Hanko Passkey API adds support for passkeys for existing users of your platform. It’s designed to be used together with your own auth system, and can be used without any other Hanko product.

Users cannot create an account through the Passkey API. Instead, the Passkey API enables your users to add passkeys to their existing account (they have to be logged in first) or to use them to secure payment transactions.

Note that the Passkey API is not designed to be a full authentication solution — it’s only intended to be used together with another auth system.

If you need a full, open-source auth solution, check out Hanko Auth.

The Passkey API is designed to be used both from your backend and frontend:

  • Some requests (e.g. logging in) can be made to the Passkey API directly from the frontend. These do not require a secret API key.

  • All other requests that require a secret API key (e.g. registering a new passkey) should only be made from your backend. You should never leak that secret API key to the client.

Next steps