Authentication API
Endpoints for managing authentication.
WebAuthn Registration
Start the passkey registration process.
POST /auth/register/start
curl -X POST https://ssiat.dev/api/v1/auth/register/start \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"name": "John Doe"
}'
Request Body:
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | User email |
name | string | Yes | Display name |
Response:
{
"success": true,
"data": {
"options": {
"challenge": "base64-encoded-challenge",
"rp": { "name": "Ssiat", "id": "ssiat.dev" },
"user": { "id": "...", "name": "...", "displayName": "..." },
"pubKeyCredParams": [...],
"timeout": 60000,
"attestation": "none"
}
}
}
POST /auth/register/finish
Complete the registration with the WebAuthn response.
curl -X POST https://ssiat.dev/api/v1/auth/register/finish \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"credential": { ... }
}'
WebAuthn Login
POST /auth/login/start
curl -X POST https://ssiat.dev/api/v1/auth/login/start \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com"
}'
POST /auth/login/finish
curl -X POST https://ssiat.dev/api/v1/auth/login/finish \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"credential": { ... }
}'
Success Response:
{
"success": true,
"data": {
"token": "eyJhbGciOiJIUzI1NiIs...",
"user": {
"id": "user_123",
"email": "user@example.com",
"name": "John Doe"
}
}
}
Session Management
POST /auth/logout
Invalidate the current session.
curl -X POST https://ssiat.dev/api/v1/auth/logout \
-H "Authorization: Bearer YOUR_JWT_TOKEN"
GET /auth/session
Check current session status.
curl https://ssiat.dev/api/v1/auth/session \
-H "Authorization: Bearer YOUR_JWT_TOKEN"