oCoreoCore Docs
API Reference

Web Authn

Begin passkey login

Starts the WebAuthn passkey login flow (public, no auth required).

POST
/auth/passkey/login/begin

Request Body

application/jsonOptional

Optional email for user-identified flow

emailstring
curl -X POST "//api.ocore.dev/api/auth/passkey/login/begin" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "string"
  }'

OK

{}

Finish passkey login

Completes passkey authentication and returns JWT tokens (public, no auth required).

POST
/auth/passkey/login/finish

Query Parameters

emailstring

Optional email for user-identified flow

curl -X POST "//api.ocore.dev/api/auth/passkey/login/finish?email=%3Cstring%3E"

OK

{
  "user": {}
}

List passkeys

Returns all registered passkey credentials for the authenticated user.

GET
/user/passkeys

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

curl -X GET "//api.ocore.dev/api/user/passkeys" \
  -H "Authorization: <token>"

OK

{
  "passkeys": [
    {
      "backupEligible": true,
      "backupState": true,
      "createdAt": "string",
      "deviceName": "string",
      "id": "string",
      "lastUsedAt": "string",
      "transport": [
        "string"
      ]
    }
  ]
}

Begin passkey registration

Starts the WebAuthn passkey registration flow and returns credential creation options.

POST
/user/passkeys/register/begin

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Request Body

application/jsonRequired

Registration request

device_namestring
curl -X POST "//api.ocore.dev/api/user/passkeys/register/begin" \
  -H "Authorization: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "device_name": "string"
  }'

OK

{}

Finish passkey registration

Completes passkey registration with the authenticator response.

POST
/user/passkeys/register/finish

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Query Parameters

device_namestring

Device name

curl -X POST "//api.ocore.dev/api/user/passkeys/register/finish?device_name=%3Cstring%3E" \
  -H "Authorization: <token>"

Created

{
  "created_at": "string",
  "device_name": "string",
  "id": "string"
}

Rename passkey

Updates the device name of a registered passkey.

PATCH
/user/passkeys/{id}

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Request Body

application/jsonRequired

Rename request

device_namestring

Path Parameters

idRequiredstring

Passkey credential ID

curl -X PATCH "//api.ocore.dev/api/user/passkeys/<string>" \
  -H "Authorization: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "device_name": "string"
  }'

OK

{
  "device_name": "string",
  "id": "string"
}

Delete passkey

Deletes a registered passkey credential.

DELETE
/user/passkeys/{id}

Authorization

Authorization<token>

JWT Bearer token (format: Bearer {token})

In: header

Path Parameters

idRequiredstring

Passkey credential ID

curl -X DELETE "//api.ocore.dev/api/user/passkeys/<string>" \
  -H "Authorization: <token>"

No Content

Was this page helpful?
Edit on GitHub

Sessions

Previous Page

S S H Keys

Next Page