Create credential

Adds a new credential to the user's account. This endpoint finalizes the standard Create Credential flow by submitting the signed challenge generated inCreate credential challenge.

HTTP request
POST /auth/credentials
Authorization requirements
Header Type Required Description
Authorization string Yes Bearer token used to authenticate the request. See Authentication flows for instructions on generating this token.
X-DFNS-USERACTION string Yes User action signature used to authorize change-inducing requests. See User Action Signing flows for instructions on generating this signature.
Request body
The structure of the request depends on the credential type. The following describes the FIDO2 request.

FIDO2 and Passkeys: Registers a FIDO2 credential, also known as a Passkey or WebAuthN credential.

Field Type Required Description
credentialKind enum (string) Yes The credential kind. Valid value: Fido2.
credentialInfo object Yes
credentialName string Yes Minimum length: 1.
challengeIdentifier string Yes Minimum length: 1.
curl --request POST \
  --url https://api.digitalassets.ibm.com/auth/credentials \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '
{
  "credentialKind": "Fido2",
  "credentialInfo": {
    "credId": "<string>",
    "clientData": "<string>",
    "attestationData": "<string>"
  },
  "credentialName": "<string>",
  "challengeIdentifier": "<string>"
}
'
Response
200: Success

Returns details about the newly created credential.

Example response:

{
  "kind": "Fido2",
  "credentialId": "<string>",
  "credentialUuid": "<string>",
  "dateCreated": "<string>",
  "isActive": true,
  "name": "<string>",
  "publicKey": "<string>",
  "relyingPartyId": "<string>",
  "origin": "<string>"
}