Download OpenAPI specification:Download
Device keys are used to cryptographically bind devices to a user for strong device identification. This allows the device to act as a user-identifying factor, and allows elevating trust for known devices.
These APIs are used to manage and verify bound devices for a user and application. The device may correspond to either a browser (for web apps) or a mobile device (for mobile apps).
Device binding relies on a cryptographic key-pair generated by the device. The private key is securely stored on the device (typically protected by biometrics or a PIN), while the public key is stored by Transmit for a given user. When needed, the device uses the private key to sign a challenge that Transmit verifies using the public key.
Note: This feature requires the client to implement the relevant cryptography APIs exposed by the browser or mobile platform (Android or iOS).
Registers a device key in the platform for a specific user and app. Device keys are generated by the client using the relevant cryptography APIs exposed by the browser or mobile platform (Android or iOS). Once registered, the device key cryptographically binds the device to the given user for secure device identification.
Note: The key should be generated using the RSA-PSS algorithm and SHA-256 hash.
Device key added
{- "key_id": "string",
- "display_name": "string",
- "custom_data": { },
- "public_key": "string"
}Retrieves all the device keys registered for a specific user. This can be used to display a list of the user's devices.
{- "result": [
- {
- "status": "Active",
- "display_name": "string",
- "custom_data": { },
- "key_id": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z"
}
]
}Retrieves a specific device key. For example, this can be used to verify that the device key exists and is active.
{- "result": {
- "status": "Active",
- "display_name": "string",
- "custom_data": { },
- "key_id": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z"
}
}Updates the metadata of a device key, such as the friendly device name or other custom data.
Device key updated
{- "display_name": "string",
- "custom_data": { }
}Unregisters the user's device. For example, it can be used in case the device is lost, stolen, or no longer in the user's possession.
Device key deleted
Verifies that the user's device is in their possession. Before calling this API, the device signs a challenge using the private key stored by the device. This API is used to verify the signed challenge using the device public key. In case the device is blocked, this validation will fail.
Note: The challenge should be generated by your client backend.
{- "challenge": "string",
- "signature": "string"
}{- "result": true
}Block a user's device. Once blocked, the device status will be Blocked and device validation will fail if requested.
Device blocked
Unblocks a user's device. Once unblocked, the device status returns to Active and the device can be verified using the device key.
Device unblocked