Skip to main content
POST
/
webauthn
/
login
/
initialize
Initialize WebAuthn login
curl --request POST \
  --url https://{tenant_id}.hanko.io/webauthn/login/initialize \
  --header 'Content-Type: application/json' \
  --data '
{
  "user_id": "c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c"
}
'
{
  "publicKey": {
    "challenge": "qgOI+0KpGnl9NOqaT6dfsYvi96R87LgpErnvePeOgSU=",
    "timeout": 60000,
    "rpId": "localhost",
    "allowCredentials": [
      {
        "type": "public-key",
        "id": "Mepptysj5ZZrTlg0qiLbsZ068OtQMeGVAikVy2n1hvvG..."
      }
    ],
    "userVerification": "required"
  }
}
Deprecated. Please use the Flow API instead. What’s the Flow API?.
Returns a JSON representation of CredentialRequestOptions for use with the Webauthn API’s navigator.credentials.get(). Omitting the optional request body or using an empty JSON object results in generation of request options for a login using a discoverable credential (i.e. they will not contain allowCredentials).
The Webauthn API uses binary data represented by ArrayBuffers for certain input/output values. The Hanko API returns these values as base64url-encoded, so they must be converted to ArrayBuffers when passed to the Webauthn API. Similarly, Webauthn API output must be converted to base64url-encoded values when passed to the Hanko API (e.g. using the webauthn-json library).

Body

application/json
user_id
string<uuid4>

The ID of the user on whose behalf WebAuthn login should be performed

Example:

"c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c"

Response

Successful initialization

Options for assertion generation with the WebAuthn API

publicKey
object