Create credential challenge
Starts a credential creation session and returns a challenge that the new credential must sign to verify the user's identity. This endpoint is part of the standard Create Credential flow.
- HTTP request
- POST /auth/credentials/init
- Authorization requirements
-
Header Type Required Description Authorizationstring Yes Bearer token used to authenticate the request. See Authentication flows for instructions on generating this token. - Request body
-
Field Type Required Description kindenum (string) Yes The type of credential to create. Valid values: Fido2,Key,RecoveryKey,PasswordProtectedKey.curl --request POST \ --url https://api.digitalassets.ibm.com/auth/credentials/init \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data ' { "kind": "Fido2" } ' - Response
- 200: Success
The response structure depends on the credential type.
Example response:
{ "kind": "Fido2", "user": { "id": "<string>", "displayName": "<string>", "name": "<string>" }, "challengeIdentifier": "<string>", "challenge": "<string>", "authenticatorSelection": { "residentKey": "required", "requireResidentKey": true, "userVerification": "required", "authenticatorAttachment": "platform" }, "attestation": "none", "pubKeyCredParams": [ { "type": "public-key", "alg": 123 } ], "excludeCredentials": [ { "type": "public-key", "id": "cr-6uunn-bm6ja-f6rmod5kqrk5rbel" } ], "temporaryAuthenticationToken": "<string>", "rp": { "id": "<string>", "name": "<string>" } }