Skip to main content
POST
/
user
/
webauthn
/
verify
Verify adding of a new webauthn security key
curl --request POST \
  --url https://{subdomain}.auth.{region}.nhost.run/v1/user/webauthn/verify \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "credential": {
    "id": "<string>",
    "type": "<string>",
    "rawId": "aSDinaTvuI8gbWludGxpZnk=",
    "response": {
      "clientDataJSON": "aSDinaTvuI8gbWludGxpZnk=",
      "attestationObject": "aSDinaTvuI8gbWludGxpZnk=",
      "transports": [
        "<string>"
      ],
      "authenticatorData": "aSDinaTvuI8gbWludGxpZnk=",
      "publicKey": "aSDinaTvuI8gbWludGxpZnk=",
      "publicKeyAlgorithm": 123
    },
    "clientExtensionResults": {
      "appid": true,
      "credProps": {
        "rk": true
      },
      "hmacCreateSecret": true
    },
    "authenticatorAttachment": "<string>"
  },
  "nickname": "<string>"
}
'
{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "nickname": "<string>"
}

Authorizations

Authorization
string
header
required

Bearer authentication that requires elevated permissions. Used for sensitive operations that may require additional security measures such as recent authentication. For details see https://docs.nhost.io/products/auth/elevated-permissions

Body

application/json

WebAuthn credential creation response and optional security key nickname

credential
object
required
nickname
string

Optional nickname for the security key

Response

Security key successfully added

id
string
required

The ID of the newly added security key

Example:

"123e4567-e89b-12d3-a456-426614174000"

nickname
string

The nickname of the security key if provided