Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

The AuthenticatorResponse interface of the Web Authentication API is the base interface for interfaces that provide a cryptographic root of trust for a key pair. The child interfaces include information from the browser such as the challenge origin and either may be returned from PublicKeyCredential.response.

Interfaces based on AuthenticatorResponse

Below is a list of interfaces based on the AuthenticatorResponse interface.

Instance properties


A JSON string in an ArrayBuffer, representing the client data that was passed to CredentialsContainer.create() or CredentialsContainer.get().

Instance methods



Getting an AuthenticatorAssertionResponse

const options = {
  challenge: new Uint8Array([
    /* bytes sent from the server */

  .get({ publicKey: options })
  .then((credentialInfoAssertion) => {
    const assertionResponse = credentialInfoAssertion.response;
    // send assertion response back to the server
    // to proceed with the control of the credential
  .catch((err) => console.error(err));

Getting an AuthenticatorAttestationResponse

const publicKey = {
  challenge: new Uint8Array([
    21, 31, 105 /* 29 more random bytes generated by the server */,
  rp: {
    name: "Example CORP",
    id: "",
  user: {
    id: new Uint8Array(16),
    name: "",
    displayName: "John Doe",
  pubKeyCredParams: [
      type: "public-key",
      alg: -7,

  .create({ publicKey })
  .then((newCredentialInfo) => {
    const attestationResponse = newCredentialInfo.response;
  .catch((err) => console.error(err));


Web Authentication: An API for accessing Public Key Credentials - Level 3
# authenticatorresponse

Browser compatibility

BCD tables only load in the browser

See also