The Passkeys API enables secure passkey creation and authentication for Smart Account transactions using the WebAuthn protocol. Users can create biometric or hardware-based passkeys that act as transaction signers, eliminating the need for traditional private key management.

Key Features

  • WebAuthn Integration: Industry-standard passkey creation and authentication
  • Session Management: Secure session tokens for seamless transaction signing
  • Smart Account Integration: Passkeys work as transaction signers in all Smart Account operations
  • Cross-Platform Support: Works on web and mobile

Passkeys are currently only live on devnet. Mainnet support is coming soon.

API Access

Base URL

https://developer-api.squads.so

Required Headers

Authorization: Bearer YOUR_API_KEY
x-squads-network: devnet

How It Works

  1. Generate Session Key: Create a client-side session key using Keypair.generate()

  2. Request Passkey Session: Call the passkeys endpoint with action type (create or auth) and the generated session key

  3. Get Hosted UI URL: Receive a secure URL for the WebAuthn ceremony

  4. Load in iframe: Display the URL in a hidden iframe to initiate the WebAuthn ceremony. On mobile devices, open the URL in a new window or tab instead of an iframe to ensure proper WebAuthn support.

  5. Handle Completion: Listen for postMessage events or extract search params from the redirect URL containing the onchain passkey address

  6. Use as Signer: Include the onchain passkey address as a transaction signer in Smart Account operations

  7. Sign Requests: Use the session key to sign subsequent smart account transactions for authentication

    For detailed iframe integration and implementation examples, see the Passkey Integration guide.