Getting started

1. Set up your Corbado account

Sign up for a free Corbado account.
After successful account creation, the Corbado developer panel opens and a wizard that helps you for basic setup guides you through some high-level questions.
In the developer panel, you can manage all projects. Please check out "Getting started" - "Integration guides" that help you with the successful setup of your project.
Developer panel

2. Get project ID

If you create an account in the Corbado developer panel, a project with corresponding project ID is automatically created.
The project ID can be retrieved in the upper right corner of the screen or in the section "Settings" - "General" - "Project info".

3. Create an API secret

Communication with Corbado's Backend API requires API secrets. Any request to the Backend API that doesn't include an API secret will return an error.
You can generate an API secret from the developer panel at any time at "Settings" - "Credentials" - "API secrets".
Be aware that API secrets are only visible once and afterwards masked due to security reasons. If you lost an API secret, you need to create a new one.
API secrets
API secrets are sensitive information that must be protected at all costs to avoid potential attacks
  • Never embed an API secret directly into your code. Version control systems, such as GitHub, would upload them to public repositories. Implement the configuration via environment variables or files that are outside the version control system instead.
  • If you do not need an API secret any longer, try to delete them in order to minimize the risk of attacks.

4. Define authorized origins

Please define the authorized origins of your application in "Settings" - "General" - "Authorized origins". You need to specify each origin that communicates with Corbado in a separate row.
The origin is the address of your website or application where you integrate Corbado and that the user sees in the browser (the browser URL).
You need to provide the protocol (e.g. https) and port (if it's different than 80 for http or 443 for https). The path should be empty (thus no trailing "/"), e.g.:
  • http://localhost:8080 for an application running on localhost
  • for a live application
If you want to integrate your existing users and want to test locally, please check the Corbado CLI.
Authorized origins

Google Chrome Virtual Authenticator

As a developer it might be helpful to use the Google Chrome WebAuthn emulator. It allows you to test the WebAuthn API with a virtual authenticator if your hardware does not offer any biometric scanners:

5. Integrate your app type

Based on your app type, decide which integration suits you best: