Logto Experience API

Verify WebAuthn registration verification

POST /api/experience/verification/web-authn/registration/verify

Verify the WebAuthn registration response against the user's WebAuthn registration challenge. If the response is valid, the WebAuthn registration record will be marked as verified.

application/json

Body Required

  • verificationId string Required

    The verification ID of the WebAuthn registration record.

  • payload object Required

    The WebAuthn attestation response from the user's WebAuthn credential.

    Hide payload attributes Show payload attributes object
    • type string("WebAuthn") Required
    • id string Required
    • rawId string Required
    • response object Required
      Hide response attributes Show response attributes object
      • clientDataJSON string Required
      • attestationObject string Required
      • authenticatorData string
      • transports array[string]

        Values are usb, nfc, ble, internal, cable, hybrid, or smart-card.

      • publicKeyAlgorithm number
      • publicKey string
    • authenticatorAttachment string

      Values are cross-platform or platform.

    • clientExtensionResults object Required
      Hide clientExtensionResults attributes Show clientExtensionResults attributes object
      • appid boolean
      • crepProps object
        Hide crepProps attribute Show crepProps attribute object
        • rk boolean
      • hmacCreateSecret boolean

Responses

  • 200 application/json

    The WebAuthn registration has been successfully verified.

    Hide response attribute Show response attribute object
    • verificationId string Required

      The unique verification ID of the WebAuthn registration record. This verificationId is required to bind the WebAuthn credential to the user account via the Profile API.
  • 400

    Invalid request.
    - session.mfa.pending_info_not_found: The WebAuthn registration challenge is missing from the current verification record.
    - session.mfa.webauthn_verification_failed: The WebAuthn attestation response is invalid or cannot be verified.

  • 404

    Verification record not found.

POST /api/experience/verification/web-authn/registration/verify 
curl \
 --request POST 'https://[tenant_id].logto.app/api/experience/verification/web-authn/registration/verify' \
 --header "Content-Type: application/json" \
 --data '{"verificationId":"string","payload":{"type":"string","id":"string","rawId":"string","response":{"clientDataJSON":"string","attestationObject":"string","authenticatorData":"string","transports":["usb"],"publicKeyAlgorithm":42.0,"publicKey":"string"},"authenticatorAttachment":"cross-platform","clientExtensionResults":{"appid":true,"crepProps":{"rk":true},"hmacCreateSecret":true}}}'
Request examples 
{
  "verificationId": "string",
  "payload": {
    "type": "string",
    "id": "string",
    "rawId": "string",
    "response": {
      "clientDataJSON": "string",
      "attestationObject": "string",
      "authenticatorData": "string",
      "transports": [
        "usb"
      ],
      "publicKeyAlgorithm": 42.0,
      "publicKey": "string"
    },
    "authenticatorAttachment": "cross-platform",
    "clientExtensionResults": {
      "appid": true,
      "crepProps": {
        "rk": true
      },
      "hmacCreateSecret": true
    }
  }
}
Response examples (200) 
{
  "verificationId": "string"
}