Download OpenAPI specification:Download
Login users with native mobile biometrics. This process relies on the device ability to leverage built-in biometric sensors. To support mobile biometrics in the app, first implement the SDK call that creates an authenticator (cryptographic key-pair) on the end-user device and then register this authenticator with Transmit. The private key remains securely stored on the device and protected by biometrics, while the public key is registered with Transmit for a given user. To authenticate, the device uses mobile biometrics to access the private key and to sign a challenge that gets verified by Transmit. Note: registration and authentication are two-step procedures that start by calling the client-side SDK provided by Transmit, and complete using these APIs.
Completes authentication in Transmit. Before calling this API, invoke the client-side SDK provided by Transmit to sign a challenge using the private key stored by the device, which only occurs after the user verifies themselves with biometrics. Returns an access token for the user associated with the key.
resource | string Resource URI the authentication request is attempting to access, which is reflected in the audience ( |
object Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. | |
org_id | string Organization ID, used for member login in B2B scenarios |
object Client attributes | |
session_id | string Used to associate the authentication with an existing session (such as for MFA). If unspecified, a new session is created and the session ID is returned. |
signature required | string Signed challenge returned by SDK authentication call |
challenge required | string A string used to create attestation |
key_id required | string ID of the key |
user_id required | string ID of the user |
Returns user tokens
{- "resource": "string",
- "claims": {
- "id_token": {
- "roles": null
}
}, - "org_id": "string",
- "client_attributes": {
- "user_agent": "string",
- "ip_address": "string"
}, - "session_id": "string",
- "signature": "string",
- "challenge": "string",
- "key_id": "string",
- "user_id": "string"
}
{- "access_token": "string",
- "id_token": "string",
- "refresh_token": "string",
- "token_type": "string",
- "expires_in": 3600,
- "session_id": "string"
}
Completes mobile biometrics registration in Transmit. Before calling this API, create an authenticator (cryptographic key-pair) on the end-user's device by invoking the client-side SDK provided by Transmit. This API must be called from the backend using the user access token returned upon successful authentication. If successful, the mobile biometrics authenticator will be registered for the user that corresponds to the authorization token.
Register mobile biometrics
{- "publicKey": "string",
- "publicKeyId": "string",
- "challenge": "string",
- "attestation_encoded_result": "string",
- "os": "string"
}
{- "error_code": "invalid_request",
- "message": "Invalid request: property should not be null or undefined"
}
Deletes mobile biometrics authenticator for a user that is currently logged in. This API must be called from the backend using the user access token. If successful, the key will be deleted for the user that corresponds to the authorization token.
Key deleted
{- "publicKeyId": "string"
}
{- "error_code": "invalid_request",
- "message": "Invalid request: property should not be null or undefined"
}