API Reference
Frontend API
- Configs
- Users
- GETRetrieve current user
- DELDelete current user
- PATCHUpdate current User
- GETList all user passkeys
- POSTStart passkey append
- POSTFinish passkey append
- DELDelete user passkey
- POSTRefresh user session
- POSTLogout user
- POSTCreate login identifier
- DELDelete login identifier
- PATCHUpdate login identifier
- POSTStart login identifier verification
- POSTFinish login identifier verification
- GET
- Auth
- CorbadoConnect
Backend API
- Users
- Challenges
- Identifiers
- PasskeyEvents
- PasskeyChallenges
- ConnectTokens
- Sessions
- Passkeys
Start passkey append
Copy
Ask AI
curl --request POST \
--url https://{projectId}.frontendapi.corbado.io/v2/me/passkeys/append/start \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{
"clientInformation": {
"bluetoothAvailable": true,
"clientEnvHandle": "<string>",
"visitorId": "<string>",
"canUsePasskeys": true,
"isUserVerifyingPlatformAuthenticatorAvailable": true,
"isConditionalMediationAvailable": true,
"clientCapabilities": {
"conditionalCreate": true,
"conditionalMediation": true,
"hybridTransport": true,
"passkeyPlatformAuthenticator": true,
"userVerifyingPlatformAuthenticator": true
},
"javaScriptHighEntropy": {
"platform": "<string>",
"platformVersion": "<string>",
"mobile": true
},
"isNative": true,
"webdriver": true,
"privateMode": true,
"clientEnvHandleMeta": {
"ts": 123,
"source": "ls"
},
"nativeMeta": {
"platform": "<string>",
"platformVersion": "<string>",
"name": "<string>",
"version": "<string>",
"displayName": "<string>",
"build": "<string>",
"deviceOwnerAuth": "none",
"isBluetoothAvailable": true,
"isBluetoothOn": true,
"isGooglePlayServices": true,
"isDeviceSecure": true,
"error": "<string>"
}
}
}'Copy
Ask AI
{
"newClientEnvHandle": "<string>",
"appendNotAllowedReason": "passkey_already_exists",
"attestationOptions": "{\"publicKey\":{\"challenge\":\"2m6...0w9/MgW...KE=\",\"rp\":{\"name\":\"demo\",\"id\":\"localhost\"},\"user\":{\"name\":\"example@mail.com\",\"id\":\"dXN...zk5\"},\"pubKeyCredParams\":[{\"type\":\"public-key\",\"alg\":-7},{\"type\":\"public-key\",\"alg\":-35},{\"type\":\"public-key\",\"alg\":-36},{\"type\":\"public-key\",\"alg\":-257},{\"type\":\"public-key\",\"alg\":-258},{\"type\":\"public-key\",\"alg\":-259},{\"type\":\"public-key\",\"alg\":-37},{\"type\":\"public-key\",\"alg\":-38},{\"type\":\"public-key\",\"alg\":-39},{\"type\":\"public-key\",\"alg\":-8}],\"authenticatorSelection\":{\"authenticatorAttachment\":\"platform\",\"requireResidentKey\":false,\"userVerification\":\"required\"},\"timeout\":60000,\"attestation\":\"none\"}}"
}Users
Start passkey append
Starts passkey append for currently logged in user.
POST
/
v2
/
me
/
passkeys
/
append
/
start
Start passkey append
Copy
Ask AI
curl --request POST \
--url https://{projectId}.frontendapi.corbado.io/v2/me/passkeys/append/start \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{
"clientInformation": {
"bluetoothAvailable": true,
"clientEnvHandle": "<string>",
"visitorId": "<string>",
"canUsePasskeys": true,
"isUserVerifyingPlatformAuthenticatorAvailable": true,
"isConditionalMediationAvailable": true,
"clientCapabilities": {
"conditionalCreate": true,
"conditionalMediation": true,
"hybridTransport": true,
"passkeyPlatformAuthenticator": true,
"userVerifyingPlatformAuthenticator": true
},
"javaScriptHighEntropy": {
"platform": "<string>",
"platformVersion": "<string>",
"mobile": true
},
"isNative": true,
"webdriver": true,
"privateMode": true,
"clientEnvHandleMeta": {
"ts": 123,
"source": "ls"
},
"nativeMeta": {
"platform": "<string>",
"platformVersion": "<string>",
"name": "<string>",
"version": "<string>",
"displayName": "<string>",
"build": "<string>",
"deviceOwnerAuth": "none",
"isBluetoothAvailable": true,
"isBluetoothOn": true,
"isGooglePlayServices": true,
"isDeviceSecure": true,
"error": "<string>"
}
}
}'Copy
Ask AI
{
"newClientEnvHandle": "<string>",
"appendNotAllowedReason": "passkey_already_exists",
"attestationOptions": "{\"publicKey\":{\"challenge\":\"2m6...0w9/MgW...KE=\",\"rp\":{\"name\":\"demo\",\"id\":\"localhost\"},\"user\":{\"name\":\"example@mail.com\",\"id\":\"dXN...zk5\"},\"pubKeyCredParams\":[{\"type\":\"public-key\",\"alg\":-7},{\"type\":\"public-key\",\"alg\":-35},{\"type\":\"public-key\",\"alg\":-36},{\"type\":\"public-key\",\"alg\":-257},{\"type\":\"public-key\",\"alg\":-258},{\"type\":\"public-key\",\"alg\":-259},{\"type\":\"public-key\",\"alg\":-37},{\"type\":\"public-key\",\"alg\":-38},{\"type\":\"public-key\",\"alg\":-39},{\"type\":\"public-key\",\"alg\":-8}],\"authenticatorSelection\":{\"authenticatorAttachment\":\"platform\",\"requireResidentKey\":false,\"userVerification\":\"required\"},\"timeout\":60000,\"attestation\":\"none\"}}"
}Authorizations
After a user logs in successfully, a session is created and a JWT token is returned.
This token represents the user's authenticated session.
It must be included in the Authorization header as a Bearer token for all protected endpoints:
Authorization: Bearer <your-token>
The server will validate this token to authorize access.
Body
application/json
Response
200 - application/json
tbd
The response is of type object.
Was this page helpful?
Assistant
Responses are generated using AI and may contain mistakes.