Skip to content
Nhost Documentation
Support Dashboard

Verify adding of a new webauthn security key

POST
/user/webauthn/verify

Complete the process of adding a new WebAuthn security key by verifying the authenticator response. Requires elevated permissions.

Authorizations

Section titled “Authorizations ”

Request Body required

Section titled “Request Body required ”

WebAuthn credential creation response and optional security key nickname

object
credential
required
object
id
required

The credential’s identifier

string
type
required

The credential type represented by this object

string
rawId
required

Base64url-encoded binary data

string format: byte
clientExtensionResults

Map of extension outputs from the client

object
appid

Application identifier extension output

boolean
credProps

Credential properties extension output

object
rk

Indicates if the credential is a resident key

boolean
hmacCreateSecret

HMAC secret extension output

boolean
key
additional properties
any
authenticatorAttachment

The authenticator attachment

string
response
required
object
clientDataJSON
required

Base64url-encoded binary data

string format: byte
transports

The authenticator transports

Array<string>
authenticatorData

Base64url-encoded binary data

string format: byte
publicKey

Base64url-encoded binary data

string format: byte
publicKeyAlgorithm

The public key algorithm identifier

integer format: int64
attestationObject
required

Base64url-encoded binary data

string format: byte
nickname

Optional nickname for the security key

string

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Security key successfully added

object
id
required

The ID of the newly added security key

string
Example
123e4567-e89b-12d3-a456-426614174000
nickname

The nickname of the security key if provided

string

default

Section titled “default ”

An error occurred while processing the request

Standardized error response

object
status
required

HTTP status error code

integer
Example
400
message
required

Human-friendly error message

string
Example
Invalid email format
error
required

Error code identifying the specific application error

string
Allowed values: default-role-must-be-in-allowed-roles disabled-endpoint disabled-user email-already-in-use email-already-verified forbidden-anonymous internal-server-error invalid-email-password invalid-request locale-not-allowed password-too-short password-in-hibp-database redirectTo-not-allowed role-not-allowed signup-disabled unverified-user user-not-anonymous invalid-pat invalid-refresh-token invalid-ticket disabled-mfa-totp no-totp-secret invalid-totp mfa-type-not-found totp-already-active invalid-state oauth-token-echange-failed oauth-profile-fetch-failed oauth-provider-error invalid-otp cannot-send-sms provider-account-already-linked