Authentication
Credentials
An overview of credentials and how they’re used with various authentication methods
Introduction
After authenticating using frequently-used methods like SMS OTP, Email Authentication, or OAuth (e.g., Google), users will make requests to Turnkey with a resulting API key. Each API key includes aCredential field specifying its type and public key. This Credential type can be used to identify how the API key was issued and which specific authentication method was used.
Passkeys, known as Authenticators within the context of Turnkey, also have the same Credential field and are equally distinguished by the credential type.
Obtaining an API key’s credential type and public key
To obtain an API key’s credential type and public key you can use the GetAPIKey query. The API Key fields will be returned from this call and the credentialtype and public_key fields will be in the response. This will return an object that looks like:
Credential Types
The table below describes all of the different credential types and what authentication methods correspond to that credential type| Type | Authentication Method(s) |
|---|---|
| CREDENTIAL_TYPE_WEBAUTHN_AUTHENTICATOR | Passkey/Authenticator Authentication |
| CREDENTIAL_TYPE_API_KEY_P256 | CreateAPIKeys - curveType API_KEY_CURVE_P256 |
| CREDENTIAL_TYPE_RECOVER_USER_KEY_P256 | Email Recovery |
| CREDENTIAL_TYPE_API_KEY_SECP256K1 | Used for Ethereum and SECP256K1 chainS Wallet Authentication |
| CREDENTIAL_TYPE_EMAIL_AUTH_KEY_P256 | Credential Bundle based Email Authentication |
| CREDENTIAL_TYPE_API_KEY_ED25519 | Solana and ED25519 chains Wallet Authentication |
| CREDENTIAL_TYPE_OTP_AUTH_KEY_P256 | OTP based Email or SMS Authentication |
| CREDENTIAL_TYPE_READ_WRITE_SESSION_KEY_P256 | CreateReadWriteSession |
| CREDENTIAL_TYPE_OAUTH_KEY_P256 | Social Logins |
| CREDENTIAL_TYPE_LOGIN | IndexedDB Authentication; OTP, Passkey, or OAuth |