> ## Documentation Index
> Fetch the complete documentation index at: https://docs.byzantine.fi/llms.txt
> Use this file to discover all available pages before exploring further.

# Step 3 Create passkeys (OTP auth)

> Adds passkeys to a user's account by authenticating with a previously established OTP session.



## OpenAPI

````yaml /api-reference/openapi-integrator.json post /v1/submit/create-authenticators-otp
openapi: 3.0.3
info:
  title: Byzantine Integrator API
  description: Byzantine REST API for integrators.
  license:
    name: ''
  version: 0.2.0
servers:
  - url: https://sandbox.api.byzantine.fi
    description: Sandbox
security: []
tags:
  - name: API health
    description: Check API status.
  - name: Customer management
    description: Endpoints to create, update, and retrieve customer information.
  - name: Account management
    description: Endpoints to manage accounts, bank accounts, invitations, and user roles.
  - name: Products
    description: Endpoints to get data about products and vaults.
  - name: Transactions
    description: Endpoints to create and manage transactions.
  - name: OTP authentication
    description: Endpoints to initialize and manage user authentication with OTP.
  - name: Webhooks
    description: Integrator-managed outbound webhook subscriptions and delivery history.
paths:
  /v1/submit/create-authenticators-otp:
    post:
      tags:
        - OTP authentication
      summary: Step 3 Create passkeys (OTP auth)
      description: >-
        Adds passkeys to a user's account by authenticating with a previously
        established OTP session.
      operationId: create_authenticators_otp
      parameters:
        - name: X-Pubkey
          in: header
          description: >-
            Integrator's ECDSA public key (P-256 curve, compressed SEC1 format).
            Example:
            0x038fedef7c12f93bbf342ad8943b7a825a3b41f61c9dc118b2c718efebabbf62fd
          required: true
          schema:
            type: string
        - name: X-Timestamp
          in: header
          description: >-
            Unix timestamp in seconds (UTC). Must be within tolerance window (1
            minute) to prevent replay attacks. Example: 1760375826
          required: true
          schema:
            type: string
        - name: X-Signature
          in: header
          description: >-
            ECDSA signature (DER-encoded, hex with 0x prefix). Signs the
            message: {timestamp}{METHOD}{path_and_query}{json_body}. Example:
            0x3045022100...
          required: true
          schema:
            type: string
      requestBody:
        description: Create authenticators using OTP session
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateAuthenticatorsOtpRequest'
        required: true
      responses:
        '200':
          description: Authenticators created successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreateAuthenticatorsOtpResponse'
        '400':
          description: Invalid request payload or session expired
        '404':
          description: Account, user, or session not found
        '500':
          description: Internal server error
      security:
        - integrator_auth: []
components:
  schemas:
    CreateAuthenticatorsOtpRequest:
      type: object
      description: Request to create authenticators (passkeys) using an OTP session
      required:
        - sessionId
        - accountId
        - userId
        - authenticators
      properties:
        sessionId:
          $ref: '#/components/schemas/Uuid'
        accountId:
          $ref: '#/components/schemas/Uuid'
        userId:
          $ref: '#/components/schemas/Uuid'
        authenticators:
          type: array
          items:
            $ref: '#/components/schemas/AuthenticatorParam'
          description: List of authenticators (passkeys) to create
    CreateAuthenticatorsOtpResponse:
      type: object
      description: Response from creating authenticators (passkeys)
      required:
        - authenticatorIds
      properties:
        authenticatorIds:
          type: array
          items:
            type: string
          description: List of created authenticator IDs
    Uuid:
      type: string
      format: uuid
      description: A UUID string
      example: 550e8400-e29b-41d4-a716-446655440000
    AuthenticatorParam:
      type: object
      description: Passkey authenticator object.
      required:
        - authenticatorName
        - challenge
        - attestation
      properties:
        authenticatorName:
          type: string
          description: Human-readable name for an Authenticator.
        challenge:
          type: string
          description: Challenge presented for authentication purposes.
        attestation:
          $ref: '#/components/schemas/Attestation'
    Attestation:
      type: object
      required:
        - credentialId
        - clientDataJson
        - attestationObject
        - transports
      properties:
        credentialId:
          type: string
          description: The cbor encoded then base64 url encoded id of the credential.
        clientDataJson:
          type: string
          description: >-
            A base64 url encoded payload containing metadata about the signing
            context and the challenge.
        attestationObject:
          type: string
          description: >-
            A base64 url encoded payload containing authenticator data and any
            attestation the webauthn provider chooses.
        transports:
          type: array
          items:
            $ref: '#/components/schemas/Transports'
    Transports:
      type: string
      enum:
        - AUTHENTICATOR_TRANSPORT_BLE
        - AUTHENTICATOR_TRANSPORT_INTERNAL
        - AUTHENTICATOR_TRANSPORT_NFC
        - AUTHENTICATOR_TRANSPORT_USB
        - AUTHENTICATOR_TRANSPORT_HYBRID
        - Unknown
  securitySchemes:
    integrator_auth:
      type: apiKey
      in: header
      name: X-Pubkey, X-Timestamp, X-Signature

````