "6957cf6e-a86c-44fb-b25a-bd97cb9ff830",
- "user": {
- "displayName": "System Administrator",
- "username": "admin@example.com",
- "usernameType": "email"
}, - "userAgent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
}Response samples
- 200
- 400
- 401
- 500
Content type
application/json
{- "authRequestOptions": {
- "allowCredentials": [
- {
- "id": "oAjxAhjnoQXLmRRAczwPg2E/S2zVS+DKlO6WNvgH9ys=",
- "transports": [
- "usb",
- "internal"
], - "type": "public-key"
}, - {
- "id": "dqJvLVzdodYfQfKPB8zgF+rtoxNx5WUgH7kFHp8SegY=",
- "type": "public-key"
}
], - "challenge": "gUEHYYYEpkj+eNo9DOPb/17K36VT0rTUAPyM03JeoeM=",
- "timeout": 5000,
- "userVerification": "discouraged"
}, - "lastLoginDeviceId": "efb15eb3-85bc-497a-9014-e29fb2b49bc0",
- "lastLoginTs": "2025-01-02T15:52:12Z",
- "matchResult": "PasskeyFound",
- "regRequestOptions": {
- "attestation": "enterprise",
- "authenticatorSelection": {
- "authenticatorAttachment": "platform",
- "requireResidentKey": true,
- "residentKey": "required",
- "userVerification": "preferred"
}, - "challenge": "gUEHYYYEpkj+eNo9DOPb/17K36VT0rTUAPyM03JeoeM=",
- "excludeCredentials": [
- {
- "id": "oAjxAhjnoQXLmRRAczwPg2E/S2zVS+DKlO6WNvgH9ys=",
- "transports": [
- "usb",
- "internal"
], - "type": "public-key"
}, - {
- "id": "dqJvLVzdodYfQfKPB8zgF+rtoxNx5WUgH7kFHp8SegY=",
- "type": "public-key"
}
], - "pubKeyCredParams": [
- {
- "alg": -7,
- "type": "public-key"
}, - {
- "alg": -257,
- "type": "public-key"
}
], - "rp": {
- "id": "api.loginid.io",
- "name": "Login ID Inc."
}, - "timeout": 10000,
- "user": {
- "displayName": "System Administrator",
- "id": "5e084987-3b3d-4cd7-8b19-385f8f5e253b",
- "name": "admin"
}
}, - "session": "w5zY9tpNgePsqkTsQlNPVCR2rwUlCdhCLhVwXsN2r...",
- "traceId": "6957cf6e-a86c-44fb-b25a-bd97cb9ff830",
- "userId": "OH96SFA59OQP9TG9SB23LCEE"
}Create an authorization token with requested scopes
Authorizations:
apiKey_header_Authorization
Request Body schema: application/jsonrequired
| grants required | Array of strings Items Enum: "passkey:read" "passkey:write" "profile:read" "profile:write" "reg:write" "auth:write" List of requested grants |
| username | string User identifier |
Responses
Request samples
- Payload
Content type
application/json
{- "grants": [
- "passkey:read",
- "passkey:write",
- "reg:write"
], - "username": "testUser"
}Response samples
- 200
- 400
- 401
- 500
Content type
application/json
{- "token": "oWIsYWQl6RB0cFC9jM8Hy85TmqAMyc0QqSXMsh0Fo9U="
}Create an authorization token after authenticating user in an external system
Authorizations:
apiKey_header_Authorization
Request Body schema: application/jsonrequired
| username required | string User identifier |
Responses
Request samples
- Payload
Content type
application/json
{- "username": "testUser"
}Response samples
- 200
- 400
- 401
- 500
Content type
application/json
{- "token": "oWIsYWQl6RB0cFC9jM8Hy85TmqAMyc0QqSXMsh0Fo9U="
}Get passkey details
Authorizations:
apiKey_header_Authorization
path Parameters
| passkeyId required | string Example: testUser Passkey identifier |
Responses
Response samples
- 200
- 401
- 404
- 500
Content type
application/json
{- "passkeyInfo": {
- "aaguid": "fbfc3007-154e-4ecc-8c0b-6e020557d7bd",
- "createdAt": "2023-06-15 13:29:41 EDT",
- "createdFromDeviceId": "213eb710-7b51-456a-9044-eee2dac3b268",
- "id": "861ee00b-b40d-493a-a10b-457a0d527b48",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "lastUsedFromDeviceId": "213eb710-7b51-456a-9044-eee2dac3b268",
- "name": "My Phone",
- "providerName": "iCloud Keychain"
}, - "user": {
- "userId": "3e398f0b-8cf9-4bba-8c79-f56884d656e5",
- "usernames": [
- {
- "username": "user1@example.com",
- "usernameType": "email"
}, - {
- "username": "user1+test@example.com",
- "usernameType": "email"
}
]
}
}Rename a passkey
Authorizations:
apiKey_header_Authorization
path Parameters
| passkeyId required | string Example: testUser Passkey identifier |
Request Body schema: application/jsonrequired
| passkeyName required | string New passkey name |
Responses
Request samples
- Payload
Content type
application/json
{- "passkeyName": "My favorite iCloud passkey"
}Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "Internal error",
- "msgCode": "internal_error"
}Validate JWT Access Token
Authorizations:
apiKey_header_Authorization
Request Body schema: application/jsonrequired
| jwtAccess required | string JWT access token |
Responses
Request samples
- Payload
Content type
application/json
{- "jwtAccess": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}Response samples
- 400
- 401
- 500
Content type
application/json
{- "msg": "Internal error",
- "msgCode": "internal_error"
}Permanently delete the user account and all associated devices and passkeys
Authorizations:
apiKey_header_Authorization
path Parameters
| userId required | string Example: df7c43a5-c721-4818-a68b-e1d7ff55d07c User identifier |
Responses
Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "Internal error",
- "msgCode": "internal_error"
}Permanently delete all devices associated with user account
Authorizations:
apiKey_header_Authorization
path Parameters
| userId required | string Example: df7c43a5-c721-4818-a68b-e1d7ff55d07c User identifier |
Responses
Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "Internal error",
- "msgCode": "internal_error"
}Permanently delete all passkeys associated with user account
Authorizations:
apiKey_header_Authorization
path Parameters
| userId required | string Example: df7c43a5-c721-4818-a68b-e1d7ff55d07c User identifier |
Responses
Response samples
- 400
- 401
- 404
- 500
Content type
application/json
{- "msg": "Internal error",
- "msgCode": "internal_error"
}Find user and retrieve user details
Authorizations:
apiKey_header_Authorization
query Parameters
| username required | string Example: username=testUser A username the user can be identified by |
Responses
Response samples
- 200
- 400
- 401
- 404
- 500
Content type
application/json
{- "devices": [
- {
- "createdAt": "2025-01-02T16:40:44Z",
- "deviceId": "ab715482-4089-4818-9f79-80523d8eb3c6",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "name": "iPhone SE"
}, - {
- "createdAt": "2025-01-02T16:40:44Z",
- "deviceId": "6c1762a3-96ce-4d58-a920-5ef427ef4407",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "name": "Windows 10 (x86_64)"
}
], - "passkeys": [
- {
- "aaguid": "d548826e-79b4-db40-a3d8-11116f7e8349",
- "createdAt": "2025-01-02T16:40:44Z",
- "createdFromDeviceId": "213eb710-7b51-456a-9044-eee2dac3b268",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "lastUsedFromDeviceId": "213eb710-7b51-456a-9044-eee2dac3b268",
- "name": "My Macbook",
- "passkeyId": "ab715482-4089-4818-9f79-80523d8eb3c6",
- "providerName": "Bitwarden"
}, - {
- "aaguid": "d548826e-79b4-db40-a3d8-11116f7e8349",
- "createdAt": "2025-01-02T16:40:44Z",
- "createdFromDeviceId": "9459018d-df97-4b95-860f-750763ffb943",
- "lastUsedAt": "2025-01-02T16:40:44Z",
- "lastUsedFromDeviceId": "c7c57456-8c9d-4786-a8d3-983a64cbf97f",
- "name": "My Linux Desktop",
- "passkeyId": "6c1762a3-96ce-4d58-a920-5ef427ef4407",
- "providerName": "Bitwarden"
}
], - "user": {
- "userId": "3e398f0b-8cf9-4bba-8c79-f56884d656e5",
- "usernames": [
- {
- "username": "user1@example.com",
- "usernameType": "email"
}, - {
- "username": "user1+test@example.com",
- "usernameType": "email"
}
]
}
}Response samples
- 200
- 404
- 500
Content type
application/json
{- "keys": [
- {
- "alg": "ES256",
- "crv": "P-256",
- "key_ops": [
- "verify"
], - "kid": "unique-key-id",
- "kty": "EC",
- "use": "sig",
- "x": "-a4DlQ0kMffMB1wZJSjNAA1YTVB0dXrTUGszywNy-e4",
- "y": "y5gcJVgSq7B5hr7vN1rbNaGQ3mqMN7soz5Ua1SqzWGw"
}, - {
- "alg": "ES256",
- "crv": "P-256",
- "key_ops": [
- "verify"
], - "kid": "unique-key-id",
- "kty": "EC",
- "use": "sig",
- "x": "-a4DlQ0kMffMB1wZJSjNAA1YTVB0dXrTUGszywNy-e4",
- "y": "y5gcJVgSq7B5hr7vN1rbNaGQ3mqMN7soz5Ua1SqzWGw"
}
]
}