Skip to main content

Quick start guide

Learn how to test out a passkey authentication using the ReuseID API.

This quick start guide shows you how to:

  1. Get set up for testing Passkeys.
  2. Create a ReuseID user
  3. Register a passkey.
  4. Perform an authentication.
Want to try Passkeys without making API requests?

This guide requires that you make API requests using a tool of your choice.

If you want to try out Passkeys without making API requests, then you can use our passkey demo. Here, you can register and authenticate with a passkey.

Prerequisites

1. Connect to the ReuseID API

Before you can start making requests to this API, you need to learn how to connect to it. To do this, follow steps 1-3 in the Connect to Signicat APIs Quick start guide.

What permissions are required?

Ensure that you set permission ReuseID Passkey API for your API client:

2. Create a domain

As passkeys are registered to a specific domain, you need to have a domain registered for your account.

  • If you already have a domain, then you can skip this step.
  • If you do not have a domain, then you need to create one from the Organisation management page in the Signicat Dashboard.
    Want to learn more?

    To learn how to create a domain in the Signicat Dashboard, see our documentation:

3. Onboard your account to Passkeys

You need to add passkeys to your account using the Signicat Passkeys service. To do this:

  1. Go to Signicat Dashboard > Products > Passkeys.
  2. Click the Add Passkeys button.
  3. Click the + Add Passkeys to the account button.

4. Set up ReuseID in Postman

Using other tools

This guide provides steps for using Postman as a tool for initiating the APIs, however, you can use the preferred tool of your choice.

To set up ReuseID in Postman and obtain an access token:

  1. Open Postman.
  2. Import the collection. To do this:
    1. Navigate to the Collections tab on the left-hand side of the screen, then click the Import button.
    Screenshot showing import of the collection into Postman

    Screenshot showing import of the collection into Postman

    1. In the blank field in the dialogue box, paste the URL to our ReuseID API specification https://api.signicat.com/reuseid/core/openapi.json.
      Our recommendation

      We recommend that you generate the request and response parameters from the examples in the schema, and that you create folders according to the tags. To do this:

      1. Click the View import settings button.
      2. In the Parameter generation section, select Example from the dropdown menu.
      3. In the Folder organization section, select Tags from the dropdown menu.
    2. Click the Import button in the dialogue box to finalise the import.
  3. Create variables. To do this, click the Variables tab, and add the following:
    Screenshot showing creation of variables in Postman

    Screenshot showing creation of variables in Postman

  4. Set up authorisation. To do this, go to the Authorization tab and and update the following:
    Screenshot showing set up of authorisation in Postman

    Screenshot showing set up of authorisation in Postman

  5. Click on the Get new access token button to get an access token.
  6. To add the token to the requests, click Proceed, then Use Token.
  7. Save your changes.
Auto-refresh your access token

To automatically refresh your access token after it has expired, enable the Auto-refresh token toggle button under the Authorization tab.

You can only enable auto-refresh tokens after you have received your first valid token.

Success!

You have now set up Postman for the ReuseID API.

Try ReuseID with Passkeys authentication

You have now completed all required preparations and are ready to perform ReuseID operations.

1. Create a ReuseID user

To create a ReuseID user:

  1. In Postman, navigate to Signicat ReuseID API reference > User > Create user.
  2. Under the Body tab, you can input your own request body.
    Example: Request to create a ReuseID user
    {
       "attributes": {
          "first_name": "Jane",
          "last_name": "Smith"
       }
    }
  3. Click the Send button.
    Example: Response from creating a ReuseID user
    {
        "id": "76bfe9e6-1fe2-4b92-b742-a66015a98981",
        "created": "2023-08-16T11:25:50.923Z",
        "state": "ACTIVE",
        "attributes": {
            "last_name": "Smith",
            "first_name": "Jane"
        }
    }
Success!

You have now created a ReuseID user.

Our recommendation

We recommend that you save the id of your ReuseID user (user ID), as it is needed in future operations.

2. Register a passkey

Now that you have created a ReuseID user, you can register a passkey. To do this:

  1. In Postman, navigate to Signicat ReuseID API reference > Passkey Registration > Start passkey registration.
  2. Under the Body tab, you can input your own request body. For this API, it is required to set the user ID (userId). This is the ID of the ReuseID user that you created in the previous section.
    Example: Request to register a Ppasskey
    {
      "userId": "76bfe9e6-1fe2-4b92-b742-a66015a98981"
    }
    Redirect URL

    In this guide we do not provide a redirect URL. When a redirect URL is not provided, our default page is used and you are redirected to a page with details about the transaction.

  3. Click the Send button.
  4. You have now started a registration operation. The response contains an idpRedirectUri, which you need in the next step.
    Example: Response from registering a passkey
    {
        "transactionId": "b75d275e-e334-481d-b362-6e4fde7c321c",
        "accountId": "a-spge-vFwveHnQyN8J0XSI10wv",
        "state": "PENDING",
        "created": "2025-10-17T19:14:32.297Z",
        "passkey": {
            "domain": "quick-start.sandbox.signicat.com"
        },
        "user": {
            "id": "89c52851-213b-4092-9ed7-a7c607f41a74"
        },
        "idpRedirectUri": "https://quick-start.sandbox.signicat.com/passkeys/web/registrations/start?transactionId=b0d70ca7-62ba-4d59-b1a7-b695d82dcf14&messageId=8edf3dd6-326f-4cd7-a6a7-e53d3f21c96c",
        "operationProperties": {
            "sessionTimeout": 300000,
            "sessionExpiryTime": "2025-10-17T19:19:32.259Z",
            "userVerification": "preferred"
        }
    }
  5. Copy the idpRedirectUri from the response and open it in your preferred browser.
  6. Follow the instructions in the browser to register a passkey.
  7. Once the registration is complete, you are redirected to our default page containing details about the passkey (or the redirectUrl you provided in the request).
  8. To get the full response, open Postman, navigate to Passkeys registration > Get state of ongoing registration.
  9. Under the Params tab, update the value of transactionId to the value you obtained in the Start registration response.
  10. Click the Send button.
    Example: Response from fetching the state of a Passkeys registration
    {
        "transactionId": "749edf33-434b-420f-9b8b-2a49b77c815c",
        "accountId": "a-spge-vFwveHnQyN8J0XSI10wv",
        "state": "COMPLETED",
        "created": "2025-10-17T19:04:43.453Z",
        "completed": "2025-10-17T19:05:05.740Z",
        "passkey": {
            "id": "a5ffb695-9800-4cac-a470-8b5f906f7dfa",
            "domain": "quick-start.sandbox.signicat.com",
            "created": "2025-10-17T19:05:05.731Z",
            "aaGuid": "fbfc3007-154e-4ecc-8c0b-6e020557d7bd",
            "userVerificationRequested": true,
            "userPresenceRequested": true
        },
        "user": {
            "id": "89c52851-213b-4092-9ed7-a7c607f41a74"
        },
        "idpRedirectUri": "https://quick-start.sandbox.signicat.com/passkeys/web/registrations/start?transactionId=e008e5cd-364b-475e-b33b-2978a4d1bc19&messageId=60c8be31-ee5a-411f-84dc-b9d7615b3258",
        "operationProperties": {
            "sessionTimeout": 300000,
            "sessionExpiryTime": "2025-10-17T19:09:43.409Z",
            "userVerification": "preferred",
            "userVerificationRequired": true,
            "userPresenceRequired": true
        },
        "riskAttributes": {
            "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36"
        }
    }
Success!

You have now registered and activated a passkey.

Our recommendation

We recommend that you save the id of your passkey, as it is needed in future operations.

3. Authenticate with Passkeys

Now that you have registered a passkey, you can authenticate with that passkey. To do this:

  1. In Postman, navigate to Signicat ReuseID API reference > Passkey authentications > Start authentication.
  2. Under the Body tab, you can input your own request body. For this API, nothing is required.
    Example: Request to authenticate
    {
    }
  3. Click the Send button.
  4. You have now started a authentication operation. The response contains an idpRedirectUri, which you need in the next step.

    Example: Response from the authentication
        {
            "transactionId": "5ad732c2-699a-41c9-9a83-6131ecb43eea",
            "accountId": "a-spge-vFwveHnQyN8J0XSI10wv",
            "state": "PENDING",
            "created": "2025-10-17T19:41:52.686Z",
            "idpRedirectUri": "https://quick-start.sandbox.signicat.com/passkeys/web/authentications/start?transactionId=e6edbc42-8328-4490-b239-4def72fddde3&messageId=efc20a4b-93ee-4da7-8faf-caaa0afa2b7e",
            "operationProperties": {
                "sessionTimeout": 300000,
                "sessionExpiryTime": "2025-10-17T19:46:52.653Z",
                "userVerification": "preferred",
                "domain": "quick-start.sandbox.signicat.com"
            }
      }
    Redirect URL

    In this guide we do not provide a redirect URL, when a redirect URL is not provided you will use our default page and get redirected to a page with details about the transaction.

  5. Copy the idpRedirectUri` and open it in your preferred browser.
  6. Follow the instructions in the browser to register a passkey.
  7. Once the authentication is done you will be redirected to our default page containing details about the passkey (or the redirectUrl you provided in the request).
  8. To get full response, in Postman, navigate to Signicat ReuseID API reference > Passkey authentications > Get state of ongoing authentication.
  9. Under the Params tab, update the value of transactionId to the value that you obtained in the Start authentication response.
  10. Click the Send button.
    Example: Response from fetching the state of an authentication
    {
        "transactionId": "cb669c56-ac19-4a9e-a487-2151a3df5f4e",
        "accountId": "a-spge-vFwveHnQyN8J0XSI10wv",
        "state": "COMPLETED",
        "created": "2025-10-17T19:48:27.450Z",
        "completed": "2025-10-17T19:49:02.056Z",
        "passkey": {
            "id": "a5ffb695-9800-4cac-a470-8b5f906f7dfa"
        },
        "user": {
            "id": "89c52851-213b-4092-9ed7-a7c607f41a74"
        },
        "idpRedirectUri": "https://quick-start.sandbox.signicat.com/passkeys/web/authentications/start?transactionId=bbe7ae12-b056-49ff-a1a3-709264352f29&messageId=ad28f221-1b29-4afd-bc5b-d47c9bf42754",
        "operationProperties": {
            "sessionTimeout": 300000,
            "sessionExpiryTime": "2025-10-17T19:53:27.411Z",
            "userVerification": "preferred",
            "userVerificationRequired": true,
            "userPresenceRequired": true,
            "domain": "quick-start.sandbox.signicat.com"
        },
        "riskAttributes": {
            "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36"
        }
    }
Success!

You have now completed a passkey authentication.

Learn more

You can explore our developer documentation to learn more about what you can do with ReuseID and passkeys, and further test out the product.

How it works
Learn about the operations that make up the integration process
API reference
Look up all API endpoints and properties. View sample requests and responses
Last updated:
On this page