> ## Documentation Index
> Fetch the complete documentation index at: https://docs.turnkey.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Credentials

> An overview of credentials and how they're used with various authentication methods

## Introduction

After authenticating using frequently-used methods like [SMS OTP](/authentication/sms), [Email Authentication](/authentication/email), or [OAuth](/authentication/social-logins) (e.g., Google), users will make requests to Turnkey with a resulting API key. Each API key includes a `Credential` field specifying its type and public key. This Credential type can be used to identify how the API key was issued and which specific authentication method was used.

[Passkeys](/authentication/passkeys/introduction), known as Authenticators within the context of Turnkey, also have the same `Credential` field and are equally distinguished by the credential type.

## Obtaining an API key's credential type and public key

To obtain an API key's credential type and public key you can use the [GetAPIKey](/api-reference/queries/get-api-key) query. The API Key fields will be returned from this call and the credential `type` and `public_key` fields will be in the response. This will return an object that looks like:

```sh theme={"system"}
{
   "apiKey": {
      "apiKeyId": "<api-key-id>",
      "apiKeyName": "<api-key-name>",
      "createdAt": {
         "nanos": "0",
         "seconds": "1752105687"
      },
      "credential": {
         "publicKey": "<api-key-public-key>",
         "type": "CREDENTIAL_TYPE_API_KEY_P256"
      },
      "updatedAt": {
         "nanos": "0",
         "seconds": "1752105687"
      }
   }
}
```

## Credential types

The table below describes all of the different credential types and what authentication methods correspond to that credential type

| Type                                                  | Authentication Method(s)                                                                                    |
| ----------------------------------------------------- | ----------------------------------------------------------------------------------------------------------- |
| **CREDENTIAL\_TYPE\_WEBAUTHN\_AUTHENTICATOR**         | [Passkey/Authenticator Authentication](/authentication/passkeys/introduction)                               |
| **CREDENTIAL\_TYPE\_API\_KEY\_P256**                  | [CreateAPIKeys](/api-reference/activities/create-api-keys) - curveType API\_KEY\_CURVE\_P256                |
| **CREDENTIAL\_TYPE\_RECOVER\_USER\_KEY\_P256**        | [Email Recovery](/authentication/email#recovery-flow)                                                       |
| **CREDENTIAL\_TYPE\_API\_KEY\_SECP256K1**             | Used for Ethereum and SECP256K1 chainS [Wallet Authentication](/embedded-wallets/code-examples/wallet-auth) |
| **CREDENTIAL\_TYPE\_EMAIL\_AUTH\_KEY\_P256**          | [Credential Bundle based Email Authentication](/authentication/email#credential-bundle-method)              |
| **CREDENTIAL\_TYPE\_API\_KEY\_ED25519**               | Solana and ED25519 chains [Wallet Authentication](/embedded-wallets/code-examples/wallet-auth)              |
| **CREDENTIAL\_TYPE\_OTP\_AUTH\_KEY\_P256**            | OTP based [Email](/authentication/email#otp-based-method) or [SMS](/authentication/sms) Authentication      |
| **CREDENTIAL\_TYPE\_READ\_WRITE\_SESSION\_KEY\_P256** | [CreateReadWriteSession](/api-reference/activities/create-read-write-session)                               |
| **CREDENTIAL\_TYPE\_OAUTH\_KEY\_P256**                | [Social Logins](/authentication/social-logins)                                                              |
| **CREDENTIAL\_TYPE\_LOGIN**                           | [IndexedDB Authentication](/sdks/javascript-browser#indexeddbclient); OTP, Passkey, or OAuth                |