Default HTTP API endpoints
Nevis FIDO2 exposes several HTTP API endpoints relevant for authentication clients. As Nevis is highly flexible in regard to configuration, the following information is based on defaults and recommendations.
FIDO2 endpoints
| Public URL | HTTP method | Recommended authorization/authentication |
|---|---|---|
/fido2/attestation/options | POST | ❌ None. However, we recommend that you protect the options endpoint with SecTokens for the Registration Ceremony. |
/fido2/attestation/result | POST | ❌ None |
/fido2/assertion/result | POST | ❌ None |
Status endpoint
| Public URL | HTTP method | Recommended authorisation/authentication |
|---|---|---|
nevisfido/fido2/status | POST | ❌ None |
The settings in the previous table are built into nevisFIDO. We recommend setting up a matching configuration in nevisProxy, nevisAuth, and nevisLogrend.
See Use Cases and Best Practices for more information on how to configure Nevis FIDO2.