Getting started

1.​Set up your Corbado account​
2.​Get project ID​
3.​Create an API secret​
4.​Define authorized origins​
5.​Choose integration mode​
1. Set up your Corbado account
​Sign up for a free Corbado account. 
​
​
After successful account creation, the Corbado developer panel opens. Here, you can manage all projects.
Developer panel
2. Get project ID
If you create an account in the Corbado developer panel, a project with corresponding project ID is automatically created.
The project ID can be retrieved in the upper right corner of the screen or in the section "Settings" - "General" - "Project info".
​
​
3. Create an API secret
Communication with Corbado requires API secrets. Any request that doesn't include an API secret will return an error.
You can generate an API secret from the developer panel at any time at "Settings" - "Credentials" - "API secrets".
Be aware that API secrets are only visible once and afterwards masked due to security reasons. If you lost an API secret, you need to create a new one.
API secrets
API secrets are sensitive information that must be protected at all costs to avoid potential attacks
Never embed an API secret directly into your code. Version control systems, such as GitHub, would upload them to public repositories. Implement the configuration via environment variables or files that are outside the version control system instead.
If you do not need an API secret any longer, try to delete them in order to minimize the risk of attacks.
4. Define authorized origins
Please define the authorized origins of your application in "Settings" - "Credentials" - "Authorized origins". You need to specify each origin that communicates with Corbado in a separate row.
The origin is the address of your website or application where you integrate Corbado and that the user sees in the browser (the browser URL). 
You need to provide the protocol (e.g. https) and port (if it's different than 80 for http or 443 for https). The path should be empty (thus no trailing "/"), e.g.:
http://localhost:8080 for an application running on localhost
https://www.my-application.com for a live application
"Widget" is automatically created with the hosted page URL as authorized origin. Do NOT delete this entry as it is required!
If you want to integrate your existing users and want to test locally, please check the Corbado CLI.
Authorized origins
Google Chrome Virtual Authenticator
As a developer it might be helpful to use the Google Chrome WebAuthn emulator. It allows you to test the WebAuthn API with a virtual authenticator if your hardware does not offer any biometric scanners:
5. Choose integration mode
Decide for an integration mode (you can always switch later or use them in parallel):
1.​Hosted page​
Standalone authentication
Redirected to hosted page
Integrate in <1 hour
2.​Web component​
Pre-built UX & intelligence
Embedded in frontend
Integrate in <3 hours
3.​API-only​
Own UI & flows
Implemented in backend
Integrate in <1 day

Last modified 1mo ago