Get authentication options

GET

/auth/authentication

Production
Sandbox

Initiates WebAuthn authentication by generating authentication options for a user. Sets a session HTTP-only cookie. This endpoint provides the necessary challenge, relying party info, and credential parameters required for client-side WebAuthn authentication.

SIWE Flow

When called with an Ethereum address as credentialId, this endpoint creates a SIWE challenge message that proves ownership of the address. The server generates a cryptographic nonce, sets it as a short-lived HTTP-only session_id cookie, and returns a formatted SIWE message containing the challenge, domain, and expiration time.

Parameters

Query Parameters

credentialId

Any of:

Ethereum address
Credential identifier

Ethereum address

Address to sign in with. Required for Sign-in with Ethereum.

string

Responses

200

WebAuthn authentication options

Any of:

Sign-in with Ethereum
WebAuthn

Sign-in with Ethereum

object

method

required

Method

Sign-in with Ethereum.

Allowed values: siwe

address

required

Address

Address to sign in with.

string

message

required

Message

Message to sign.

string

WebAuthn

object

method

required

Method

WebAuthn.

Allowed values: webauthn

timeout

Time limit

Maximum time to complete authentication.

number

rpId

Service domain

Domain being authenticated with.

string

allowCredentials

Valid authenticators

List of authenticators that can be used for authentication.

Array<object>

object

required

Credential identifier

Unique identifier for the authenticator.

string

/^[\w-]+$/

type

required

Credential type

Always public-key for WebAuthn.

Allowed values: public-key

transports

Transport methods

How the authenticator can be used.

Array<string>

usb

userVerification

User verification

Whether user presence must be verified.

Allowed values: discouraged preferred required

extensions

Extensions

Additional features to enable.

object

key

additional properties