Skip to main content
POST
/
passkey
/
append
/
start
Start creating a new passkey
curl --request POST \
  --url https://backendapi.corbado.io/v2/passkey/append/start \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "userID": "<string>",
  "processID": "<string>",
  "username": "<string>",
  "clientInformation": {
    "remoteAddress": "::ffff:172.18.0.1",
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36",
    "userVerifyingPlatformAuthenticatorAvailable": true,
    "conditionalMediationAvailable": true,
    "clientCapabilities": {
      "conditionalCreate": true,
      "conditionalMediation": true,
      "hybridTransport": true,
      "passkeyPlatformAuthenticator": true,
      "userVerifyingPlatformAuthenticator": true
    },
    "parsedDeviceInfo": {
      "browserName": "<string>",
      "browserVersion": "<string>",
      "osName": "<string>",
      "osVersion": "<string>"
    },
    "clientEnvHandle": "<string>",
    "javascriptFingerprint": "<string>",
    "bluetoothAvailable": true,
    "passwordManagerAvailable": true,
    "privateMode": true
  },
  "passkeyIntelFlags": {
    "forcePasskeyAppend": true,
    "askForAutoAppend": true,
    "askForConditionalCreate": true,
    "askForInAppAppend": "<string>"
  },
  "situation": "<string>"
}
'
import requests

url = "https://backendapi.corbado.io/v2/passkey/append/start"

payload = {
"userID": "<string>",
"processID": "<string>",
"username": "<string>",
"clientInformation": {
"remoteAddress": "::ffff:172.18.0.1",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36",
"userVerifyingPlatformAuthenticatorAvailable": True,
"conditionalMediationAvailable": True,
"clientCapabilities": {
"conditionalCreate": True,
"conditionalMediation": True,
"hybridTransport": True,
"passkeyPlatformAuthenticator": True,
"userVerifyingPlatformAuthenticator": True
},
"parsedDeviceInfo": {
"browserName": "<string>",
"browserVersion": "<string>",
"osName": "<string>",
"osVersion": "<string>"
},
"clientEnvHandle": "<string>",
"javascriptFingerprint": "<string>",
"bluetoothAvailable": True,
"passwordManagerAvailable": True,
"privateMode": True
},
"passkeyIntelFlags": {
"forcePasskeyAppend": True,
"askForAutoAppend": True,
"askForConditionalCreate": True,
"askForInAppAppend": "<string>"
},
"situation": "<string>"
}
headers = {
"Authorization": "Basic <encoded-value>",
"Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'POST',
headers: {Authorization: 'Basic <encoded-value>', 'Content-Type': 'application/json'},
body: JSON.stringify({
userID: '<string>',
processID: '<string>',
username: '<string>',
clientInformation: {
remoteAddress: '::ffff:172.18.0.1',
userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36',
userVerifyingPlatformAuthenticatorAvailable: true,
conditionalMediationAvailable: true,
clientCapabilities: {
conditionalCreate: true,
conditionalMediation: true,
hybridTransport: true,
passkeyPlatformAuthenticator: true,
userVerifyingPlatformAuthenticator: true
},
parsedDeviceInfo: {
browserName: '<string>',
browserVersion: '<string>',
osName: '<string>',
osVersion: '<string>'
},
clientEnvHandle: '<string>',
javascriptFingerprint: '<string>',
bluetoothAvailable: true,
passwordManagerAvailable: true,
privateMode: true
},
passkeyIntelFlags: {
forcePasskeyAppend: true,
askForAutoAppend: true,
askForConditionalCreate: true,
askForInAppAppend: '<string>'
},
situation: '<string>'
})
};

fetch('https://backendapi.corbado.io/v2/passkey/append/start', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://backendapi.corbado.io/v2/passkey/append/start",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'userID' => '<string>',
'processID' => '<string>',
'username' => '<string>',
'clientInformation' => [
'remoteAddress' => '::ffff:172.18.0.1',
'userAgent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36',
'userVerifyingPlatformAuthenticatorAvailable' => true,
'conditionalMediationAvailable' => true,
'clientCapabilities' => [
'conditionalCreate' => true,
'conditionalMediation' => true,
'hybridTransport' => true,
'passkeyPlatformAuthenticator' => true,
'userVerifyingPlatformAuthenticator' => true
],
'parsedDeviceInfo' => [
'browserName' => '<string>',
'browserVersion' => '<string>',
'osName' => '<string>',
'osVersion' => '<string>'
],
'clientEnvHandle' => '<string>',
'javascriptFingerprint' => '<string>',
'bluetoothAvailable' => true,
'passwordManagerAvailable' => true,
'privateMode' => true
],
'passkeyIntelFlags' => [
'forcePasskeyAppend' => true,
'askForAutoAppend' => true,
'askForConditionalCreate' => true,
'askForInAppAppend' => '<string>'
],
'situation' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Basic <encoded-value>",
"Content-Type: application/json"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "https://backendapi.corbado.io/v2/passkey/append/start"

payload := strings.NewReader("{\n \"userID\": \"<string>\",\n \"processID\": \"<string>\",\n \"username\": \"<string>\",\n \"clientInformation\": {\n \"remoteAddress\": \"::ffff:172.18.0.1\",\n \"userAgent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36\",\n \"userVerifyingPlatformAuthenticatorAvailable\": true,\n \"conditionalMediationAvailable\": true,\n \"clientCapabilities\": {\n \"conditionalCreate\": true,\n \"conditionalMediation\": true,\n \"hybridTransport\": true,\n \"passkeyPlatformAuthenticator\": true,\n \"userVerifyingPlatformAuthenticator\": true\n },\n \"parsedDeviceInfo\": {\n \"browserName\": \"<string>\",\n \"browserVersion\": \"<string>\",\n \"osName\": \"<string>\",\n \"osVersion\": \"<string>\"\n },\n \"clientEnvHandle\": \"<string>\",\n \"javascriptFingerprint\": \"<string>\",\n \"bluetoothAvailable\": true,\n \"passwordManagerAvailable\": true,\n \"privateMode\": true\n },\n \"passkeyIntelFlags\": {\n \"forcePasskeyAppend\": true,\n \"askForAutoAppend\": true,\n \"askForConditionalCreate\": true,\n \"askForInAppAppend\": \"<string>\"\n },\n \"situation\": \"<string>\"\n}")

req, _ := http.NewRequest("POST", url, payload)

req.Header.Add("Authorization", "Basic <encoded-value>")
req.Header.Add("Content-Type", "application/json")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("https://backendapi.corbado.io/v2/passkey/append/start")
.header("Authorization", "Basic <encoded-value>")
.header("Content-Type", "application/json")
.body("{\n \"userID\": \"<string>\",\n \"processID\": \"<string>\",\n \"username\": \"<string>\",\n \"clientInformation\": {\n \"remoteAddress\": \"::ffff:172.18.0.1\",\n \"userAgent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36\",\n \"userVerifyingPlatformAuthenticatorAvailable\": true,\n \"conditionalMediationAvailable\": true,\n \"clientCapabilities\": {\n \"conditionalCreate\": true,\n \"conditionalMediation\": true,\n \"hybridTransport\": true,\n \"passkeyPlatformAuthenticator\": true,\n \"userVerifyingPlatformAuthenticator\": true\n },\n \"parsedDeviceInfo\": {\n \"browserName\": \"<string>\",\n \"browserVersion\": \"<string>\",\n \"osName\": \"<string>\",\n \"osVersion\": \"<string>\"\n },\n \"clientEnvHandle\": \"<string>\",\n \"javascriptFingerprint\": \"<string>\",\n \"bluetoothAvailable\": true,\n \"passwordManagerAvailable\": true,\n \"privateMode\": true\n },\n \"passkeyIntelFlags\": {\n \"forcePasskeyAppend\": true,\n \"askForAutoAppend\": true,\n \"askForConditionalCreate\": true,\n \"askForInAppAppend\": \"<string>\"\n },\n \"situation\": \"<string>\"\n}")
.asString();
require 'uri'
require 'net/http'

url = URI("https://backendapi.corbado.io/v2/passkey/append/start")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Basic <encoded-value>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"userID\": \"<string>\",\n \"processID\": \"<string>\",\n \"username\": \"<string>\",\n \"clientInformation\": {\n \"remoteAddress\": \"::ffff:172.18.0.1\",\n \"userAgent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36\",\n \"userVerifyingPlatformAuthenticatorAvailable\": true,\n \"conditionalMediationAvailable\": true,\n \"clientCapabilities\": {\n \"conditionalCreate\": true,\n \"conditionalMediation\": true,\n \"hybridTransport\": true,\n \"passkeyPlatformAuthenticator\": true,\n \"userVerifyingPlatformAuthenticator\": true\n },\n \"parsedDeviceInfo\": {\n \"browserName\": \"<string>\",\n \"browserVersion\": \"<string>\",\n \"osName\": \"<string>\",\n \"osVersion\": \"<string>\"\n },\n \"clientEnvHandle\": \"<string>\",\n \"javascriptFingerprint\": \"<string>\",\n \"bluetoothAvailable\": true,\n \"passwordManagerAvailable\": true,\n \"privateMode\": true\n },\n \"passkeyIntelFlags\": {\n \"forcePasskeyAppend\": true,\n \"askForAutoAppend\": true,\n \"askForConditionalCreate\": true,\n \"askForInAppAppend\": \"<string>\"\n },\n \"situation\": \"<string>\"\n}"

response = http.request(request)
puts response.read_body
{
  "appendAllow": true,
  "attestationOptions": "{\"publicKey\":{\"challenge\":\"2m6...0w9/MgW...KE=\",\"rp\":{\"name\":\"demo\",\"id\":\"localhost\"},\"user\":{\"name\":\"example@mail.com\",\"id\":\"dXN...zk5\"},\"pubKeyCredParams\":[{\"type\":\"public-key\",\"alg\":-7},{\"type\":\"public-key\",\"alg\":-35},{\"type\":\"public-key\",\"alg\":-36},{\"type\":\"public-key\",\"alg\":-257},{\"type\":\"public-key\",\"alg\":-258},{\"type\":\"public-key\",\"alg\":-259},{\"type\":\"public-key\",\"alg\":-37},{\"type\":\"public-key\",\"alg\":-38},{\"type\":\"public-key\",\"alg\":-39},{\"type\":\"public-key\",\"alg\":-8}],\"authenticatorSelection\":{\"authenticatorAttachment\":\"platform\",\"requireResidentKey\":false,\"userVerification\":\"required\"},\"timeout\":60000,\"attestation\":\"none\"}}",
  "detectionInsights": {
    "tags": [
      {
        "name": "<string>"
      }
    ],
    "credentialIds": [
      "<string>"
    ],
    "clientEnvIds": [
      "<string>"
    ],
    "passwordManagerIds": [
      "<string>"
    ],
    "historyData": {
      "defaultCount": 123,
      "afterErrorCount": 123,
      "afterHybridCount": 123,
      "autoCount": 123,
      "defaultCooldown": true,
      "afterErrorCooldown": true,
      "afterHybridCooldown": true,
      "autoCooldown": true,
      "conditionalCreateCooldown": true,
      "inAppCooldown": true
    }
  },
  "decisionInsights": {
    "isRestrictedBrowser": true,
    "auto": true,
    "conditional": true,
    "customData": {}
  }
}
{
"httpStatusCode": 123,
"message": "OK",
"requestData": {
"requestID": "req-557...663",
"link": "https://my.corbado.com/requests/req-xxxxxxxxxxxxxxxxxxx"
},
"runtime": 0.06167686,
"error": {
"type": "<string>",
"details": "<string>",
"validation": [
{
"field": "<string>",
"message": "<string>"
}
],
"links": [
"<string>"
]
},
"data": {}
}

Authorizations

Authorization
string
header
required

Basic authentication is used to authenticate requests to the Backend API. The username is the project ID and the password is the API secret.

The project ID and API secret can be found in the Developer Panel.

Body

application/json
userID
string
required

ID of the user

processID
string
required
username
string
required
clientInformation
object
required
passkeyIntelFlags
object
required
situation
string
required

Response

Passkey creation process has been started.

appendAllow
boolean
required
attestationOptions
string
required
Example:

"{\"publicKey\":{\"challenge\":\"2m6...0w9/MgW...KE=\",\"rp\":{\"name\":\"demo\",\"id\":\"localhost\"},\"user\":{\"name\":\"example@mail.com\",\"id\":\"dXN...zk5\"},\"pubKeyCredParams\":[{\"type\":\"public-key\",\"alg\":-7},{\"type\":\"public-key\",\"alg\":-35},{\"type\":\"public-key\",\"alg\":-36},{\"type\":\"public-key\",\"alg\":-257},{\"type\":\"public-key\",\"alg\":-258},{\"type\":\"public-key\",\"alg\":-259},{\"type\":\"public-key\",\"alg\":-37},{\"type\":\"public-key\",\"alg\":-38},{\"type\":\"public-key\",\"alg\":-39},{\"type\":\"public-key\",\"alg\":-8}],\"authenticatorSelection\":{\"authenticatorAttachment\":\"platform\",\"requireResidentKey\":false,\"userVerification\":\"required\"},\"timeout\":60000,\"attestation\":\"none\"}}"

detectionInsights
object
required
decisionInsights
object
required