Skip to main content

Start the registration of passkey for a user​

Start the registration of a passkey for a user, as a response the public key credential creation options are returned, which are used to verify the passkey.

Path Parameters
    userId string required
Request Body required
    code object

    "one time code generated by ZITADEL; required to start the passkey registration without user authentication"

    id string required

    Possible values: <= 200 characters

    "id to the one time code generated by ZITADEL"

    code string required

    Possible values: <= 200 characters

    "one time code generated by ZITADEL"

    authenticator string

    Possible values: [PASSKEY_AUTHENTICATOR_UNSPECIFIED, PASSKEY_AUTHENTICATOR_PLATFORM, PASSKEY_AUTHENTICATOR_CROSS_PLATFORM]

    Default value: PASSKEY_AUTHENTICATOR_UNSPECIFIED

    "Optionally specify the authenticator type of the passkey device (platform or cross-platform). If none is provided, both values are allowed."

    domain string

    "Domain on which the user is authenticated."

Responses

OK

Schema
    details object
    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    resourceOwner resource_owner is the organization or instance_id an object belongs to
    passkeyId string
    publicKeyCredentialCreationOptions object

    Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions). Generated helper methods transform the field to JSON, for use in a WebauthN client. See also: https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialcreationoptions

POST /v2beta/users/:userId/passkeys

Authorization

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request

Base URL
https://$CUSTOM-DOMAIN
Bearer Token
userId — path required
Content-Type
Body required
{

  "code": {

    "id": "e2a48d6a-362b-4db6-a1fb-34feab84dc62",

    "code": "SomeSpecialCode"

  },

  "authenticator": "PASSKEY_AUTHENTICATOR_UNSPECIFIED",

  "domain": "string"

}
Accept
curl / cURL
curl -L -X POST 'https://$CUSTOM-DOMAIN/v2beta/users/:userId/passkeys' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "code": {
    "id": "e2a48d6a-362b-4db6-a1fb-34feab84dc62",
    "code": "SomeSpecialCode"
  },
  "authenticator": "PASSKEY_AUTHENTICATOR_UNSPECIFIED",
  "domain": "string"
}'