> ## Documentation Index
> Fetch the complete documentation index at: https://developers.squads.so/llms.txt
> Use this file to discover all available pages before exploring further.

# Create or Authenticate

> Create a new passkey or authenticate with an existing passkey

Creates a passkey session URL for WebAuthn ceremonies using the hosted UI. This is the **recommended approach** for most applications.

For detailed implementation examples and integration steps, see the [Passkey Integration Guide](/squads-api/passkeys/integration-guide).

### Key Notes

* **Challenge Expiration**: URL challenges expire after 60 seconds
* **Hosted UI**: Default `baseUrl` uses production-ready hosted interface
* **Custom Domain**: Use custom `baseUrl` for your own domain (see [Custom Domain](/squads-api/passkeys/advanced-integration))


## OpenAPI

````yaml POST /api/v1/passkeys
openapi: 3.0.0
info:
  title: Squads API
  version: 1.0.0
  description: >
    The Squads API provides functionality for managing smart accounts and
    spending limits.

    This API allows you to create and manage smart accounts, set up spending
    limits, and perform transactions.
servers:
  - url: https://developer-api.squads.so
    description: Production server
security:
  - bearerAuth: []
paths:
  /api/v1/passkeys:
    post:
      summary: Create a passkey session URL for WebAuthn ceremonies
      description: >
        Generates a cryptographically secure challenge and returns a hosted UI
        URL that initiates WebAuthn passkey creation or authentication. The UI
        handles the passkey ceremony and redirects to the provided `redirectUrl`
        upon completion.


        - `create`: Returns `/passkey` path for new passkey registration

        - `auth`: Returns `/authorize` path for existing passkey authentication


        The `expiration` field in `sessionKey` specifies how long the session
        key will remain valid, measured in seconds from the current time.


        The redirect URL or the iframe will return an
        `externally_signed_account` value that tells you what the on-chain
        passkey account is. This can then be used as a transaction signer in all
        of the v1 smart account endpoints. When you submit the on-chain passkey
        account as a transaction signer, it will check if there's a valid
        session key and build the transaction to be signed by that session key.
      operationId: createPasskeySession
      parameters:
        - $ref: '#/components/parameters/NetworkHeader'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - action
                - metaInfo
              properties:
                action:
                  type: string
                  enum:
                    - create
                    - auth
                    - get
                  description: >-
                    'create' for new passkey registration, 'auth' for
                    authentication with an existing passkey, 'get' for
                    retrieving existing passkey account
                sessionKey:
                  $ref: '#/components/schemas/SessionKey'
                  description: Required for 'auth' action.
                metaInfo:
                  $ref: '#/components/schemas/MetaInfoForPasskeyAuth'
                baseUrl:
                  type: string
                  description: >-
                    Optional custom base URL for the passkey UI (defaults to
                    https://passkey.grid.squads.xyz)
      responses:
        '200':
          description: Passkey session URL created successfully
          content:
            application/json:
              schema:
                type: object
                properties:
                  url:
                    type: string
                    description: Hosted UI URL for the passkey ceremony
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
components:
  parameters:
    NetworkHeader:
      name: x-squads-network
      in: header
      required: true
      schema:
        type: string
        enum:
          - mainnet
          - devnet
      description: Specifies the network for the API request
  schemas:
    SessionKey:
      type: object
      required:
        - key
        - expiration
      properties:
        key:
          type: string
          description: Solana public key string
        expiration:
          type: integer
          format: uint64
          description: >-
            Session validity duration in seconds from now (for requests) or Unix
            timestamp (for responses)
    MetaInfoForPasskeyAuth:
      type: object
      required:
        - appName
      properties:
        appName:
          type: string
          description: Required - used to seed passkey name on user's device
        redirectUrl:
          type: string
          description: Optional - supports deep links for mobile apps
    Error:
      type: object
      properties:
        status:
          type: integer
          description: HTTP status code
        code:
          type: string
          description: Error code for easy lookup
        message:
          type: string
          description: Detailed error description
        details:
          type: array
          items:
            $ref: '#/components/schemas/ErrorDetail'
        metadata:
          $ref: '#/components/schemas/ErrorMetadata'
        custom:
          type: object
          additionalProperties:
            type: string
        simulation_logs:
          type: array
          items:
            type: string
          description: >-
            Transaction simulation logs. Returns an empty array when debug=false
            or not provided.
    ErrorDetail:
      type: object
      properties:
        field:
          type: string
          description: The field that failed validation
        code:
          type: string
          description: Error code specific to this validation failure
        message:
          type: string
          description: Detailed message about the validation failure
        expected:
          type: string
          description: Expected value or condition
        actual:
          type: string
          description: Actual value received
    ErrorMetadata:
      type: object
      properties:
        status:
          type: integer
          description: HTTP status code
        request_id:
          type: string
          description: Unique identifier for debugging
        timestamp:
          type: string
          format: date-time
          description: When the error occurred
        resource_id:
          type: string
          description: Identifier of the resource that experienced the error
        useful_links:
          type: array
          items:
            type: string
          description: Links to relevant documentation
  responses:
    BadRequest:
      description: Bad Request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Unauthorized
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    UnprocessableEntity:
      description: Unprocessable Entity
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: UUID
      description: UUID-based API key provided by Squads

````