# post\_\_passkey\_auth-options
#### Code Samples
{% tabs %}
{% tab title="Shell" %}
```shell
# You can also use wget
curl -X POST https://backend.flashback.tech/mfa/passkey/auth-options \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
```
{% endtab %}
{% tab title="HTTP" %}
```http
POST https://backend.flashback.tech/mfa/passkey/auth-options HTTP/1.1
Host: localhost:3000
Accept: application/json
Authorization: Bearer {access-token}
```
{% endtab %}
{% tab title="JavaScript" %}
```javascript
const headers = {
'Accept':'application/json',
'Authorization':'Bearer {access-token}'
};
fetch('https://backend.flashback.tech/mfa/passkey/auth-options',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
```
{% endtab %}
{% tab title="Ruby" %}
```ruby
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.post 'https://backend.flashback.tech/mfa/passkey/auth-options',
params: {
}, headers: headers
p JSON.parse(result)
```
{% endtab %}
{% tab title="Python" %}
```python
import requests
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer {access-token}'
}
r = requests.post('https://backend.flashback.tech/mfa/passkey/auth-options', headers = headers)
print(r.json())
```
{% endtab %}
{% tab title="PHP" %}
```php
'application/json',
'Authorization' => 'Bearer {access-token}',
);
$client = new \GuzzleHttp\Client();
try {
$response = $client->request('POST','https://backend.flashback.tech/mfa/passkey/auth-options', array(
'headers' => $headers,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
```
{% endtab %}
{% tab title="Java" %}
```java
URL obj = new URL("https://backend.flashback.tech/mfa/passkey/auth-options");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("Authorization", "Bearer {access-token}");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
```
{% endtab %}
{% tab title="Go" %}
```go
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{})
req, err := http.NewRequest("POST", "https://backend.flashback.tech/mfa/passkey/auth-options", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
```
{% endtab %}
{% endtabs %}
`POST /mfa/passkey/auth-options`
*Generate Passkey Authentication Options*
Generate authentication options for WebAuthn passkey verification. This endpoint creates the challenge and configuration needed for passkey authentication.
> Example responses
> 200 Response
```json
{
"success": true,
"data": {
"challenge": "dGVzdCBjaGFsbGVuZ2U=",
"rpId": "flashback.tech",
"userVerification": "required",
"timeout": 60000
}
}
```
> 500 Response
```json
{
"success": false,
"error": "Failed to generate authentication options"
}
```
#### Responses
| Status | Meaning | Description | Schema |
| ------ | -------------------------------------------------------------------------- | --------------------------------------------- | ------ |
| 200 | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1) | Authentication options generated successfully | Inline |
| 500 | [Internal Server Error](https://tools.ietf.org/html/rfc7231#section-6.6.1) | Internal server error | Inline |
#### Response Schema
Status Code **200**
| Name | Type | Required | Restrictions | Description |
| ------------------- | ------- | -------- | ------------ | ---------------------------------------- |
| » success | boolean | false | none | Indicates if the request was successful |
| » data | object | false | none | Passkey authentication challenge options |
| »» challenge | string | false | none | Base64-encoded challenge for WebAuthn |
| »» rpId | string | false | none | Relying party identifier |
| »» userVerification | string | false | none | User verification requirement |
| »» timeout | integer | false | none | Challenge timeout in milliseconds |
Status Code **500**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | --------------------------------------- |
| » success | boolean | false | none | Indicates if the request was successful |
| » error | string | false | none | Error message describing the issue |
**Enumerated Values**
| Parameter | Value | Description |
| ------------------ | ----------- | ----------------------------------------------- |
| » userVerification | required | User verification is required |
| » userVerification | preferred | User verification is preferred but not required |
| » userVerification | discouraged | User verification is discouraged |