Secure context

This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

The AuthenticatorResponse interface of the Web Authentication API is the base interface for interfaces that provide a cryptographic root of trust for a key pair. The child interfaces include information from the browser such as the challenge origin and either may be returned from PublicKeyCredential.response.

Interfaces based on AuthenticatorResponse

Below is a list of interfaces based on the AuthenticatorResponse interface.


A JSON string in an ArrayBuffer, representing the client data that was passed to CredentialsContainer.create() or CredentialsContainer.get().




Getting an AuthenticatorAssertionResponse

var options = {
  challenge: new Uint8Array([/* bytes sent from the server */])

navigator.credentials.get({ "publicKey": options })
    .then(function (credentialInfoAssertion) {
    var assertionResponse = credentialInfoAssertion.response;
    // send assertion response back to the server
    // to proceed with the control of the credential
}).catch(function (err) {

Getting an AuthenticatorAttestationResponse

var publicKey = {
  challenge: /* from the server */,
  rp: {
    name: "Example CORP",
    id  : ""
  user: {
    id: new Uint8Array(16),
    name: "",
    displayName: "John Doe"
  pubKeyCredParams: [
      type: "public-key",
      alg: -7

navigator.credentials.create({ publicKey })
  .then(function (newCredentialInfo) {
    var attestationResponse = newCredentialInfo.response;
  }).catch(function (err) {


Specification Status Comment
Web Authentication: An API for accessing Public Key Credentials Level 1
The definition of 'AuthenticatorResponse interface' in that specification.
Recommendation Initial definition.

Browser compatibility

BCD tables only load in the browser

See also