Reference / Auth

Begin a passkey **second factor** for an MFA-gated sign-in. Publishable.

POST /v1/auth/passkeys/mfa/begin
End-user session operationId: passkey_mfa_begin

Authorization

Called from the browser with the publishable application id (x-application-id); the access token lives in memory.

Request body · required

  • origin string required
  • pending_token string required

Responses

200 Assertion options
{
  "data": {
    "options": {},
    "state": "string"
  },
  "error": {
    "code": "string",
    "message": "string"
  },
  "meta": {
    "timestamp": "string"
  },
  "success": false
}

Request

curl -X POST "http://localhost:8080/v1/auth/passkeys/mfa/begin" \
  -H "Content-Type: application/json" \
  -d '{
  "origin": "string",
  "pending_token": "string"
}'

Try it

live request
POST http://localhost:8080/v1/auth/passkeys/mfa/begin

Request body

application/json