After successful account creation, the Corbado developer panel opens and a wizard that helps you for basic setup guides you through some high-level questions.
If you create an account in the Corbado developer panel, a project with corresponding project ID is automatically created.
Be aware that API secrets are only visible once and afterwards masked due to security reasons. If you lost an API secret, you need to create a new one.
API secrets are sensitive information that must be protected at all costs to avoid potential attacks
- Never embed an API secret directly into your code. Version control systems, such as GitHub, would upload them to public repositories. Implement the configuration via environment variables or files that are outside the version control system instead.
- If you do not need an API secret any longer, try to delete them in order to minimize the risk of attacks.
You need to provide the protocol (e.g. https) and port (if it's different than 80 for http or 443 for https). The path should be empty (thus no trailing "/"), e.g.:
http://localhost:8080for an application running on localhost
https://www.my-application.comfor a live application
As a developer it might be helpful to use the Google Chrome WebAuthn emulator. It allows you to test the WebAuthn API with a virtual authenticator if your hardware does not offer any biometric scanners:
Based on your app type, decide which integration suits you best: