Verify a passkey registration response + persist the credential

curl --request POST \
  --url https://api.mnemom.ai/v1/auth/passkey/verify-enroll \
  --header 'Content-Type: application/json' \
  --cookie mnemom_session= \
  --data '
{
  "response": {
    "id": "<string>",
    "rawId": "<string>",
    "type": "public-key",
    "response": {},
    "clientExtensionResults": {},
    "authenticatorAttachment": "<string>"
  },
  "friendly_name": "<string>"
}
'

{
  "credential_id": "<string>",
  "friendly_name": "<string>",
  "backed_up": true
}

POST

auth

passkey

verify-enroll

Verify a passkey registration response + persist the credential

curl --request POST \
  --url https://api.mnemom.ai/v1/auth/passkey/verify-enroll \
  --header 'Content-Type: application/json' \
  --cookie mnemom_session= \
  --data '
{
  "response": {
    "id": "<string>",
    "rawId": "<string>",
    "type": "public-key",
    "response": {},
    "clientExtensionResults": {},
    "authenticatorAttachment": "<string>"
  },
  "friendly_name": "<string>"
}
'

{
  "credential_id": "<string>",
  "friendly_name": "<string>",
  "backed_up": true
}

Authorizations

mnemom_session

string

required

HttpOnly, Secure, SameSite=Lax cookie issued by /v1/auth/sign-in (or the SSO / email-callback flows). The value is an AES-256-GCM-encrypted blob of {access_token, refresh_token, issued_at, auth_method}. Browser clients include this automatically with credentials: "include".

Body

application/json

response

object

required

Browser's navigator.credentials.create() response, JSON-serialized per the WebAuthn Level 3 JSON form.

Show child attributes

friendly_name

string

User label (e.g. "Alex's iPhone").

Response

Passkey enrolled.

credential_id

string

friendly_name

string | null

device_type

enum<string>

Available options:

single_device,

multi_device

backed_up

boolean

Begin passkey enrollment — return WebAuthn creation options Begin passkey sign-in — return WebAuthn assertion options

⌘I