List current user's passkeys.
GET
/api/account/passkeys
Code sample: Shell / cURL
curl --request GET \ --url https://auth.example.com/api/account/passkeys \ --cookie authrim_session=<authrim_session>Returns passkeys registered to the authenticated Account Page user without credential IDs, public keys, or counters on each display item. The response may include a separate WebAuthn Signal API payload for browser-side passkey provider synchronization.
Authorizations
Section titled “Authorizations ”Responses
Section titled “ Responses ”Account Page passkey list response.
Media type application/json
object
passkeys
required
Array<object>
object
id
required
string
device_name
required
string | null
aaguid
required
Display-only WebAuthn authenticator AAGUID. Do not use for trust decisions.
string | null
provider
required
created_at
required
integer
last_used_at
required
integer | null
total
required
integer
webauthn_signal
Best-effort WebAuthn Signal API data for authenticated Account Page browser sessions. Credential IDs are exposed only in this authenticated self-service response and are intended for PublicKeyCredential.signalAllAcceptedCredentials().
object
rp_id
required
string
user_id
required
Base64url-encoded WebAuthn user handle.
string
credential_ids
required
Base64url-encoded credential IDs accepted by the server for this user.
Array<string>
Example
{ "webauthn_signal": { "rp_id": "login.example.com", "user_id": "dXNlci0xMjM" }}Error response.
Media type application/json
object
error
string
message
string
error_description
string
key
additional properties
Example generated
{ "error": "example", "message": "example", "error_description": "example"}Error response.
Media type application/json
object
error
string
message
string
error_description
string
key
additional properties
Example generated
{ "error": "example", "message": "example", "error_description": "example"}