Create credential challenge

Starts a credential creation session and returns a challenge that the new credential must sign to verify the user's identity. This endpoint is part of the standard Create Credential flow.

HTTP request
POST /auth/credentials/init
Authorization requirements
Header Type Required Description
Authorization string Yes Bearer token used to authenticate the request. See Authentication flows for instructions on generating this token.
Request body
Field Type Required Description
kind enum (string) Yes The type of credential to create. Valid values: Fido2, Key, RecoveryKey, PasswordProtectedKey.
curl --request POST \
  --url https://api.digitalassets.ibm.com/auth/credentials/init \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "kind": "Fido2"
}
'
Response
200: Success

The response structure depends on the credential type.

Example response:

{
  "kind": "Fido2",
  "user": {
    "id": "<string>",
    "displayName": "<string>",
    "name": "<string>"
  },
  "challengeIdentifier": "<string>",
  "challenge": "<string>",
  "authenticatorSelection": {
    "residentKey": "required",
    "requireResidentKey": true,
    "userVerification": "required",
    "authenticatorAttachment": "platform"
  },
  "attestation": "none",
  "pubKeyCredParams": [
    {
      "type": "public-key",
      "alg": 123
    }
  ],
  "excludeCredentials": [
    {
      "type": "public-key",
      "id": "cr-6uunn-bm6ja-f6rmod5kqrk5rbel"
    }
  ],
  "temporaryAuthenticationToken": "<string>",
  "rp": {
    "id": "<string>",
    "name": "<string>"
  }
}