Login
    Contents x
    Registering a single passkey in Ping using APIs
    • 10 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Registering a single passkey in Ping using APIs

    • Updated on 10 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    This article describes how to pre-register a single user's account with a FIDO2 passkey in Ping using APIs. It will help you to streamline the registration process for individual users and ensure secure and passwordless authentication with OneSpan security solutions.

    Before you begin

    • Ensure you have the necessary API credentials and access to the Ping Identity environment.
    • Make sure the FIDO2 authentication method is enabled in your PingID or PingOne environment.
    • Ensure that the user's browser or device supports WebAuthn and FIDO2 protocols.

    Procedure

    1. Create a new user via the Ping API. Send a POST request to the /users endpoint with the user details.

      POST /users
{
  "username": "newuser",
  "email": "newuser@example.com",
  "firstName": "New",
  "lastName": "User"
}

    2. Initiate the FIDO2 registration. Send a POST request to the /fido2/registrations endpoint, including the user ID in the request body.

      POST /fido2/registrations
{
  "userId": "user-id"
}

    3. Handle the registration response. The response will include a challenge and other necessary parameters for the FIDO2 registration ceremony. Pass these parameters to the user's browser or device to complete the registration.

      {
  "challenge": "random-challenge",
  "rp": {
    "name": "Example RP"
  },
  "user": {
    "id": "user-id",
    "name": "newuser@example.com",
    "displayName": "New User"
  },
  "pubKeyCredParams": [
    {
      "type": "public-key",
      "alg": -7
    }
  ]
}

    4. Complete the registration ceremony.

      The user's browser or device will use the provided parameters to generate a credential object. Send this object back to the Ping API to complete the registration.

    5. Verify the registration.

      The Ping API will verify the registration and store the FIDO2 credential for the user. The user can now authenticate using their FIDO2 passkey.

    Additional information

    • For more information about the endpoints and parameters, refer to the Ping Identity API documentation.
    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant