Signup Confirm

Signup Confirm #

confirmSignup

How to confirm that a user is the owner of a handle #

The confirmSignup function is called after the signup function to notify the AppKey server that the user is the rightful owner of the handle provided during signup. Ownership is verified by AppKey sending a unique six-digit code to the handle, confirming the user’s identity. By passing this code to confirmSignup, the user proves ownership of the handle.

Passkey technology offers a significant advantage over traditional two-factor authentication. Unlike two-factor methods that require repeated verification with each login, Passkey only needs verification once — when the passkey is created. Moreover, traditional two-factor methods can be vulnerable since email or phone handles can be hijacked, and such breaches may go undetected. In contrast, Passkey authentication, based on public/private key encryption, is far more secure and virtually unbreakable.

This function returns a JSON object containing details about the signed-up user.

The name that is returned is a combination of the user handle with the () suffix. For example, “richard@cosync.io(jojo_dkevl)” would be a typical name returned. We add the appname suffix to distinguish the passkeys in the Device Settings Password tab.

URL # 

    /api/appuser/signupConfirm

Method # 

    POST

Headers # 

    app-token: "<App Token>"

Data Parameter # 

    {
        handle: "<user handle>",
        id: <attestation id>,
        response: {
            attestationObject: <attestation object>,
            clientDataJSON: <client data JSON object>
        }

    }

Response: #

Success: #

StatusCode: # 
200 (OK)
Contents: # 
    {
        handle: <user handle>,
        message: "Please check your email for confirmation code.", 
        signUpToken: <signup-token>
    }

Error: #

StatusCode: # 
    400 (BAD REQUEST)
    500 (INTERNAL SERVER ERROR)
Content: # 
    {
        code: "<internal error code>",
        message: "<readable error description>"
    }

The internal codes are integers:

  • 400 - invalid app token
  • 401 - app no longer exists
  • 402 - app is suspended
  • 403 - missing parameter
  • 404 - user account is suspended
  • 406 - app does not support invite
  • 413 - app is migrated
  • 500 - internal server error
  • 601 - user already registered
  • 602 - invalid data