Skip to content
Scalekit Docs
Talk to an Engineer Dashboard

Add passkeys login method

Passkeys replace passwords with biometric authentication (fingerprint, face recognition) or device PINs. Built on FIDO® standards (WebAuthn and CTAP), passkeys offer superior security by eliminating phishing and credential stuffing vulnerabilities, while also providing a seamless one-tap login experience. Unlike traditional authentication methods, passkeys sync across devices, removing the need for multiple enrollments and providing better recovery options when devices are lost.

Your existing Scalekit integration already supports passkeys. To implement, enable passkeys in the Scalekit dashboard and leverage Scalekit’s built-in user passkey registration functionality.

  1. Enable passkeys in the Scalekit dashboard

    Section titled “Enable passkeys in the Scalekit dashboard”

    Go to Scalekit Dashboard > Authentication > Auth methods > Passkeys and click “Enable”

  2. Manage passkey registration

    Section titled “Manage passkey registration”

    Let users manage passkeys just by redirecting them to the Scalekit from your app (usually through a button in your app that says “Manage passkeys”), or building your own UI.

    Using Scalekit UI

    Section titled “Using Scalekit UI”

    To enable users to register and manage their passkeys, redirect them to the Scalekit passkey registration page.

    Construct the URL by appending /ui/profile/passkeys to your Scalekit environment URL

    Passkey Registration URL
    <SCALEKIT_ENVIRONMENT_URL>/ui/profile/passkeys

    This opens a page where users can:

    • Register new passkeys
    • Remove existing passkeys
    • View their registered passkeys

    In your own UI

    Section titled “In your own UI”

    If you prefer to create a custom user interface for passkey management, Scalekit offers comprehensive APIs that enable you to build a personalized experience. These APIs allow you to list registered passkeys, rename them, and remove them entirely. However registeration of passkeys is only supported through the Scalekit UI.

    List user's passkeys
    // <USER_ID>: fetch from Access Token or ID Token after identity verification
    const res = await fetch(
      '<SCALEKIT_ENVIRONMENT_URL>/api/v1/webauthn/credentials?user_id=<USER_ID>',
      { headers: { Authorization: 'Bearer <ACCESS_TOKEN>' } }
    );
    const data = await res.json();
    console.log(data);
    Rename a passkey
    // <CREDENTIAL_ID>: obtained from list response (id of each passkey)
    await fetch('<SCALEKIT_ENVIRONMENT_URL>/api/v1/webauthn/credentials/<CREDENTIAL_ID>', {
      method: 'PATCH',
      headers: {
        'Content-Type': 'application/json',
        Authorization: 'Bearer <ACCESS_TOKEN>'
      },
      body: JSON.stringify({ display_name: '<NEW_DISPLAY_NAME>' })
    });
    Remove a passkey
    // <CREDENTIAL_ID>: obtained from list response (id of each passkey)
    await fetch('<SCALEKIT_ENVIRONMENT_URL>/api/v1/webauthn/credentials/<CREDENTIAL_ID>', {
      method: 'DELETE',
      headers: { Authorization: 'Bearer <ACCESS_TOKEN>' }
    });

  3. Users can login with passkeys

    Section titled “Users can login with passkeys”

    Users who have registered passkeys can login with them.

    This time when login page shows, users can select “Passkey” as the authentication method.

    During sign-up, you’ll continue to use established authentication methods like verification codes, magic links or social logins. Once a user is registered, they can then add passkeys as an additional, convenient login option.