Pular para o conteúdo

Enrollment device options

Validates the OAuth-style parameters returned in the fragment of redirectUrl after the bank redirect (code, state, id_token) and returns FIDO2 registration options (PublicKeyCredentialCreationOptions shape) for navigator.credentials.create().

Map URL fragment keys to JSON: id_token becomes idToken in the body.

POST/api/v1/jsr/enrollments/device/options

Generate device options

Returns WebAuthn credential creation options after validating the enrollment redirect fragment.

Auth: Bearer Token

Cabeçalhos

1 campo
x-client-ip
headerstring

End-user client IP.

Corpo da requisição

6 campos
code
bodystring

Authorization code from fragment.

state
bodystring

State from fragment.

idToken
bodystring

ID token from fragment (`id_token`).

tenantId
bodystring

Tenant identifier.

platform
bodystring

Client platform for FIDO extensions.

rp
bodystring

Relying Party id (CN of initiator transport certificate). Optional in schema.

curl --request POST \
  --url 'https://embedded-payment-manager.hml.linaob.com.br/api/v1/jsr/enrollments/device/options' \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer <SEU_TOKEN>' \
  --header 'x-client-ip: 198.21.104.1' \
  --data '{
  "code": "DHi9xxx",
  "state": "IQHB9G",
  "idToken": "eyJhbGc...",
  "tenantId": "Lina",
  "platform": "BROWSER",
  "rp": "*.lina.com.br"
}'

Response

200FIDO registration options generated.
Response body
object
  • dataobjectrequired

    EnrollmentFidoRegistrationOptionsResponse — challenge, rp, user, pubKeyCredParams, timeout, excludeCredentials, authenticatorSelection, etc.

    • enrollmentIdstring

      Enrollment id.

    • rpobject
    • userobject
    • challengestringrequired

      Base64url challenge.

    • timeoutnumber

      Timeout ms.

    • excludeCredentialsarray of objects

      Credentials to exclude. See OpenAPI for item shape.

  • messagestring

    Response message.

  • typestring

    Envelope type.

  • statusCodeinteger· nullable

    HTTP status in envelope.

200 · FIDO registration options generated.
{
  "data": {
    "enrollmentId": "enr_abc123",
    "rp": {
      "name": "Acme Pay",
      "id": "pay.example.com"
    },
    "user": {
      "id": "dXNlcklk",
      "name": "user@example.com",
      "displayName": "User"
    },
    "challenge": "challengeBase64url",
    "timeout": 60000,
    "excludeCredentials": []
  },
  "message": "OK",
  "type": "success",
  "statusCode": 200
}

Next steps