POST

https://{tenant_id}.hanko.io

/
profile

Authorizations

hanko
string
cookierequired

Query Parameters

action
string

String of the format {action_name}@{flow_id}. Indicates the action to perform on the flow with the given flow_id. Omitting the query parameter initializes a new flow.

Note for playground usage: You can derive the value for this query parameter from the action's href property in a flow state response, e.g. for an href value of /login?action=register_client_capabilities%4015655672-41ca-48cc-afb1-90be77075764 the (non-URL-encoded) value would be register_client_capabilities@15655672-41ca-48cc-afb1-90be77075764.

Body

application/json
input_data
object

Input data for the register_client_capabilities action.

csrf_token
string

Not required on flow initialization, i.e. on requests without an action query parameter.

Required on all other requests performing an action, i.e. on requests that use an action query parameter. Should be the csrf_token value from the most recent flow state response.

Response

200 - application/json
actions
object

List of actions that can be performed in the current flow state in order to advance the flow to the next state.

Depending on user details (e.g. presence or absence of credentials) or the tenant's configuration some actions may or may not be present in the response.

name
enum<string>

The name of the flow state.

Available options:
preflight
payload
object

Additional data that can be used by the client (e.g user data provided in the profile flow) or should/must be used as intermediary data in an out of band process to produce input data for advancing the flow (e.g. the WebAuthn credential request/creation options that must be passed to the Webauthn API to produce an assertion/attestation).

status
enum<integer>

The HTTP response status code for this flow response.

Available options:
200
csrf_token
string

Token to prevent Cross-Site Request Forgeries.