Auth Passkey
Passkey registration/authentication methods and related origins endpoint.
Endpoints and Methods
auth.passkey.generateRegisterOptions()->GET /passkey/generate-register-optionsauth.passkey.generateAuthenticateOptions()->POST /passkey/generate-authenticate-optionsauth.passkey.verifyRegistration()->POST /passkey/verify-registrationauth.passkey.verifyAuthentication()->POST /passkey/verify-authenticationauth.passkey.listUserPasskeys()->GET /passkey/list-user-passkeysauth.passkey.deletePasskey()->POST /passkey/delete-passkeyauth.passkey.updatePasskey()->POST /passkey/update-passkeyauth.passkey.getRelatedOrigins()->GET /.well-known/webauthn
Examples
ATHENA_AUTH_BASE_URL="http://localhost:3001/api/auth"
ATHENA_AUTH_TOKEN="<bearer-token>"
# Adjust payload fields using the OpenAPI schema in this page.
# auth.passkey.generateRegisterOptions() -> GET /passkey/generate-register-options
curl -X GET "$ATHENA_AUTH_BASE_URL/passkey/generate-register-options" \
-H "authorization: Bearer $ATHENA_AUTH_TOKEN"
# auth.passkey.generateAuthenticateOptions() -> POST /passkey/generate-authenticate-options
curl -X POST "$ATHENA_AUTH_BASE_URL/passkey/generate-authenticate-options" \
-H "content-type: application/json" \
-H "authorization: Bearer $ATHENA_AUTH_TOKEN" \
-d '{"...":"See OpenAPI requestBody schema"}'
# auth.passkey.verifyRegistration() -> POST /passkey/verify-registration
curl -X POST "$ATHENA_AUTH_BASE_URL/passkey/verify-registration" \
-H "content-type: application/json" \
-H "authorization: Bearer $ATHENA_AUTH_TOKEN" \
-d '{"...":"See OpenAPI requestBody schema"}'
# auth.passkey.verifyAuthentication() -> POST /passkey/verify-authentication
curl -X POST "$ATHENA_AUTH_BASE_URL/passkey/verify-authentication" \
-H "content-type: application/json" \
-H "authorization: Bearer $ATHENA_AUTH_TOKEN" \
-d '{"...":"See OpenAPI requestBody schema"}'
# auth.passkey.listUserPasskeys() -> GET /passkey/list-user-passkeys
curl -X GET "$ATHENA_AUTH_BASE_URL/passkey/list-user-passkeys" \
-H "authorization: Bearer $ATHENA_AUTH_TOKEN"
# auth.passkey.deletePasskey() -> POST /passkey/delete-passkey
curl -X POST "$ATHENA_AUTH_BASE_URL/passkey/delete-passkey" \
-H "content-type: application/json" \
-H "authorization: Bearer $ATHENA_AUTH_TOKEN" \
-d '{"...":"See OpenAPI requestBody schema"}'
# auth.passkey.updatePasskey() -> POST /passkey/update-passkey
curl -X POST "$ATHENA_AUTH_BASE_URL/passkey/update-passkey" \
-H "content-type: application/json" \
-H "authorization: Bearer $ATHENA_AUTH_TOKEN" \
-d '{"...":"See OpenAPI requestBody schema"}'
# auth.passkey.getRelatedOrigins() -> GET /.well-known/webauthn
curl -X GET "$ATHENA_AUTH_BASE_URL/.well-known/webauthn" \
-H "authorization: Bearer $ATHENA_AUTH_TOKEN"use reqwest::Client;
use serde_json::json;
let base_url = "http://localhost:3001/api/auth";
let token = "<bearer-token>";
let http = Client::new();
// Adjust payload fields using the OpenAPI schema in this page.
// auth.passkey.generateRegisterOptions() -> GET /passkey/generate-register-options
let response = http
.get(format!("{base_url}/passkey/generate-register-options"))
.bearer_auth(token)
.send()
.await?;
let _ = response.error_for_status()?;
// auth.passkey.generateAuthenticateOptions() -> POST /passkey/generate-authenticate-options
let response = http
.post(format!("{base_url}/passkey/generate-authenticate-options"))
.bearer_auth(token)
.json(&json!({
"...": "See OpenAPI requestBody schema"
}))
.send()
.await?;
let _ = response.error_for_status()?;
// auth.passkey.verifyRegistration() -> POST /passkey/verify-registration
let response = http
.post(format!("{base_url}/passkey/verify-registration"))
.bearer_auth(token)
.json(&json!({
"...": "See OpenAPI requestBody schema"
}))
.send()
.await?;
let _ = response.error_for_status()?;
// auth.passkey.verifyAuthentication() -> POST /passkey/verify-authentication
let response = http
.post(format!("{base_url}/passkey/verify-authentication"))
.bearer_auth(token)
.json(&json!({
"...": "See OpenAPI requestBody schema"
}))
.send()
.await?;
let _ = response.error_for_status()?;
// auth.passkey.listUserPasskeys() -> GET /passkey/list-user-passkeys
let response = http
.get(format!("{base_url}/passkey/list-user-passkeys"))
.bearer_auth(token)
.send()
.await?;
let _ = response.error_for_status()?;
// auth.passkey.deletePasskey() -> POST /passkey/delete-passkey
let response = http
.post(format!("{base_url}/passkey/delete-passkey"))
.bearer_auth(token)
.json(&json!({
"...": "See OpenAPI requestBody schema"
}))
.send()
.await?;
let _ = response.error_for_status()?;
// auth.passkey.updatePasskey() -> POST /passkey/update-passkey
let response = http
.post(format!("{base_url}/passkey/update-passkey"))
.bearer_auth(token)
.json(&json!({
"...": "See OpenAPI requestBody schema"
}))
.send()
.await?;
let _ = response.error_for_status()?;
// auth.passkey.getRelatedOrigins() -> GET /.well-known/webauthn
let response = http
.get(format!("{base_url}/.well-known/webauthn"))
.bearer_auth(token)
.send()
.await?;
let _ = response.error_for_status()?;import { client } from "./auth-client"
await client.auth.passkey.generateRegisterOptions()
await client.auth.passkey.generateAuthenticateOptions()
await client.auth.passkey.verifyRegistration({
response: "webauthn-registration-response",
})
await client.auth.passkey.verifyAuthentication({
response: "webauthn-authentication-response",
})
await client.auth.passkey.listUserPasskeys()
await client.auth.passkey.deletePasskey({ id: "passkey_id" })
await client.auth.passkey.updatePasskey({
id: "passkey_id",
name: "My Laptop Passkey",
})
await client.auth.passkey.getRelatedOrigins()OpenAPI Contract
Authorization
bearerAuth AuthorizationBearer <token>
Bearer token authentication
In: header
Response Body
application/json
application/json
application/json
application/json
application/json
application/json
application/json
curl -X GET "http://localhost:3001/api/auth/passkey/generate-register-options"{
"challenge": "string",
"rp": {
"name": "string",
"id": "string"
},
"user": {
"id": "string",
"name": "string",
"displayName": "string"
},
"pubKeyCredParams": [
{
"type": "string",
"alg": 0
}
],
"timeout": 0,
"excludeCredentials": [
{
"id": "string",
"type": "string",
"transports": [
"string"
]
}
],
"authenticatorSelection": {
"authenticatorAttachment": "string",
"requireResidentKey": true,
"userVerification": "string"
},
"attestation": "string",
"extensions": {}
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}Authorization
bearerAuth AuthorizationBearer <token>
Bearer token authentication
In: header
Response Body
application/json
application/json
application/json
application/json
application/json
application/json
application/json
curl -X POST "http://localhost:3001/api/auth/passkey/generate-authenticate-options"{
"challenge": "string",
"rp": {
"name": "string",
"id": "string"
},
"user": {
"id": "string",
"name": "string",
"displayName": "string"
},
"timeout": 0,
"allowCredentials": [
{
"id": "string",
"type": "string",
"transports": [
"string"
]
}
],
"userVerification": "string",
"authenticatorSelection": {
"authenticatorAttachment": "string",
"requireResidentKey": true,
"userVerification": "string"
},
"extensions": {}
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}Authorization
bearerAuth AuthorizationBearer <token>
Bearer token authentication
In: header
Request Body
application/json
response*string
The response from the authenticator
name?string
Name of the passkey
Response Body
application/json
application/json
application/json
application/json
application/json
application/json
curl -X POST "http://localhost:3001/api/auth/passkey/verify-registration" \ -H "Content-Type: application/json" \ -d '{ "response": "string" }'{
"id": "string",
"name": "string",
"publicKey": "string",
"userId": "string",
"credentialID": "string",
"counter": 0,
"deviceType": "string",
"backedUp": true,
"transports": "string",
"createdAt": null
}Empty
{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}Authorization
bearerAuth AuthorizationBearer <token>
Bearer token authentication
In: header
Request Body
application/json
response*string
Response Body
application/json
application/json
application/json
application/json
application/json
application/json
application/json
curl -X POST "http://localhost:3001/api/auth/passkey/verify-authentication" \ -H "Content-Type: application/json" \ -d '{ "response": "string" }'{
"session": {
"id": "string",
"expiresAt": null,
"token": "string",
"createdAt": null,
"updatedAt": null,
"ipAddress": "string",
"userAgent": "string",
"userId": "string",
"impersonatedBy": "string",
"activeOrganizationId": "string"
},
"user": {
"id": "string",
"name": "string",
"email": "string",
"emailVerified": true,
"image": "string",
"createdAt": null,
"updatedAt": null,
"username": "string",
"displayUsername": "string",
"twoFactorEnabled": true,
"role": "string",
"banned": true,
"banReason": "string",
"banExpires": null
}
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}Authorization
bearerAuth AuthorizationBearer <token>
Bearer token authentication
In: header
Response Body
application/json
application/json
application/json
application/json
application/json
application/json
application/json
curl -X GET "http://localhost:3001/api/auth/passkey/list-user-passkeys"[
{
"id": "string",
"name": "string",
"publicKey": "string",
"userId": "string",
"credentialID": "string",
"counter": 0,
"deviceType": "string",
"backedUp": true,
"transports": "string",
"createdAt": null
}
]{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}Authorization
bearerAuth AuthorizationBearer <token>
Bearer token authentication
In: header
Request Body
application/json
id*string
Response Body
application/json
application/json
application/json
application/json
application/json
application/json
application/json
curl -X POST "http://localhost:3001/api/auth/passkey/delete-passkey" \ -H "Content-Type: application/json" \ -d '{ "id": "string" }'{
"status": true
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}Authorization
bearerAuth AuthorizationBearer <token>
Bearer token authentication
In: header
Request Body
application/json
id*string
name*string
Response Body
application/json
application/json
application/json
application/json
application/json
application/json
application/json
curl -X POST "http://localhost:3001/api/auth/passkey/update-passkey" \ -H "Content-Type: application/json" \ -d '{ "id": "string", "name": "string" }'{
"passkey": {
"id": "string",
"name": "string",
"publicKey": "string",
"userId": "string",
"credentialID": "string",
"counter": 0,
"deviceType": "string",
"backedUp": true,
"transports": "string",
"createdAt": null
}
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}{
"message": "string"
}Authorization
apiKeyCookie bearerAuth apiKeyCookie<token>
API Key authentication via cookie
In: cookie
AuthorizationBearer <token>
Bearer token authentication
In: header
Response Body
application/json
application/json
curl -X GET "http://localhost:3001/api/auth/.well-known/webauthn"{
"origins": [
"string"
]
}{
"message": "string"
}