Skip to content
Nhost Documentation
Support Dashboard

Sign up with Webauthn

POST
/signup/webauthn

Initiate a Webauthn sign-up process by sending a challenge to the user’s device. The user must not have an existing account.

Request Body required

Section titled “Request Body required ”

Email address and optional user options for WebAuthn registration

object
email
required

A valid email

string format: email
Example
john.smith@nhost.io
options
object
allowedRoles
Array<string>
Example
[
  "me",
  "user"
]
defaultRole
string
Example
user
displayName
string
<= 32 characters /^[\p{L}\p{N}\p{S} ,.'-]+$/
Example
John Smith
locale

A two or three characters locale

string
>= 2 characters <= 3 characters
Example
en
metadata
object
key
additional properties
any
Example
{
  "firstName": "John",
  "lastName": "Smith"
}
redirectTo
string format: uri
Example
https://my-app.com/catch-redirection

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Challenge sent

object
rp
required
object
name
required

A human-palatable name for the entity

string
id
required

A unique identifier for the Relying Party entity, which sets the RP ID

string
user
required
object
name
required

A human-palatable name for the entity

string
displayName
required

A human-palatable name for the user account, intended only for display

string
id
required

The user handle of the user account entity

string
challenge
required

Base64url-encoded binary data

string format: byte
pubKeyCredParams
required

The desired credential types and their respective cryptographic parameters

Array<object>
object
type
required

The valid credential types

string
Allowed values: public-key
alg
required

The cryptographic algorithm identifier

integer
timeout

A time, in milliseconds, that the caller is willing to wait for the call to complete

integer
excludeCredentials

A list of PublicKeyCredentialDescriptor objects representing public key credentials that are not acceptable to the caller

Array<object>
object
type
required

The valid credential types

string
Allowed values: public-key
id
required

Base64url-encoded binary data

string format: byte
transports

The authenticator transports that can be used

Array<string>
Allowed values: usb nfc ble smart-card hybrid internal
authenticatorSelection
object
authenticatorAttachment

The authenticator attachment modality

string
Allowed values: platform cross-platform
requireResidentKey

Whether the authenticator must create a client-side-resident public key credential source

boolean
residentKey

The resident key requirement

string
default: discouraged
Allowed values: discouraged preferred required
userVerification

A requirement for user verification for the operation

string
default: preferred
Allowed values: required preferred discouraged
hints

Hints to help guide the user through the experience

Array<string>
Allowed values: security-key client-device hybrid
attestation

The attestation conveyance preference

string
default: none
Allowed values: none indirect direct enterprise
attestationFormats

The preferred attestation statement formats

Array<string>
Allowed values: packed tpm android-key android-safetynet fido-u2f apple none
extensions

Additional parameters requesting additional processing by the client and authenticator

object
key
additional properties
any

default

Section titled “default ”

An error occurred while processing the request

Standardized error response

object
status
required

HTTP status error code

integer
Example
400
message
required

Human-friendly error message

string
Example
Invalid email format
error
required

Error code identifying the specific application error

string
Allowed values: default-role-must-be-in-allowed-roles disabled-endpoint disabled-user email-already-in-use email-already-verified forbidden-anonymous internal-server-error invalid-email-password invalid-request locale-not-allowed password-too-short password-in-hibp-database redirectTo-not-allowed role-not-allowed signup-disabled unverified-user user-not-anonymous invalid-pat invalid-refresh-token invalid-ticket disabled-mfa-totp no-totp-secret invalid-totp mfa-type-not-found totp-already-active invalid-state oauth-token-echange-failed oauth-profile-fetch-failed oauth-provider-error invalid-otp cannot-send-sms provider-account-already-linked