Skip to main content

Register the device

On your server backend, start the registration with the following:

  • A username that uniquely identifies the user.
  • A displayName that is a human-readable name for the user.

The following code example has two variables that you need to substitute for your own Authentication Cloud instance.

  • ACCESS_KEY is the server-side Access Key that you generated in your Authentication Cloud management console.
  • APIBASE is the URL domain of your Authentication Cloud instance.

Running the following curl call starts the authenticator registration.

curl -XPOST \
-H "Authorization: Bearer $ACCESS_KEY"\
-H 'Content-Type: application/json;charset=utf-8' \
-d '{ "username": "u_1654", "channel": "fido2", "displayName": "John Doe" }' \
${APIBASE}/users/enroll | python -m json.tool

Example FIDO2 registration response:

"userId": "31567ae2-2fb1-466e-84af-4dafa8f9ca78",
"username": "u_1654",
"status": "new",
"createdAt": "2021-09-06T13:06:33.773981Z",
"updatedAt": "2021-09-06T13:06:33.773992Z",
"authenticators": [],
"phones": [],
"recoveryCodes": null,
"enrollment": {
"transactionId": "ac46d9aa-9ae1-4d96-88c5-625fbf1fce76",
"statusToken": "eyJhbG...iJ9.eyJh...fQ.tcv...1jRRw",
"credentialCreationOptions": {
"relyingParty": {
"id": "",
"name": "Example Customer Portal"
"user": {
"id": "MzE1NjdhZTItMmZiMS00NjZlLTg0YWYtNGRhZmE4ZjljYTc4",
"displayName": "John Doe",
"name": "31567ae2-2fb1-466e-84af-4dafa8f9ca78"
"challenge": "GVeXqotfQOWSaaWZuWj94Q",
"pubKeyCredParams": [
"alg": -7,
"type": "public-key"
"timeout": 10000,
"authenticatorSelection": {
"requireResidentKey": true,
"authenticatorAttachment": "platform",
"userVerification": "preferred"
"attestation": "direct"

The response contains the statusToken and the credentialCreationOptions, which are needed by the Web Authentication API to create a new credential.

As a next step to register a new FIDO2 authenticator, from the response received, forward the following attributes to the frontend where you need to invoke a function in the fido2-client.js script with them:

  • credentialCreationOptions
  • statusToken