Verify WebAuthn Authentication (beta)

curl --request POST \
  --url https://api.moonkey.fun/v1/auth/webauthn/verify \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "public_key_credential": {
    "type": "public-key",
    "id": "AfrWIdqBscVPZiKM2SufpRbnJoFKi-YO_PXT4AGROgkuLuxeMI_JtqGmjZNbjAr4poY2hrVNtIHpKEg0_n4wonWzqxUL1gXS5KF9BgSbOLYFbz5n07W2",
    "rawId": "AfrWIdqBscVPZiKM2SufpRbnJoFKi-YO_PXT4AGROgkuLuxeMI_JtqGmjZNbjAr4poY2hrVNtIHpKEg0_n4wonWzqxUL1gXS5KF9BgSbOLYFbz5n07W2",
    "response": {
      "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiMG50bXhaWUEzOEJfMlJMUjdNTXlpeDk4RmVhd3BfVmRocUs0MVVHNFFpQSIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6MTIzNCIsImNyb3NzT3JpZ2luIjpmYWxzZX0",
      "authenticatorData": "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFYmcd8w",
      "signature": "MEUCIHK7P7LOo8O-F9hyyNAziMJAB7mXrWanv1hjWb9LS5MfAiEApfIwc7uFVGW7dIvxJe1_YwR0_F6a_6GsxT7mCY9e2iU",
      "userHandle": "dXNlcl8yNmw3ZGJmQVk1OWZ0ZWptbTZtM09UZjRvejE"
    },
    "clientExtensionResults": {}
  }
}
'

{
  "user_id": "user_26l7dbfAY59ftejmm6m3OTf4oz1",
  "webauthn_credential_id": "webauthn_28AdsbHW3wTDHNpywVZnhxxogKQ",
  "session_token": "",
  "session_jwt": "",
  "session": null
}

WebAuthn

Verify WebAuthn Authentication (beta)

Verify and complete a WebAuthn credential authentication request. This endpoint requires that a user already exists and the BeginWebAuthnAuthentication has been called. Pass in the response from navigator.credentials.get(options) into public_key_credential as a JSON object. If you are using the webauthn-json library, pass in the response from let response = await get(options).

HTTP Request

POST /v1/auth/webauthn/verify

Returns

A successful response returns a webauthn_credential_id property and user_id property.

POST

auth

webauthn

verify

Verify WebAuthn Authentication (beta)

curl --request POST \
  --url https://api.moonkey.fun/v1/auth/webauthn/verify \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "public_key_credential": {
    "type": "public-key",
    "id": "AfrWIdqBscVPZiKM2SufpRbnJoFKi-YO_PXT4AGROgkuLuxeMI_JtqGmjZNbjAr4poY2hrVNtIHpKEg0_n4wonWzqxUL1gXS5KF9BgSbOLYFbz5n07W2",
    "rawId": "AfrWIdqBscVPZiKM2SufpRbnJoFKi-YO_PXT4AGROgkuLuxeMI_JtqGmjZNbjAr4poY2hrVNtIHpKEg0_n4wonWzqxUL1gXS5KF9BgSbOLYFbz5n07W2",
    "response": {
      "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiMG50bXhaWUEzOEJfMlJMUjdNTXlpeDk4RmVhd3BfVmRocUs0MVVHNFFpQSIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6MTIzNCIsImNyb3NzT3JpZ2luIjpmYWxzZX0",
      "authenticatorData": "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFYmcd8w",
      "signature": "MEUCIHK7P7LOo8O-F9hyyNAziMJAB7mXrWanv1hjWb9LS5MfAiEApfIwc7uFVGW7dIvxJe1_YwR0_F6a_6GsxT7mCY9e2iU",
      "userHandle": "dXNlcl8yNmw3ZGJmQVk1OWZ0ZWptbTZtM09UZjRvejE"
    },
    "clientExtensionResults": {}
  }
}
'

{
  "user_id": "user_26l7dbfAY59ftejmm6m3OTf4oz1",
  "webauthn_credential_id": "webauthn_28AdsbHW3wTDHNpywVZnhxxogKQ",
  "session_token": "",
  "session_jwt": "",
  "session": null
}

Authorizations

Authorization

string

header

required

Auth Platform API includes all the Auth related features. All Users, Phone Numbers, Emails, and OTPs are associated with an App as the container.

Endpoints only accept App's Secret API keys other than certain endpoints that are used client side or via SDK that accept the public_token.

Authentication using App Api Key

Header:

Authorization: Bearer {api_key}

Authenticated Request

curl \
  -X GET https://api.moonkey.fun/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2 \
  -H "Authorization: Bearer sk_test_pRqweh3wvWmJAAVYv7Z0T5iPLzFM4ql0muoyQcjOxGeN3p1r"

Body

application/json

public_key_credential

object

required

Show child attributes

public_key_credential.type

string

required

Minimum string length: 1

public_key_credential.id

string

required

Minimum string length: 1

public_key_credential.rawId

string

required

Minimum string length: 1

public_key_credential.response

object

required

Show child attributes

public_key_credential.response.clientDataJSON

string

required

Minimum string length: 1

public_key_credential.response.authenticatorData

string

required

Minimum string length: 1

public_key_credential.response.signature

string

required

Minimum string length: 1

public_key_credential.response.userHandle

string

required

Minimum string length: 1

public_key_credential.clientExtensionResults

object

required

session_expires_in

number

Optional Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). This parameter will create a new session if there is no existing session along with a session_token and session_jwt. However, if a valid session_token or session_jwt is sent in, it will extend that session by the minutes specified. If not sent in, no session will be created by default.

session_token

string

Optional Unique session token to verify.

session_jwt

string

Optional Unique Session JWT to verify.

Response

200 - application/json

user_id

string

required

Minimum string length: 1

webauthn_credential_id

string

required

Minimum string length: 1

session_token

string

session_jwt

string

session

Session · object

Show child attributes

session.id

string

required

Minimum string length: 1

session.user_id

string

required

Minimum string length: 1

session.session_token

string

required

Minimum string length: 1

session.started_at

number

required

session.expires_at

number

required

session.last_active_at

number

required

session.factors

object[]

required

Minimum array length: 1

Show child attributes

session.factors.delivery_channel

string

required

Delivery channel for this factor. Possible values: sms, email, totp_authenticator, totp_recovery_code, google_oauth, apple_oauth, microsoft_oauth, discord_oauth, okta_oauth, github_oauth, slack_oauth, facebook_oauth, webauthn_credential, eth_wallet, sol_wallet.

Minimum string length: 1

session.factors.type

string

required

Authentication type of factor. Possible values: otp, oauth, wallet, totp, webauthn.

Minimum string length: 1

session.factors.method

object

required

Show child attributes

session.factors.method.method_id

string

required

Minimum string length: 1

session.factors.method.method_type

string

required

Identifier method type. Possible values: email, wallet, phone_number, webauthn.

Minimum string length: 1

session.factors.method.last_verified_at

number

required

session.factors.method.id

string

session.factors.method.phone_number_id

string

Minimum string length: 1

session.factors.method.phone_number

string

Minimum string length: 1

session.factors.method.email_id

string

session.factors.method.email

string

session.factors.method.wallet_type

string

session.factors.method.wallet_id

string

session.factors.method.wallet_public_address

string

session.factors.method.totp_id

string

session.factors.method.webauthn_credential_id

string

session.factors.method.provider_subject

string

session.device_fingerprint

object

required

Show child attributes

session.device_fingerprint.user_agent

string

required

session.device_fingerprint.ip

string

required

Minimum string length: 1

session.updated_at

number

required

session.created_at

number

required

Initiate WebAuthn Authentication (beta)Login or Create User by Magic Link

⌘I

API Reference

Managed Wallets

Users

OTPs

OAuth

Sessions

TOTP (Time-based one-time passcode)

Wallets Login

Passwords

Transfers

WebAuthn

Magic Links (Deprecated)

Verify WebAuthn Authentication (beta)

HTTP Request

Returns

Authorizations

Authentication using App Api Key

Header:

Authenticated Request

Body

Response