Skip to main content
POST
/
public
/
v1
/
submit
/
recover_user

Authorizations

X-Stamp
string
required
Cryptographically signed (stamped) request to be passed in as a header. For more info, see here.

Body

type
enum<string>
required
Enum options: ACTIVITY_TYPE_RECOVER_USER
timestampMs
string
required
Timestamp (in milliseconds) of the request, used to verify liveness of user requests.
organizationId
string
required
Unique identifier for a given Organization.
parameters
object
required

The parameters object containing the specific intent data for this activity.

generateAppProofs
boolean
Enable to have your activity generate and return App Proofs, enabling verifiability.

Response

A successful response returns the following fields:
activity
object
required
The activity object containing type, intent, and result
curl --request POST \
  --url https://api.turnkey.com/public/v1/submit/recover_user \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header "X-Stamp: <string> (see Authorizations)" \
  --data '{
    "type": "ACTIVITY_TYPE_RECOVER_USER",
    "timestampMs": "<string> (e.g. 1746736509954)",
    "organizationId": "<string> (Your Organization ID)",
    "parameters": {
        "authenticator": {
            "authenticatorName": "<string>",
            "challenge": "<string>",
            "attestation": {
                "credentialId": "<string>",
                "clientDataJson": "<string>",
                "attestationObject": "<string>",
                "transports": [
                    "<AUTHENTICATOR_TRANSPORT_BLE>"
                ]
            }
        },
        "userId": "<string>"
    }
}'
import { Turnkey } from "@turnkey/sdk-server";

const turnkeyClient = new Turnkey({
  apiBaseUrl: "https://api.turnkey.com",
  apiPublicKey: process.env.API_PUBLIC_KEY!,
  apiPrivateKey: process.env.API_PRIVATE_KEY!,
  defaultOrganizationId: process.env.ORGANIZATION_ID!,
});

const response = await turnkeyClient.apiClient().recoverUser({
  authenticator: { // authenticator field,
    authenticatorName: "<string> (Human-readable name for an Authenticator.)",
    challenge: "<string> (Challenge presented for authentication purposes.)",
    attestation: { // attestation field,
      credentialId: "<string> (The cbor encoded then base64 url encoded id of the credential.)",
      clientDataJson: "<string> (A base64 url encoded payload containing metadata about the signing context and the challenge.)",
      attestationObject: "<string> (A base64 url encoded payload containing authenticator data and any attestation the webauthn provider chooses.)",
      transports: "<AUTHENTICATOR_TRANSPORT_BLE>" // The type of authenticator transports.,
    },
  },
  userId: "<string> (Unique identifier for the user performing recovery.)"
});
{
  "activity": {
    "id": "<activity-id>",
    "status": "ACTIVITY_STATUS_COMPLETED",
    "type": "ACTIVITY_TYPE_RECOVER_USER",
    "organizationId": "<organization-id>",
    "timestampMs": "<timestamp> (e.g. 1746736509954)",
    "result": {
      "activity": {
        "id": "<string>",
        "organizationId": "<string>",
        "status": "<string>",
        "type": "<string>",
        "intent": {
          "recoverUserIntent": {
            "authenticator": {
              "authenticatorName": "<string>",
              "challenge": "<string>",
              "attestation": {
                "credentialId": "<string>",
                "clientDataJson": "<string>",
                "attestationObject": "<string>",
                "transports": [
                  "<AUTHENTICATOR_TRANSPORT_BLE>"
                ]
              }
            },
            "userId": "<string>"
          }
        },
        "result": {
          "recoverUserResult": {
            "authenticatorId": [
              "<string>"
            ]
          }
        },
        "votes": "<array>",
        "fingerprint": "<string>",
        "canApprove": "<boolean>",
        "canReject": "<boolean>",
        "createdAt": "<string>",
        "updatedAt": "<string>"
      }
    }
  }
}