Create authenticators (passkeys) for a user (OTP auth).

curl --request POST \
  --url https://api.example.com/v1/submit/create-authenticators-otp \
  --header 'Content-Type: application/json' \
  --header 'X-Pubkey: <x-pubkey>' \
  --header 'X-Pubkey, X-Timestamp, X-Signature: <api-key>' \
  --header 'X-Signature: <x-signature>' \
  --header 'X-Timestamp: <x-timestamp>' \
  --data '
{
  "sessionId": "550e8400-e29b-41d4-a716-446655440000",
  "accountId": "550e8400-e29b-41d4-a716-446655440000",
  "userId": "550e8400-e29b-41d4-a716-446655440000",
  "authenticators": [
    {
      "authenticatorName": "<string>",
      "challenge": "<string>",
      "attestation": {
        "credentialId": "<string>",
        "clientDataJson": "<string>",
        "attestationObject": "<string>",
        "transports": [
          "AUTHENTICATOR_TRANSPORT_BLE"
        ]
      }
    }
  ]
}
'

{
  "authenticatorIds": [
    "<string>"
  ]
}

POST

submit

create-authenticators-otp

Create authenticators (passkeys) for a user (OTP auth).

curl --request POST \
  --url https://api.example.com/v1/submit/create-authenticators-otp \
  --header 'Content-Type: application/json' \
  --header 'X-Pubkey: <x-pubkey>' \
  --header 'X-Pubkey, X-Timestamp, X-Signature: <api-key>' \
  --header 'X-Signature: <x-signature>' \
  --header 'X-Timestamp: <x-timestamp>' \
  --data '
{
  "sessionId": "550e8400-e29b-41d4-a716-446655440000",
  "accountId": "550e8400-e29b-41d4-a716-446655440000",
  "userId": "550e8400-e29b-41d4-a716-446655440000",
  "authenticators": [
    {
      "authenticatorName": "<string>",
      "challenge": "<string>",
      "attestation": {
        "credentialId": "<string>",
        "clientDataJson": "<string>",
        "attestationObject": "<string>",
        "transports": [
          "AUTHENTICATOR_TRANSPORT_BLE"
        ]
      }
    }
  ]
}
'

{
  "authenticatorIds": [
    "<string>"
  ]
}

Authorizations

X-Pubkey, X-Timestamp, X-Signature

string

header

required

Headers

X-Pubkey

string

required

Integrator's ECDSA public key (P-256 curve, compressed SEC1 format). Example: 0x038fedef7c12f93bbf342ad8943b7a825a3b41f61c9dc118b2c718efebabbf62fd

X-Timestamp

string

required

Unix timestamp in seconds (UTC). Must be within tolerance window (1 minute) to prevent replay attacks. Example: 1760375826

X-Signature

string

required

ECDSA signature (DER-encoded, hex with 0x prefix). Signs the message: {timestamp}{METHOD}{path_and_query}{json_body}. Example: 0x3045022100...

Body

application/json

Create authenticators using OTP session

Request to create authenticators (passkeys) using an OTP session

sessionId

string<uuid>

required

A UUID string

Example:

"550e8400-e29b-41d4-a716-446655440000"

accountId

string<uuid>

required

A UUID string

Example:

"550e8400-e29b-41d4-a716-446655440000"

userId

string<uuid>

required

A UUID string

Example:

"550e8400-e29b-41d4-a716-446655440000"

authenticators

object[]

required

List of authenticators (passkeys) to create

Show child attributes

Response

Authenticators created successfully

Response from creating authenticators (passkeys)

authenticatorIds

string[]

required

List of created authenticator IDs

Authenticate with OTP code and create a session.Get Bridge ToS link

Integrator API

API endpoints

Create authenticators (passkeys) for a user (OTP auth).

Authorizations

Headers

Body

Response