Using the REST API

Passlock includes a REST API, along with the @passlock/server library to manage your tenancy data. The REST API allows you to:

• Verify a passkey registration or authentication operation
• List passkeys in your vault
• Fetch a passkey from your vault
• Delete a passkey from your vault
• Update a passkey in your vault

Note

The REST API should be used to manage the server-side passkey components. For client-side (local device) management, use the @passlock/client package.

Tenancy ID

REST API calls operate on a specific tenancy. You will need your Tenancy ID, along with the relevant API Key. API endpoints are typically prefixed with the Tenancy ID, e.g.

HTTP

GET https://api.passlock.dev/{tenancyId}/passkeys/ HTTP/1.1

Node.js

import { listPasskeys } from "@passlock/server";

const tenancyId = "myTenancyId";
const apiKey = "myApiKey";

await listPasskeys({ tenancyId, apiKey });

Authentication

All REST API calls require authentication. Provide your tenancy-specific API Key via a Bearer authorization header:

HTTP

GET https://api.passlock.dev/{tenancyId}/passkeys/ HTTP/1.1
Authorization: Bearer {apiKey}

Node.js

import { listPasskeys } from "@passlock/server";

await listPasskeys({ tenancyId: "myTenancyId", apiKey: "myApiKey" });

JSON

REST calls return JSON:

HTTP

GET https://api.passlock.dev/{tenancyId}/passkeys/ HTTP/1.1
Authorization: Bearer {apiKey}
Accept: application/json

HTTP/1.1 200 OK
Content-Type: application/json

Node.js

Not applicable, the server library handles JSON internally.