Generate a replacement Admin UI setup token.
curl --request POST \ --url https://auth.example.com/api/admin/setup-token/generate \ --header 'Content-Type: application/json' \ --data '{ "admin_user_id": "admin_123", "recovery_key": "recovery_key" }'Uses the recovery key to revoke pending setup tokens for an admin user and issue a new Admin UI setup token for passkey registration.
Request Body required
Section titled “Request Body required ”object
Example
{ "admin_user_id": "admin_123", "recovery_key": "recovery_key"}Responses
Section titled “ Responses ”Successful JSON response.
object
object
Example
{ "token": "admin_setup_token_123", "expires_at": 1770086400000, "admin_user": { "id": "admin_123", }}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}