Credentials

Documentation Index

Fetch the complete documentation index at: https://docs.0xkey.io/llms.txt

Use this file to discover all available pages before exploring further.

At the moment, 0xkey supports 2 types of Credentials:

• Authenticators
• API Keys

Note that every 0xkey user needs at least one long-lived credential (a passkey, or non-expiring API key). This is to prevent users from getting locked out of their accounts. The exception is if the user belongs to a suborg, and Email Auth is enabled for that sub-organization.

​

Authenticators

0xkey uses Webauthn for authentication into its dashboard (no passwords!). Authenticators on 0xkey represent a Webauthn device registered on 0xkey. When logging into 0xkey, you’ll be prompted for a signature with a registered device. This signature is then verified to grant dashboard access. To avoid repeated signatures, 0xkey’s dashboard uses session cookies for read traffic. However, all write actions require an authenticator signature.

​

API keys

0xkey API requests are authenticated with API key signatures. When you generate an API key (either through our CLI or through our dashboard), you generate a P-256 key pair. 0xkey keeps the public key, and you hold the private key. Requests made via SDK or CLI use the private API key to sign requests. 0xkey’s public API expects all requests (e.g. to get data or to submit activities) to be signed. See our API reference for how to programmatically create API keys.