Passkey login
Org-member passkey endpoints under /api/passkey. WebAuthn via the FIDO2 service; on register/login a web origin gets an HttpOnly cookie (SDK callers keep the body token).
Register (new account)
Section titled “Register (new account)”| Method · Route | Purpose | Source |
|---|---|---|
POST /register/options | Attestation options (Username, optional ApplicationKey, SecurityMode) | PasskeyEndpoints.cs:91 |
POST /register | Complete registration → auto-login (cookie issued) | :110 |
Add device (rotation)
Section titled “Add device (rotation)”| Method · Route | Purpose | Source |
|---|---|---|
POST /add/options | Enrollment options (authenticated). Passes ExcludeCredentials to prevent the cloud-sync duplicate-accumulation issue | :143 |
POST /add | Add a passkey to the current user (optional orgSlug) | :178 |
| Method · Route | Purpose | Source |
|---|---|---|
POST /login/options | Assertion options (optional email + ApplicationKey) | :215 |
POST /login | Complete assertion → cookie / token | :226 |
Helpers
Section titled “Helpers”GET /exists?email= (does the user exist / has passkey / login provider) and GET /browser-match?fingerprint= (authenticated) round out the set.