Learn what a connect token is, why it’s needed, and how it’s used to secure passkey management actions in your application.
/v2/connectTokens
endpoint (see API Reference). This call identifies the user (for example, through a customerIdentifier
) and specifies the intended action ("passkey-append"
, "passkey-list"
, or "passkey-delete"
).ctk1_sxmexzS7RFBaJSA4V4kBFPs45bkxMK
). This token tells the Corbado Web UI Component or SDK method precisely which user and action it is authorized for (e.g., “create a new passkey for user 123”).