Getting started

After successful account creation, the Corbado developer panel opens and a wizard that helps you for basic setup guides you through some high-level questions.
In the developer panel, you can manage all projects. Please check out "Getting started" - "Integration guides" that help you with the successful setup of your project.

Developer panel
If you create an account in the Corbado developer panel, a project with corresponding project ID is automatically created.
The project ID can be retrieved in the upper right corner of the screen or in the section "Settings" - "General" - "Project info".

Communication with Corbado's Backend API requires API secrets. Any request to the Backend API that doesn't include an API secret will return an error.
You can generate an API secret from the developer panel at any time at "Settings" - "Credentials" - "API secrets".
Be aware that API secrets are only visible once and afterwards masked due to security reasons. If you lost an API secret, you need to create a new one.

API secrets
API secrets are sensitive information that must be protected at all costs to avoid potential attacks
- Never embed an API secret directly into your code. Version control systems, such as GitHub, would upload them to public repositories. Implement the configuration via environment variables or files that are outside the version control system instead.
- If you do not need an API secret any longer, try to delete them in order to minimize the risk of attacks.
Please define the authorized origins of your application in "Settings" - "General" - "Authorized origins". You need to specify each origin that communicates with Corbado in a separate row.
The origin is the address of your website or application where you integrate Corbado and that the user sees in the browser (the browser URL).
You need to provide the protocol (e.g. https) and port (if it's different than 80 for http or 443 for https). The path should be empty (thus no trailing "/"), e.g.:
http://localhost:8080
for an application running on localhosthttps://www.my-application.com
for a live application
If you want to integrate your existing users and want to test locally, please check the Corbado CLI.

Authorized origins
As a developer it might be helpful to use the Google Chrome WebAuthn emulator. It allows you to test the WebAuthn API with a virtual authenticator if your hardware does not offer any biometric scanners:
Based on your app type, decide which integration suits you best:
Last modified 25d ago