# User Authenticators Manage user authenticators, such as WebAuthn credentials, TOTP authenticators, and more. These APIs allow you to view and manage the authenticators that were registered for a given user. ## Servers Sandbox environment ``` https://api.sbx.transmitsecurity.io/cis ``` Production environment (US) ``` https://api.transmitsecurity.io/cis ``` Production environment (EU) ``` https://api.eu.transmitsecurity.io/cis ``` Production environment (CA) ``` https://api.ca.transmitsecurity.io/cis ``` Production environment (AU) ``` https://api.au.transmitsecurity.io/cis ``` ## Security ### bearer Type: http Scheme: bearer Bearer Format: JWT ### UserAccessToken A token returned upon end-user authentication, which provides access to resources and data for the user and app for which it was generated Type: http Scheme: bearer Bearer Format: JWT ### AdminAccessToken A token generated by a management application using the [token endpoint](/openapi/token.openapi/other/getaccesstoken). It provides access to all resources for the tenant and its apps Type: oauth2 ### ClientAccessToken A token generated by an end-user application using the [token endpoint](/openapi/token.openapi/other/getaccesstoken). It provides access to resources and data on the tenant level or associated with the specific application (but not other apps in the tenant) Type: oauth2 ### OrgAdminAccessToken A token returned upon B2B authentication for a user that has the organizationAdmin or organizationCreator role. Type: oauth2 ## Download OpenAPI description [User Authenticators](https://developer.transmitsecurity.com/_bundle/openapi/user/authenticators.openapi.yaml) ## Other ### User authenticators - [GET /v1/users/{userId}/authenticators](https://developer.transmitsecurity.com/openapi/user/authenticators.openapi/other/userauthenticators.md): List of authenticators for a user. Required permissions: organizations:read, orgs:read, users:read, apps:read, [appId]:read, authenticators:read. ### Unlock authenticator - [POST /v1/users/{user_id}/authenticators/{authenticator_id}/unlock](https://developer.transmitsecurity.com/openapi/user/authenticators.openapi/other/unlockuserauthenticator.md): Unlocks a user's authenticator by clearing all attempts data for the locked user. Required permissions: apps:edit, [appId]:edit, authenticators:edit. ### Unlock authenticator by type - [POST /v1/users/{user_id}/authenticators/types/{authenticator_type}/unlock](https://developer.transmitsecurity.com/openapi/user/authenticators.openapi/other/unlockuserauthenticatorbytype.md): Unlocks a user's authenticator by type by clearing all attempts data for the locked user. Required permissions: apps:edit, [appId]:edit, authenticators:edit. ### Lock authenticator - [POST /v1/users/{user_id}/authenticators/{authenticator_id}/lock](https://developer.transmitsecurity.com/openapi/user/authenticators.openapi/other/lockuserauthenticator.md): Locks a user's authenticator by setting status to Locked. Required permissions: apps:edit, [appId]:edit, authenticators:edit. ### Delete authenticator - [DELETE /v1/users/{user_id}/authenticators/{authenticator_id}](https://developer.transmitsecurity.com/openapi/user/authenticators.openapi/other/deleteuserauthenticator.md): Deletes a user's authenticator by ID. Required permissions: apps:delete, [appId]:delete, authenticators:delete. ### Unlock authenticator by type (deprecated) - [POST /v1/users/{user_id}/authenticators/{authenticator_type}/unlock](https://developer.transmitsecurity.com/openapi/user/authenticators.openapi/other/unlockuserauthenticatorbytypedeprecated.md): Unlocks a user's authenticator by type by clearing all attempts data for the locked user. Deprecated: Use /authenticators/types/{authenticator_type}/unlock instead.Required permissions: apps:edit, [appId]:edit, authenticators:edit.