Skip to main content
POST
Finish passwordless passkey login

Authorizations

Authorization
string
header
required

Session JWT (from register/login) or API key (pk_...). X-API-Key: <token> is accepted as an alternative header.

Body

application/json
org
string
required
challenge_id
string
required
credential
object
required

The PublicKeyCredential JSON from navigator.credentials.get().

Response

Session issued.

Last modified on July 18, 2026