API List
API List
This page explains how to call each FSS WebAPI.
For basic information on API calls, please refer to WebAPI Common Information.
The items in the response data indicate the format of the The following data types are used.
Info
data property of the basic API response format.
Info
- getNonce
- getUser
- getUsersByUserName
- getAllUsers
- registerUser
- updateUser
- deleteUser
- registerCredential/start
- registerCredential/verify
- registerCredential/finish
- authenticate/start
- authenticate/finish
- getCredential
- updateCredential
- deleteCredential
getNonce
Gets the Nonce value required for Nonce signature authentication.
It is not necessary to add common HTTP headers when calling this API.
It is not necessary to add common HTTP headers when calling this API.
Request Parameters
{}| Key | Type | Content |
|---|---|---|
| Parameters are empty. | ||
Response Data
{
"nonce" : "xxxxxxxxxxxxxxxx"
}| Key | Type | Content |
|---|---|---|
| nonce | string | Nonce value used in Nonce authentication. |
Expected Errors
- None
getUser
Gets a single user's information.
Request Parameters
{
"userId" : "xxxxxxxxxxxxxxxx",
"withDisabledUser" : false,
"withDisabledCredential" : false
}| Key | Type | Content |
|---|---|---|
| userId | Buffer | ID of the user to get. |
| withDisabledUser | boolean | Optional (false if omitted). Whether to include disabled users. |
| withDisabledCredential | boolean | Optional (false if omitted). Whether to include disabled credentials. |
Response Data
{
"user" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
...
},
"credentials" : [
{
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
"credentialId" : "xxxxxxxxxxxxxxxx",
...
}
],
"signalCurrentUserDetailsOptions":{
"displayName" : "xxxxxxxx",
"name" : "xxxxxxxx",
...
}
}| Key | Type | Content |
|---|---|---|
| user | UserData | User information. |
| credentials | CredentialData[] | List of credential information registered by the user. |
| signalCurrentUserDetailsOptions | SignalCurrentUserDetailsOptions | Data used for the argument of PublicKeyCredential:signalCurrentUserDetails. |
Expected Errors
NOT_FOUND: If user information is not found.
getUsersByUserName
Gets user information from the user name.
If the RP allows duplicate user names, multiple results may be returned.
If the RP allows duplicate user names, multiple results may be returned.
Request Parameters
{
"userName" : "xxxxxxxx",
"withDisabledUser" : false
}| Key | Type | Content |
|---|---|---|
| userName | string | User name of the user to get. |
| withDisabledUser | boolean | Optional (false if omitted). Whether to include disabled users. |
Response Data
{
"users" : [
{
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
...
},
...
]
}| Key | Type | Content |
|---|---|---|
| users | UserData[] | List of user information. |
Expected Errors
NOT_FOUND: If user information is not found.
getAllUsers
Gets all user information.
Request Parameters
{
"withDisabledUser" : false
}| Key | Type | Content |
|---|---|---|
| withDisabledUser | boolean | Optional (false if omitted). Whether to include disabled users. |
Response Data
{
"users" : [
{
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
...
},
...
]
}| Key | Type | Content |
|---|---|---|
| users | UserData[] | List of user information. |
Expected Errors
- None
registerUser
Registers user information.
Request Parameters
{
"user" : {
"userId" : "xxxxxxxxxxxxxxxx",
"userName" : "xxxxxxxx",
"displayName" : "xxxxxxxx",
"userAttributes" : {
...
},
"disabled" : false
}
}| Key | Type | Content |
|---|---|---|
| user | UserDataRegisterParameter | User information to register. (Some properties in
UserData cannot be specified) |
| userId | Buffer | User ID. |
| userName | string | User name. |
| displayName | string | null | Display name. |
| userAttributes | { [key : string] : any } | null | User attributes. |
| disabled | boolean | Disabled flag. |
Response Data
{
"user" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
...
}
}| Key | Type | Content |
|---|---|---|
| user | UserData | Registered user information. |
Expected Errors
PARAMETER_ERROR: If the format of each input value is incorrect.ALREADY_EXISTS: If the user ID is duplicated.DUPLICATED: If the user name is duplicated in an RP that prohibits user name duplication.LICENSE_LIMIT_EXCEEDED: If the number of users exceeds the license limit.
updateUser
Updates user information.
Request Parameters
{
"user" : {
"userId" : "xxxxxxxxxxxxxxxx",
"userName" : "xxxxxxxx",
"displayName" : "xxxxxxxx",
"userAttributes" : {
...
},
"disabled" : false,
"updated" : "2025-08-01T00:00:00.000Z"
},
"options" : {
"withUpdatedCheck" : false,
}
}| Key | Type | Content |
|---|---|---|
| user | UserDataUpdateParameter | User information to update. (Some properties in
UserData cannot be specified) |
| userId | Buffer | User ID. |
| userName | string | User name. |
| displayName | string | null | Display name. |
| userAttributes | { [key : string] : any } | null | User attributes. |
| disabled | boolean | Disabled flag. |
| updated | Date | Update date and time. If
withUpdatedCheck is enabled, an error will occur if this parameter is different from the registered update date and time. |
| options | Update options. Optional. | |
| withUpdatedCheck | boolean |
true to verify that the
updated value matches.
false if omitted. |
Response Data
{
"user" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
...
},
"signalCurrentUserDetailsOptions":{
"displayName" : "xxxxxxxx",
"name" : "xxxxxxxx",
...
}
}| Key | Type | Content |
|---|---|---|
| user | UserData | Updated user information. |
| signalCurrentUserDetailsOptions | SignalCurrentUserDetailsOptions | Data used for the argument of PublicKeyCredential:signalCurrentUserDetails. |
Expected Errors
PARAMETER_ERROR: If the format of each input value is incorrect.NOT_FOUND: If the user does not exist.DUPLICATED: If the user name is duplicated in an RP that prohibits user name duplication.UPDATE_ERROR: IfwithUpdatedCheckistrueandupdatedis different from the registered information.
deleteUser
Deletes user information.
Request Parameters
{
"userId" : "xxxxxxxxxxxxxxxx"
}| Key | Type | Content |
|---|---|---|
| userId | Buffer | ID of the user to delete. |
Response Data
{
"user" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
...
},
"credentials" : [
{
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
"credentialId" : "xxxxxxxxxxxxxxxx",
...
}
],
"signalAllAcceptedCredentialsOptions":{
"allAcceptedCredentialIds" : [],
"rpId" : "xxx.xxx.xxx",
...
}
}| Key | Type | Content |
|---|---|---|
| user | UserData | Deleted user information. |
| credentials | CredentialData[] | List of credential information of the deleted user. |
| signalAllAcceptedCredentialsOptions | SignalAllAcceptedCredentialsOptions | Data used for the argument of PublicKeyCredential:signalAllAcceptedCredentials.
allAcceptedCredentialIds will always be an empty array. |
Expected Errors
NOT_FOUND: If the user does not exist.
registerCredential/start
Starts registration of a credential (passkey).
To start FIDO authenticator registration, first call this start API from the application server, specifying the registration requirements in the parameters. Pass the
To start FIDO authenticator registration, first call this start API from the application server, specifying the registration requirements in the parameters. Pass the
creationOptions parameter included in the response to the client browser, and after appropriately converting some Buffer parameters on the browser, pass it as an argument to the
navigator.credentials.create method to start the passkey registration process on the browser. If
navigator.credentials.create operates normally, send its response to the application server, and call the finish API (and verify API if necessary) from the application server to complete the passkey registration.
// 1. Get challenge from app server
// AppServer's "/register/start" calls FSS WebAPI's "/registerCredential/start".
const { data } = await api.post('/register/start', {
name: name.value,
displayName: displayName.value,
});
const creationOptions = data.creationOptions;
// 2. Convert options and call WebAuthn API
const binaryOptions = convertCreationOptionsToBinary(creationOptions);
const credential = await navigator.credentials.create({ publicKey: binaryOptions }) as PublicKeyCredential;
if (!credential) {
throw new Error('Credential creation failed or was canceled.');
}
// 3. Convert result to JSON and send to server
const jsonableCredential = convertPublicKeyCredentialToJsonable(credential);
const resp = {
createResponse : {
attestationResponse : jsonableCredential,
transports : (credential.response as AuthenticatorAttestationResponse).getTransports(),
}
};
// AppServer's "/register/finish" calls FSS WebAPI's "/registerCredential/finish".
await api.post('/register/finish', resp);
alert('Registration successful! Please log in.');Info
After calling the start API, it is necessary to inherit the cookie of the start API when calling the verify/finish API. Please check the specifications of your HTTP request library and implement it to inherit cookies appropriately.
Request Parameters
{
"creationOptionsBase" : {
"authenticatorSelection" : {
"authenticatorAttachment" : "platform",
"residentKey" : "required",
"requireResidentKey" : true,
"userVerification" : "required"
},
"timeout" : 120000,
"hints" : [ "security-key", "client-device", "hybrid"],
"attestation" : "direct",
"extensions" : {
...
}
},
"user" : {
"userId" : "xxxxxxxxxxxxxxxx",
"userName" : "xxxxxxxx",
"displayName" : "xxxxxxxx",
"userAttributes" : {
...
},
"disabled" : false
},
"options" : {
"createUserIfNotExists" : true,
"updateUserIfExists" : true,
"credentialName" : {
"name" : "Credential (No model name)",
...
},
"credentialAttributes" : {
...
}
}
}| Key | Type | Content |
|---|---|---|
| creationOptionsBase | Basic part of WebAuthn's
PublicKeyCredentialCreationOptions.*Basically, it conforms to PublicKeyCredentialCreationOptions, but the following points are different from
PublicKeyCredentialCreationOptions.
|
|
| authenticatorSelection | AuthenticatorSelectionCriteria | Requirements for authentication attributes. Optional. |
| authenticatorAttachment | AuthenticatorAttachment | Requirement for authenticator type. Optional. Specify
platform or
cross-platform. |
| residentKey | ResidentKeyRequirement | Requirement for client-side discoverable credentials (formerly known as ResidentKey). Optional. Specify
required,
preferred, or
discouraged. |
| requireResidentKey | boolean | Specifies whether a client-side discoverable credential is required. *This property is left for backward compatibility of WebAuthn. In FSS WebAPI, an appropriate value to be passed to the WebAuthn API is returned based on the residentKey property and
requireResidentKey property passed here. |
| userVerification | UserVerificationRequirement | Requirement for user verification. Optional. Specify
required,
preferred, or
discouraged. |
| timeout | number | Timeout value (milliseconds). Optional. Corresponds to
timeout of
PublicKeyCredentialCreationOptions. |
| hints | PublicKeyCredentialHint[] | Authenticator type hint information. Optional. Corresponds to
hints of
PublicKeyCredentialCreationOptions. |
| attestation | AttestationConveyancePreference | Requirements for attestation. Optional. Corresponds to
attestation of
PublicKeyCredentialCreationOptions. |
| extensions | AuthenticationExtensionsClientInputsJSON | Requirements for extensions. Optional. Corresponds to
extensions of
PublicKeyCredentialCreationOptions.*If not specified, the option to enable the credProps extension is automatically set. |
| user | UserDataRegisterParameter | User information. (Some properties in
UserData cannot be specified) |
| userId | Buffer | User ID. |
| userName | string | User name. Optional only if both
createUserIfNotExists and
updateUserIfExists are
false. |
| displayName | string | null | Display name. Optional. |
| userAttributes | { [key : string] : any } | null | User attributes. Optional. |
| disabled | boolean | Disabled flag. Optional. You cannot specify
true in this API. |
| options | Option information | |
| createUserIfNotExists | boolean |
true to register a user if the user does not exist. Optional.
false if omitted. |
| updateUserIfExists | boolean |
true to update user information if the user exists. Optional.
false if omitted. |
| credentialName | Fido2CredentialNameParameter | Credential name to be specified upon successful credential registration. Optional. If omitted, the default name provided by FSS WebAPI is set. |
| credentialAttributes | { [key : string] : any } | null | Credential attributes to be specified upon successful credential registration. Optional.
null if omitted. |
Info
User registration/update by the
createUserIfNotExists and
updateUserIfExists options is executed when
registerCredential/start is called.
Response Data
{
"creationOptions" : {
"attestation" : "direct",
"authenticatorSelection" : {
...
},
...
},
"user" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
...
}
}| Key | Type | Content |
|---|---|---|
| creationOptions | PublicKeyCredentialCreationOptionsJSON | Parameter to be passed to the
publicKey property of the
navigator.credentials.create method argument. It is necessary to convert from
PublicKeyCredentialCreationOptionsJSON type to
PublicKeyCredentialCreationOptions type before actually passing it. |
| user | UserData | User information of the credential registration target. |
Expected Errors
PARAMETER_ERROR: If the format of each input value is incorrect.NOT_FOUND: If createUserIfNotExists is false and the user does not exist.DUPLICATED: If createUserIfNotExists or updateUserIfExists is true and the user name is duplicated in an RP that prohibits user name duplication.LICENSE_LIMIT_EXCEEDED: If createUserIfNotExists is true and the number of users exceeds the license limit.
Info
If an error occurs during API execution, additional information may be set in appSubStatus.errorCode of the response. For details, please see WebAPI Common Information.
registerCredential/verify
Verifies the result of credential (passkey) registration.
Verifies the execution result of
Verifies the execution result of
navigator.credentials.create to confirm that the authenticator has returned a correct response. While
registerCredential/finish saves the credential upon successful verification, this API only performs verification and does not save the credential. Use this API when you want to make some registration feasibility judgment from the verification result on the application server side. If there are no problems, call the
registerCredential/finish API again to save.
Info
After calling the start API, it is necessary to inherit the cookie of the start API when calling the verify/finish API. Please check the specifications of your HTTP request library and implement it to inherit cookies appropriately.
Request Parameters
{
"createResponse" : {
"attestationResponse" : {
"authenticatorAttachment" : "platform",
"id" : "xxxxxxxx",
"response" : "xxxxxx........",
...
},
"transports": [
"usb"
]
},
"options" : {
"credentialName" : {
"name" : "Credential (No model name)",
...
}
}
}| Key | Type | Content |
|---|---|---|
| createResponse | Credential registration information | |
| attestationResponse | PublicKeyCredentialJSON | string | JSON representation of the return value of the
navigator.credentials.create method. If passed as a
string, it is parsed and processed as a JSON string. |
| transports | string[] | Return value of executing the member method
getTransports() of the response of the
navigator.credentials.create method return value. It is a separate parameter because it is not included in
attestationResponse. Optional. |
| options | Option information | |
| credentialName | Fido2CredentialNameParameter | Credential name to be specified upon successful credential registration. Optional. If omitted, the default name provided by FSS WebAPI is set. If an option with the same name was set when executing start, the option at the time of verify/finish is used with priority. |
Response Data
{
"user" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
...
},
"credential" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
"credentialId" : "xxxxxxxxxxxxxxxx",
...
}
}| Key | Type | Content |
|---|---|---|
| user | UserData | User information of the credential registration target. |
| credential | CredentialData | Credential information to be registered. *Since it is not actually registered, information such as registered and
updated is missing. |
Expected Errors
PARAMETER_ERROR: If the format of each input value is incorrect.NOT_FOUND: If the user to be registered does not exist.ALREADY_EXISTS: If a credential with the same ID already exists.
Info
If an error occurs during API execution, additional information may be set in appSubStatus.errorCode of the response. For details, please see WebAPI Common Information.
registerCredential/finish
Verifies the result of credential (passkey) registration and saves it if there are no problems.
Verifies the execution result of
Verifies the execution result of
navigator.credentials.create to confirm that the authenticator has returned a correct response. While
registerCredential/verify only performs verification, this API saves the credential if the verification is successful. If you want to make some registration feasibility judgment from the verification result on the application server side, use
registerCredential/verify to check the verification result and then call this API as needed.
Info
After calling the start API, it is necessary to inherit the cookie of the start API when calling the verify/finish API. Please check the specifications of your HTTP request library and implement it to inherit cookies appropriately.
Request Parameters
{
"createResponse" : {
"attestationResponse" : {
"authenticatorAttachment" : "platform",
"id" : "xxxxxxxx",
"response" : "xxxxxx........",
...
},
"transports": [
"usb"
]
},
"options" : {
"credentialName" : {
"name" : "Credential (No model name)",
...
}
}
}| Key | Type | Content |
|---|---|---|
| createResponse | Credential registration information | |
| attestationResponse | PublicKeyCredentialJSON | string | JSON representation of the return value of the
navigator.credentials.create method. If passed as a
string, it is parsed and processed as a JSON string. |
| transports | string[] | Return value of executing the member method
getTransports() of the response of the
navigator.credentials.create method return value. It is a separate parameter because it is not included in
attestationResponse. Optional. |
| options | Option information | |
| credentialName | Fido2CredentialNameParameter | Credential name to be specified upon successful credential registration. Optional. If omitted, the default name provided by FSS WebAPI is set. If an option with the same name was set when executing start, the option at the time of verify/finish is used with priority. |
Response Data
{
"user" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
...
},
"credential" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
"credentialId" : "xxxxxxxxxxxxxxxx",
...
}
}| Key | Type | Content |
|---|---|---|
| user | UserData | User information of the credential registration target. |
| credential | CredentialData | Registered credential information. |
Expected Errors
PARAMETER_ERROR: If the format of each input value is incorrect.NOT_FOUND: If the user to be registered does not exist.ALREADY_EXISTS: If a credential with the same ID already exists.
Info
If an error occurs during API execution, additional information may be set in appSubStatus.errorCode of the response. For details, please see WebAPI Common Information.
authenticate/start
Starts authentication of a credential (passkey).
To start FIDO authentication, first call this start API from the application server, specifying the authentication requirements in the parameters. Pass the
To start FIDO authentication, first call this start API from the application server, specifying the authentication requirements in the parameters. Pass the
requestOptions parameter included in the response to the client browser, and after appropriately converting some Buffer parameters on the browser, pass it as an argument to the
navigator.credentials.get method to start the passkey authentication process on the browser. If
navigator.credentials.get operates normally, send its response to the application server, and call the finish API from the application server to complete the passkey authentication.
// 1. Get challenge from server
// AppServer's "/login/start" calls FSS WebAPI's "/authenticate/start".
const { data } = await api.post('/login/start');
const requestOptions = data.requestOptions;
// 2. Convert options and call WebAuthn API
const binaryOptions = convertRequestOptionsToBinary(requestOptions);
const credential = await navigator.credentials.get({ publicKey: binaryOptions });
if (!credential) {
throw new Error('Credential retrieval failed or was canceled.');
}
// 3. Convert result to JSON and send to server
const jsonableCredential = convertPublicKeyCredentialToJsonable(credential as PublicKeyCredential);
const resp = {
requestResponse: {
attestationResponse : jsonableCredential,
}
};
// AppServer's "/login/finish" calls FSS WebAPI's "/authenticate/finish".
await api.post('/login/finish', resp);Info
After calling the start API, it is necessary to inherit the cookie of the start API when calling the finish API. Please check the specifications of your HTTP request library and implement it to inherit cookies appropriately.
Request Parameters
{
"requestOptionsBase" : {
"timeout" : 120000,
"userVerification" : "required",
"hints" : [ "security-key", "client-device", "hybrid"],
"extensions" : {
...
}
},
"userId" : "xxxxxxxxxxxxxxxx",
"options" : {}
}| Key | Type | Content |
|---|---|---|
| requestOptionsBase | Basic part of WebAuthn's
PublicKeyCredentialRequestOptions.*Basically, it conforms to PublicKeyCredentialRequestOptions, but the following points are different from
PublicKeyCredentialRequestOptions.
|
|
| timeout | number | Timeout value (milliseconds). Optional. Corresponds to
timeout of
PublicKeyCredentialRequestOptions. |
| userVerification | UserVerificationRequirement | Requirement for user verification. Optional. Corresponds to
userVerification of
PublicKeyCredentialRequestOptions. Specify
required,
preferred, or
discouraged. |
| hints | PublicKeyCredentialHint[] | Authenticator type hint information. Optional. Corresponds to
hints of
UserVerificationRequirement. |
| extensions | AuthenticationExtensionsClientInputsJSON | Requirements for extensions. Optional. Corresponds to
extensions of
UserVerificationRequirement. |
| userId | Buffer | User ID. Optional. If omitted, it is treated as authentication of a DiscoverableCredential. |
| options | Option information. Optional. There is no implementation at this time. |
Response Data
{
"requestOptions" : {
"allowCredentials" : [
...
],
"challenge" : "xxxxxxxxxxxxxxxx",
...
},
"user" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
...
}
}| Key | Type | Content |
|---|---|---|
| requestOptions | PublicKeyCredentialRequestOptionsJSON | Parameter to be passed to the
publicKey property of the
navigator.credentials.get method argument. It is necessary to convert from
PublicKeyCredentialRequestOptionsJSON type to
PublicKeyCredentialRequestOptions type before actually passing it. |
| user | UserData | User information of the credential registration target. Not included if userId is not specified. |
Expected Errors
PARAMETER_ERROR: If the format of each input value is incorrect.NOT_FOUND: If the user does not exist.
If an error occurs during API execution, additional information may be set in If an error that the user does not exist occurs, the
Info
appSubStatus.errorCode of the response. For details, please see WebAPI Common Information.
Info
signalAllAcceptedCredentialsOptions property is added to appSubStatus. In the case of a browser/passkey provider that supports SignalAPI, it is possible to remove passkeys that do not exist on the server side from the passkey provider side by calling the PublicKeyCredential:signalAllAcceptedCredentials method with this property as an argument.
authenticate/finish
Verifies the result of credential (passkey) authentication.
Verifies the execution result of
Verifies the execution result of
navigator.credentials.get to confirm that the authenticator has returned a correct response.
Info
After calling the start API, it is necessary to inherit the cookie of the start API when calling the finish API. Please check the specifications of your HTTP request library and implement it to inherit cookies appropriately.
Request Parameters
{
"requestResponse" : {
"attestationResponse" : {
"authenticatorAttachment" : "platform",
"id" : "xxxxxxxx",
"response" : "xxxxxx........",
...
},
},
"options" : {}
}| Key | Type | Content |
|---|---|---|
| createResponse | Credential registration information | |
| requestResponse | PublicKeyCredentialJSON | string | JSON representation of the return value of the
navigator.credentials.get method. If passed as a
string, it is parsed and processed as a JSON string. |
| options | Option information. Optional. There is no implementation at this time. |
Response Data
{
"user" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
...
},
"credential" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
"credentialId" : "xxxxxxxxxxxxxxxx",
...
},
"signalAllAcceptedCredentialsOptions" : {
"rpId" : "xxx.xxx.xxx",
...
},
"signalCurrentUserDetailsOptions" : {
"rpId" : "xxx.xxx.xxx",
...
}
}| Key | Type | Content |
|---|---|---|
| user | UserData | User information of the authenticated credential. |
| credential | CredentialData | Authenticated credential information. |
| signalAllAcceptedCredentialsOptions | SignalAllAcceptedCredentialsOptions | Data used for the argument of PublicKeyCredential:signalAllAcceptedCredentials. |
| signalCurrentUserDetailsOptions | SignalCurrentUserDetailsOptions | Data used for the argument of PublicKeyCredential:signalCurrentUserDetails. |
Expected Errors
PARAMETER_ERROR: If the format of each input value is incorrect.NOT_FOUND: If the user/credential to be registered does not exist.
If an error occurs during API execution, additional information may be set in If an error that the user/credential does not exist occurs, the
Info
appSubStatus.errorCode of the response. For details, please see WebAPI Common Information.
Info
signalAllAcceptedCredentialsOptions property or the signalUnknownCredentialOptions property is added to appSubStatus. In the case of a browser/passkey provider that supports SignalAPI, it is possible to remove passkeys that do not exist on the server side from the passkey provider side by calling the PublicKeyCredential:signalAllAcceptedCredentials method or the PublicKeyCredential:signalUnknownCredential method corresponding to each property name with it as an argument.
getCredential
Gets a single credential's information.
Request Parameters
{
"userId" : "xxxxxxxxxxxxxxxx",
"credentialId" : "xxxxxxxxxxxxxxxx",
"withDisabledUser" : false,
"withDisabledCredential" : false
}| Key | Type | Content |
|---|---|---|
| userId | Buffer | User ID of the credential to get. |
| credentialId | Buffer | Credential ID of the credential to get. |
| withDisabledUser | boolean | Optional (false if omitted). Whether to include disabled users. |
| withDisabledCredential | boolean | Optional (false if omitted). Whether to include disabled credentials. |
Response Data
{
"user" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
...
},
"credential" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
"credentialId" : "xxxxxxxxxxxxxxxx",
...
}
}| Key | Type | Content |
|---|---|---|
| user | UserData | User information. |
| credential | CredentialData | Credential information. |
Expected Errors
NOT_FOUND: If user information/credential information is not found.
updateCredential
Updates credential information.
Request Parameters
{
"credential" : {
"userId" : "xxxxxxxxxxxxxxxx",
"credentialId" : "xxxxxxxxxxxxxxxx",
"credentialName" : "xxxxxxxx",
"credentialAttributes" : {
...
},
"disabled" : false,
"updated" : "2025-08-01T00:00:00.000Z"
},
"options" : {
"withUpdatedCheck" : false,
}
}| Key | Type | Content |
|---|---|---|
| credential | CredentialDataUpdateParameter | Credential information to update. (Most properties in
CredentialData cannot be specified) |
| userId | Buffer | User ID. |
| credentialId | Buffer | Credential ID. |
| credentialName | string | Credential name. |
| credentialAttributes | { [key : string] : any } | null | Credential attributes. |
| disabled | boolean | Disabled flag. |
| updated | Date | Update date and time. If
withUpdatedCheck is enabled, an error will occur if this parameter is different from the registered update date and time. |
| options | Update options. Optional. | |
| withUpdatedCheck | boolean |
true to verify that the
updated value matches.
false if omitted. |
Response Data
{
"user" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
...
},
"credential" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
"credentialId" : "xxxxxxxxxxxxxxxx",
...
}
}| Key | Type | Content |
|---|---|---|
| user | UserData | User information. |
| credential | CredentialData | Updated credential information. |
Expected Errors
PARAMETER_ERROR: If the format of each input value is incorrect.NOT_FOUND: If the user/credential does not exist.UPDATE_ERROR: IfwithUpdatedCheckistrueandupdatedis different from the registered information.
deleteCredential
Deletes credential information.
Request Parameters
{
"userId" : "xxxxxxxxxxxxxxxx",
"credentialId" : "xxxxxxxxxxxxxxxx"
}| Key | Type | Content |
|---|---|---|
| userId | Buffer | User ID of the credential to delete. |
| credentialId | Buffer | Credential ID of the credential to delete. |
Response Data
{
"user" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
...
},
"credential" : {
"rpId" : "xxx.xxx.xxx",
"userId" : "xxxxxxxxxxxxxxxx",
"credentialId" : "xxxxxxxxxxxxxxxx",
...
},
"signalUnknownCredentialOptions":{
"rpId" : "xxx.xxx.xxx",
"credentialId" : "xxxxxxxxxxxxxxxx"
}
}| Key | Type | Content |
|---|---|---|
| user | UserData | User information of the deleted credential. |
| credential | CredentialData | Deleted credential information. |
| signalUnknownCredentialOptions | SignalUnknownCredentialOptions | Data used for the argument of PublicKeyCredential:signalUnknownCredential. |
Expected Errors
NOT_FOUND: If the user/credential does not exist.