> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Start WebAuthn Authentication

> Initiate the authentication of a Passkey or WebAuthn registration.

To optimize for Passkeys, set the `return_passkey_credential_options` field to `true`.

After calling this endpoint, the browser will need to call [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) with the data from `public_key_credential_request_options` passed to the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request via the public key argument.

When using built-in browser methods like `navigator.credentials.get()`, set the `use_base64_url_encoding` option to `true`.

See our [WebAuthn setup guide](/consumer-auth/authentication/webauthn/api) for additional usage instructions and example code.


## OpenAPI

````yaml POST /v1/webauthn/authenticate/start
openapi: 3.0.3
info:
  title: Stytch API
  description: The Stytch API provides endpoints for authentication and user management.
  version: 2.1.1
  contact:
    name: Stytch Support
    url: https://stytch.com/docs
    email: support@stytch.com
servers:
  - url: https://api.stytch.com
    description: Production server
  - url: https://test.stytch.com
    description: Test server
security:
  - basicAuth: []
paths:
  /v1/webauthn/authenticate/start:
    post:
      tags:
        - Webauthn
      summary: Authenticatestart
      description: >-
        Initiate the authentication of a Passkey or WebAuthn registration. 


        To optimize for Passkeys, set the `return_passkey_credential_options`
        field to `true`.


        After calling this endpoint, the browser will need to call
        [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion)
        with the data from `public_key_credential_request_options` passed to the
        [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion)
        request via the public key argument.


        When using built-in browser methods like `navigator.credentials.get()`,
        set the `use_base64_url_encoding` option to `true`.


        See our [WebAuthn setup
        guide](https://stytch.com/docs/guides/webauthn/api) for additional usage
        instructions and example code.
      operationId: api_webauthn_v1_AuthenticateStart
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/api_webauthn_v1_AuthenticateStartRequest'
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/api_webauthn_v1_AuthenticateStartResponse'
        '400':
          description: Bad request
        '401':
          description: Unauthorized
          content:
            application/json:
              example:
                status_code: 401
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: unauthorized_credentials
                error_message: Unauthorized credentials.
                error_url: https://stytch.com/docs/api/errors/401
        '429':
          description: Too Many Requests
          content:
            application/json:
              example:
                status_code: 429
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: too_many_requests
                error_message: Too many requests have been made.
                error_url: https://stytch.com/docs/api/errors/429
        '500':
          description: Internal server error
          content:
            application/json:
              example:
                status_code: 500
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: internal_server_error
                error_message: >-
                  Oops, something seems to have gone wrong, please reach out to
                  support@stytch.com to let us know what went wrong.
                error_url: https://stytch.com/docs/api/errors/500
      x-code-samples:
        - lang: csharp
          label: C#
          source: |-
            // POST /v1/webauthn/authenticate/start
            const stytch = require('stytch');

            const client = new stytch.Client({
              project_id: '${projectId}',
              secret: '${secret}',
            });

            const params = {
              domain: "example.com",
              user_id: "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
            };

            client.WebAuthn.AuthenticateStart(params)
              .then(resp => { console.log(resp) })
              .catch(err => { console.log(err) });
        - lang: go
          label: Go
          source: "// POST /v1/webauthn/authenticate/start\npackage main\n\nimport (\n\t\"context\"\n\t\"log\"\n\n\t\"github.com/stytchauth/stytch-go/v18/stytch/consumer/stytchapi\"\n\t\"github.com/stytchauth/stytch-go/v18/stytch/consumer/webauthn\"\n)\n\nfunc main() {\n\tclient, err := stytchapi.NewClient(\n\t\t\"${projectId}\",\n\t\t\"${secret}\",\n\t)\n\tif err != nil {\n\t\tlog.Fatalf(\"error instantiating client: %v\", err)\n\t}\n\n\tparams := &webauthn.AuthenticateStartParams{\n\t\tDomain: \"example.com\",\n\t\tUserID: \"user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6\",\n\t}\n\n\tresp, err := client.WebAuthn.AuthenticateStart(context.Background(), params)\n\tif err != nil {\n\t\tlog.Fatalf(\"error in method call: %v\", err)\n\t}\n\n\tlog.Println(resp)\n}\n"
        - lang: java
          label: Java
          source: >-
            // POST /v1/webauthn/authenticate/start

            package com.example;


            import com.stytch.java.common.StytchResult;

            import
            com.stytch.java.consumer.models.webauthn.AuthenticateStartRequest;

            import com.stytch.java.consumer.StytchClient;


            public class Main {
                public static void main(String[] args) {
                    StytchClient.configure("${projectId}", "${secret}");

                    AuthenticateStartRequest params = new AuthenticateStartRequest();
                    params.setDomain("example.com");
                    params.setUserId("user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6");

                    Object result = StytchClient.getWebAuthn().authenticateStart(params);
                    if (result instanceof StytchResult.Success) {
                      System.out.println(((StytchResult.Success) result).getValue());
                    } else {
                      System.out.println(((StytchResult.Error) result).getException());
                    }
                }
            }
        - lang: kotlin
          label: Kotlin
          source: >
            // POST /v1/webauthn/authenticate/start

            package com.example


            import com.stytch.java.consumer.StytchClient

            import
            com.stytch.java.consumer.models.webauthn.AuthenticateStartRequest


            fun main() {
                StytchClient.configure(
                    projectId = "${projectId}",
                    secret = "${secret}",
                )

                when (
                    val result =
                        StytchClient.webauthn.authenticateStart(
                            AuthenticateStartRequest(
                                domain = "example.com",
                                userId = "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
                            ),
                        )
                ) {
                    is StytchResult.Success -> println(result.value)
                    is StytchResult.Error -> println(result.exception)
                }
            }
        - lang: javascript
          label: Node.js
          source: |-
            // POST /v1/webauthn/authenticate/start
            const stytch = require('stytch');

            const client = new stytch.Client({
              project_id: '${projectId}',
              secret: '${secret}',
            });

            const params = {
              domain: "example.com",
              user_id: "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
            };

            client.webauthn.authenticateStart(params)
              .then(resp => { console.log(resp) })
              .catch(err => { console.log(err) });
        - lang: php
          label: PHP
          source: |-
            $response = $client->webauthn->authenticate_start([
                'domain' => 'example.com',
                'user_id' => 'user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6',
            ]);
        - lang: python
          label: Python
          source: |
            # POST /v1/webauthn/authenticate/start
            from stytch import Client

            client = Client(
                project_id="${projectId}",
                secret="${secret}",
            )

            resp = client.webauthn.authenticate_start(
                domain="example.com",
                user_id="user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
            )

            print(resp)
        - lang: ruby
          label: Ruby
          source: |-
            # frozen_string_literal: true

            # POST /v1/webauthn/authenticate/start
            require 'stytch'

            client = Stytch::Client.new(
              project_id: "${projectId}",
              secret: "${secret}"
            )

            resp = client.webauthn.authenticate_start(
              domain: "example.com",
              user_id: "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6"
              
            )

            puts resp
        - lang: rust
          label: Rust
          source: |-
            // POST /v1/webauthn/authenticate/start
            use stytch::consumer::client::Client;
            use stytch::consumer::webauthn::AuthenticateStartRequest;

            fn main() {
                let client = Client::new("${projectId}", "${secret}").unwrap();
                let resp = client.webauthn.authenticate_start(
                    AuthenticateStartRequest{
                        domain: "example.com",
                        user_id: Some(String::from("user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6")),
                        ..Default::default()
                    }
                ).await;
                println!("The response is {:?}", resp);
            }
        - lang: bash
          label: cURL
          source: |-
            # POST /v1/webauthn/authenticate/start
            curl --request POST \
              --url https://test.stytch.com/v1/webauthn/authenticate/start \
              -u '${projectId}:${secret}' \
              -H 'Content-Type: application/json' \
              -d '{
                "domain": "example.com",
                "user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6"
              }'
components:
  schemas:
    api_webauthn_v1_AuthenticateStartRequest:
      type: object
      properties:
        domain:
          type: string
          description: >-
            The domain for Passkeys or WebAuthn. Defaults to
            `window.location.hostname`.
        user_id:
          type: string
          description: >-
            The `user_id` of an active user the Passkey or WebAuthn registration
            should be tied to. You may use an `external_id` here if one is set
            for the user.
        return_passkey_credential_options:
          type: boolean
          description: >-
            If true, the `public_key_credential_creation_options` returned will
            be optimized for Passkeys with `userVerification` set to
            `"preferred"`.
                  
        use_base64_url_encoding:
          type: boolean
          description: >-
            If true, values in the `public_key_credential_creation_options` will
            be base64 URL encoded. Set this option to true when using built-in
            browser methods like `navigator.credentials.create` and
            `navigator.credentials.get`.
      description: Request type
      required:
        - domain
    api_webauthn_v1_AuthenticateStartResponse:
      type: object
      properties:
        request_id:
          type: string
          description: >-
            Globally unique UUID that is returned with every API call. This
            value is important to log for debugging purposes; we may ask for
            this value to help identify a specific API call when helping you
            debug an issue.
        user_id:
          type: string
          description: The unique ID of the affected User.
        public_key_credential_request_options:
          type: string
          description: Options used for Passkey or WebAuthn authentication.
        status_code:
          type: integer
          format: int32
          description: >-
            The HTTP status code of the response. Stytch follows standard HTTP
            response status code patterns, e.g. 2XX values equate to success,
            3XX values are redirects, 4XX are client errors, and 5XX are server
            errors.
      required:
        - request_id
        - user_id
        - public_key_credential_request_options
        - status_code
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic

````