Passkey Relay Endpoint Map
Reference contract for backend relay endpoints used by browser passkey integrations.
Passkey Relay Endpoint Map
This page is API-reference oriented. For architecture, benefits and full implementation guidance, see:
Base API domain:
https://api.hub.donutwork.com
Relay Contract (Backend Endpoints)
Your frontend should call only your backend relay endpoints. Your backend then calls Donutwork APIs in server-to-server mode.
| Your Endpoint | Method | Donutwork Endpoint | Method |
|---|---|---|---|
/api/passkey/register/options | POST | /:apiVersion/idp/{externalUserId}/passkey/options.json | POST |
/api/passkey/register/confirm | POST | /:apiVersion/idp/{externalUserId}/passkey/confirm.json | POST |
/api/passkey/auth/challenge | POST | /:apiVersion/idp/passkey/challenge.json | POST |
/api/passkey/auth/verify | POST | /:apiVersion/idp/passkey/verify.json | POST |
/api/passkey/delete | DELETE | /:apiVersion/idp/{externalUserId}/passkey/{credentialId}.json | DELETE |
Request/Response Envelope
register/options
Frontend -> backend:
{
"passkey": {
"display_name": "Alexander",
"account_name": "alexander@enterprise.com"
}
}Backend -> frontend (from Donutwork):
{
"status": "success",
"passkey": {
"challenge_id": "ch_01J...",
"options": {
"challenge": "BASE64URL..."
}
}
}register/confirm
Frontend -> backend:
{
"passkey": {
"challenge_id": "ch_01J...",
"payload": "{\"id\":\"...\",\"rawId\":\"...\",\"response\":{...}}",
"device": "Firefox / macOS"
}
}auth/challenge
Backend -> frontend (from Donutwork):
{
"status": "success",
"passkey": {
"challenge_id": "ch_01J...",
"options": {
"challenge": "BASE64URL..."
}
}
}auth/verify
Frontend -> backend:
{
"passkey": {
"challenge_id": "ch_01J...",
"payload": "{\"id\":\"...\",\"rawId\":\"...\",\"response\":{...}}",
"device": "Firefox / macOS"
}
}Linked API Reference
Identity Provider (IDP) & MFA
Orchestrate user identities, implement multi-factor authentication (TOTP), and manage security audit trails.
Key Management Service (KMS)
Securely orchestrate sensitive credentials, enforce network-level access controls, and maintain comprehensive audit trails for cryptographic secrets.