Update passkey

Update the user ID or passkey username.

Note

Passkeys are composed of a server-side and client-side component. This REST endpoint will only update the server-side element. You should also try to programmatically edit the credential in the user’s browser.

Caution

Don’t confuse the root userId with the credential.userId. The root userId is a string that can be updated via this REST endpoint. It is a server-side property, available to your backend code during authentication. The credential.userId is a client-side property of binary type, used to link passkeys to an account on a device / within a password manager.

Tip

The credential.username is not presented during authentication. It is purely informational, helping a user identify the correct passkey in their password manager. See updating device passkeys

However, it often makes sense to align the value in your vault, largely for support cases. When a user reports I’m using my jdoe@example.com passkey, you can easily identify it.

You would typically use the @passlock/client library to change the username in the user’s password manager and use the REST API or @passlock/server library to update the value in your vault.

HTTP

Request

PATCH https://api.passlock.dev/{tenancyId}/passkeys/{passkeyId} HTTP/1.1
Authorization: Bearer {apiKey}
Accept: application/json
Content-Type: application/json

{
  "userId": "myCustomUserId",
  "username": "jdoe@example.com"
}

Note: All fields are optional

HTTP Response:

Response

HTTP/1.1 202 Accepted
Content-Type: application/json

{
  "_tag": "Passkey",
  "id": "sewqeeqx69cr7axut7kat",
  "userId": "puubifsmidah0f8c0y9bm",
  "enabled": true,
  "credential": {
    "id": "bW9wN3IzenE0enJ5OXVnZXoxOWF4",
    "userId": "MTVkMTFmdHM1Yzg0bDN0anpieG9w",
    "username": "jdoe@example.com",
    "aaguid": "0000-0000-0000-0000",
    "backedUp": true,
    "counter": 0,
    "deviceType": "multiDevice",
    "transports": ["internal"],
    "publicKey": "dGhpcy1pcy1hLWNib3ItcHVibGljLWtleQ",
    "rpId": "example.com"
  },
  "platform": {
    "icon": "https://api.passlock.dev/aaguid/0000-0000-0000/icon.svg",
    "name": "Apple Passwords"
  },
  "createdAt": 1770123293,
  "updatedAt": 1770123293,
  "lastUsed": 1770123293
}

Node JS

import { updatePasskey } from "@passlock/server";

const tenancyId = "myTenancyId";
const apiKey = "myApiKey";

const passkeyId = "myPasskeyId";
const userId = "updatedUserId";
const username = "updatedUsername";

const result = await updatePasskey({
  passkeyId,
  userId,
  username,
  tenancyId,
  apiKey
});

// in Node.js result.credential.publicKey is a Uint8Array

Response properties

The raw HTTP response has the same shape as Get passkey.

If you call @passlock/server.updatePasskey(), the returned Passkey object decodes credential.publicKey to a Uint8Array in the same way as getPasskey().