zautha
API Reference

Passkeys (WebAuthn)

Passwordless authentication with passkeys using the WebAuthn standard.

Register Begin

POST /v1/auth/passkey/register/begin

Requires an active session. Returns PublicKeyCredentialCreationOptions for the browser.

Register Complete

POST /v1/auth/passkey/register/complete
{
  "credential": { /* AuthenticatorAttestationResponse */ }
}

Response: 201 Created

Authenticate Begin

POST /v1/auth/passkey/authenticate/begin
{ "email": "user@example.com" }

Returns PublicKeyCredentialRequestOptions for the browser.

Authenticate Complete

POST /v1/auth/passkey/authenticate/complete
{
  "credential": { /* AuthenticatorAssertionResponse */ }
}

Response 200:

{
  "user": { "id": "...", "email": "..." },
  "session": { "id": "...", "access_token": "..." }
}

SDK Usage

Register a Passkey

const zautha = new Zautha({ projectKey: 'pk_live_xxx' });

// Triggers the browser's WebAuthn prompt
await zautha.registerPasskey();

Sign In with Passkey

const { user, session } = await zautha.signInWithPasskey({
  email: 'user@example.com', // optional, for discoverable credentials
});

Multi-Factor Authentication

TOTP and SMS MFA setup and verification endpoints.

Admin Endpoints

Control Plane API for managing tenants, projects, users, and organizations.

On this page

Register BeginRegister CompleteAuthenticate BeginAuthenticate CompleteSDK UsageRegister a PasskeySign In with Passkey