Request verify MFA using WebAuthN

Authentication and Identity Management

Frontegg offers a comprehensive suite of authentication, user management, and security features to streamline identity management and enhance application security. This section provides an overview of all relevant API endpoints, organized into Authentication, Management, and Self-Service categories.

Authentication Endpoints: Enable secure user login, multi-factor authentication (MFA), passwordless options, and social login integrations, allowing for a flexible and robust sign-in experience.

Management Endpoints: Require environment-level authorization and provide full control over SSO (SAML and OpenID Connect) resources, user roles, permissions, and configurations. These endpoints are designed for administrative use, allowing for centralized identity and access management.

Self-Service Endpoints: Accessible with a user token (JWT), these endpoints empower users to manage their SSO connections and other account settings. Users with the necessary permissions can create, update, or delete SSO configurations directly, ensuring they have the tools to manage their access securely and independently.

Each category in this section helps you configure and extend Frontegg’s capabilities, providing the flexibility to manage user identities, authentication protocols, and access controls as per your application’s needs.

Complete enrollment in multi-factor authentication (MFA) using WebAuthn.

This endpoint verifies and registers a WebAuthn device, such as a biometric sensor (Platform) or hardware security key (CrossPlatform), finalizing the setup after the initial challenge.

The request must include:

deviceType: Type of device being enrolled. Accepts Platform (e.g., fingerprint scanner) or CrossPlatform (e.g., USB security key).
webauthnToken: Token received during the WebAuthn pre-enrollment step.
options: WebAuthn attestation data collected from the client.
- id: Device identifier.
- response: WebAuthn attestation response.
  - clientDataJSON: Base64-encoded client data from the browser.
  - attestationObject: Base64-encoded attestation object from the authenticator.
- deviceType (optional): May repeat the selected device type.
mfaToken: Token used to authorize MFA enrollment.
rememberDevice (optional): Set to true to remember the device and reduce MFA prompts on future logins.

Use this endpoint to complete WebAuthn-based MFA enrollment and register the user's trusted device.

curl -i -X POST \ https://api.frontegg.com/identity/resources/auth/v1/user/mfa/webauthn/enroll/verify \ -H 'Authorization: Bearer <YOUR_JWT_HERE>' \ -H 'Content-Type: application/json' \ -d '{ "deviceType": "Platform", "webauthnToken": "string", "options": { "id": "string", "response": { "clientDataJSON": "string", "attestationObject": "string" }, "deviceType": "Platform" }, "mfaToken": "string", "rememberDevice": true }'

curl -i -X POST \ 'https://api.frontegg.com/identity/resources/auth/v1/user/mfa/webauthn/{deviceId}' \ -H 'Authorization: Bearer <YOUR_JWT_HERE>' \ -H 'Content-Type: application/json' \ -d '{ "mfaToken": "string" }'

Verify a multi-factor authentication (MFA) challenge using a WebAuthn device.

This endpoint completes MFA verification using a previously registered WebAuthn device such as a biometric sensor or hardware security key.

Path parameters:

deviceId: The unique identifier of the registered WebAuthn device to be verified.

Request body must include:

webauthnToken: Token received from the server to initiate the WebAuthn challenge.
options: WebAuthn authentication response returned by the browser.
- id: The credential ID of the WebAuthn device.
- response: Object containing attestation data from the authenticator.
  - clientDataJSON: Base64-encoded client data.
  - authenticatorData: Base64-encoded data from the authenticator.
  - signature: Signature from the authenticator, proving user presence.
  - userHandle: The user's handle used during registration.
- recaptchaToken (optional): Token to verify human interaction, if reCAPTCHA is enabled.
- invitationToken (optional): Used when completing an MFA challenge as part of an invitation flow.
mfaToken: Token issued during the initial authentication step.
rememberDevice (optional): If set to true, this device will be remembered for future logins to reduce MFA prompts.

Use this endpoint to complete WebAuthn-based MFA verification and confirm the user's identity using a secure hardware or platform authenticator.

curl -i -X POST \ 'https://api.frontegg.com/identity/resources/auth/v1/user/mfa/webauthn/{deviceId}/verify' \ -H 'Authorization: Bearer <YOUR_JWT_HERE>' \ -H 'Content-Type: application/json' \ -d '{ "webauthnToken": "string", "options": { "id": "string", "response": { "clientDataJSON": "string", "authenticatorData": "string", "signature": "string", "userHandle": "string" }, "recaptchaToken": "string", "invitationToken": "string" }, "mfaToken": "string", "rememberDevice": true }'

Authentication and Identity Management

API token

General

MFA

Enroll MFA using WebAuthN

RequestExpand all

Responses

How useful was this page?