Begin a passkey **second factor** for an MFA-gated sign-in. Publishable.
POST
End-user session operationId: passkey_mfa_begin/v1/auth/passkeys/mfa/begin Authorization
Called from the browser with the publishable application id (x-application-id); the access token lives in memory.
Request body · required
originstring requiredpending_tokenstring required
Responses
200 Assertion options
{
"data": {
"options": {},
"state": "string"
},
"error": {
"code": "string",
"message": "string"
},
"meta": {
"timestamp": "string"
},
"success": false
}Request
curl -X POST "http://localhost:8080/v1/auth/passkeys/mfa/begin" \
-H "Content-Type: application/json" \
-d '{
"origin": "string",
"pending_token": "string"
}'Try it
live requestPOST
http://localhost:8080/v1/auth/passkeys/mfa/begin