Manage sessions that provide context for WebAuthn APIs
Auth Sessions
Download OpenAPI description
Languages
Servers
Sandbox environment
https://api.sbx.transmitsecurity.io/cis/
Production environment (US)
https://api.transmitsecurity.io/cis/
Production environment (EU)
https://api.eu.transmitsecurity.io/cis/
Production environment (CA)
https://api.ca.transmitsecurity.io/cis/
Production environment (AU)
https://api.au.transmitsecurity.io/cis/
Bodyapplication/jsonrequired
URI required to complete the WebAuthn flow. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal
Flat object that contains the data that your customer should approve for a transaction signing or custom approval flow. It can contain up to 10 keys, and only alphanumeric characters, underscores, hyphens, and periods. It will be returned as a claim in the ID token upon successful authentication.
Example: {"transaction_id":"eFII2y40uB9hQ98nXt3tc1IHkRt8GrRZiqZuRn_59wT","sum":"200"}
- Sandbox environmenthttps://api.sbx.transmitsecurity.io/cis/v1/auth-session/start-restricted
- Production environment (US)https://api.transmitsecurity.io/cis/v1/auth-session/start-restricted
- Production environment (EU)https://api.eu.transmitsecurity.io/cis/v1/auth-session/start-restricted
- Production environment (CA)https://api.ca.transmitsecurity.io/cis/v1/auth-session/start-restricted
- Production environment (AU)https://api.au.transmitsecurity.io/cis/v1/auth-session/start-restricted
- cURL
- Node.js
- Go
- JavaScript
- Java
- Python
curl -i -X POST \
https://api.sbx.transmitsecurity.io/cis/v1/auth-session/start-restricted \
-H 'Content-Type: application/json' \
-H 'User-Agent: string' \
-d '{
"session_expiration": 0,
"client_id": "string",
"cross_device": {
"binding_message": "string"
},
"redirect_uri": "string",
"approval_data": {
"transaction_id": "eFII2y40uB9hQ98nXt3tc1IHkRt8GrRZiqZuRn_59wT",
"sum": "200"
}
}'Response
application/json
{ "auth_session_id": "string" }
- Sandbox environmenthttps://api.sbx.transmitsecurity.io/cis/v1/auth-session/status
- Production environment (US)https://api.transmitsecurity.io/cis/v1/auth-session/status
- Production environment (EU)https://api.eu.transmitsecurity.io/cis/v1/auth-session/status
- Production environment (CA)https://api.ca.transmitsecurity.io/cis/v1/auth-session/status
- Production environment (AU)https://api.au.transmitsecurity.io/cis/v1/auth-session/status
- cURL
- Node.js
- Go
- JavaScript
- Java
- Python
curl -i -X POST \
https://api.sbx.transmitsecurity.io/cis/v1/auth-session/status \
-H 'Content-Type: application/json' \
-H 'x-ts-device-binding-token: string' \
-d '{
"auth_session_id": "string"
}'Auth session status
Indicates global session status. A session is completed only once the authorization code is exchanged for tokens
Enum"in-progress""completed"
Indicates device status in a cross-device flow. The status is completed only once the device is detached
Enum"pending-attachment""attached""registered""authenticated""completed"
Response
application/json
{ "session_status": "in-progress", "cross_device_status": "pending-attachment", "cross_device_result": { "auth_code": "string" } }
- Sandbox environmenthttps://api.sbx.transmitsecurity.io/cis/v1/auth-session/attach-device
- Production environment (US)https://api.transmitsecurity.io/cis/v1/auth-session/attach-device
- Production environment (EU)https://api.eu.transmitsecurity.io/cis/v1/auth-session/attach-device
- Production environment (CA)https://api.ca.transmitsecurity.io/cis/v1/auth-session/attach-device
- Production environment (AU)https://api.au.transmitsecurity.io/cis/v1/auth-session/attach-device
- cURL
- Node.js
- Go
- JavaScript
- Java
- Python
curl -i -X POST \
https://api.sbx.transmitsecurity.io/cis/v1/auth-session/attach-device \
-H 'Content-Type: application/json' \
-H 'User-Agent: string' \
-d '{
"auth_session_id": "string",
"user_agent": "string"
}'Response
application/json
{ "binding_info": { "binding_message": "string", "originating_device": { … }, "approval_data": {} } }
- Sandbox environmenthttps://api.sbx.transmitsecurity.io/cis/v1/auth-session/detach-device
- Production environment (US)https://api.transmitsecurity.io/cis/v1/auth-session/detach-device
- Production environment (EU)https://api.eu.transmitsecurity.io/cis/v1/auth-session/detach-device
- Production environment (CA)https://api.ca.transmitsecurity.io/cis/v1/auth-session/detach-device
- Production environment (AU)https://api.au.transmitsecurity.io/cis/v1/auth-session/detach-device
- cURL
- Node.js
- Go
- JavaScript
- Java
- Python
curl -i -X POST \
https://api.sbx.transmitsecurity.io/cis/v1/auth-session/detach-device \
-H 'Content-Type: application/json' \
-d '{
"auth_session_id": "string"
}'