Skip to main content
Version: 2.2

Default HTTP API endpoints

Nevis FIDO2 exposes several HTTP API endpoints relevant for authentication clients. As Nevis is highly flexible in regard to configuration, the following information is based on defaults and recommendations.

FIDO2 endpoints

Public URLHTTP methodRecommended authorization/authentication
/fido2/attestation/optionsPOST❌ None. However, we recommend that you protect the options endpoint for the registration ceremony, by adding it in the nevisFIDO configuration.
/fido2/attestation/resultPOST❌ None
/fido2/assertion/resultPOST❌ None

Status endpoint

Public URLHTTP methodRecommended authorisation/authentication
nevisfido/fido2/statusPOST❌ None

The settings in the previous table are built into nevisFIDO as default settings. For a working setup based on these defaults, set up a matching configuration in nevisProxy, nevisAuth, and nevisLogrend.

See Use Cases and Best Practices for more information on how to configure Nevis FIDO2.