This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

This feature has been removed from the Web standards. Though some browsers may still support it, it is in the process of being dropped. Avoid using it and update existing code if possible; see the compatibility table at the bottom of this page to guide your decision. Be aware that this feature may cease to work at any time.

The additionalData property of the PasswordCredential interface takes one of a FormData instance, a URLSearchParams instance, or null. The data in the objects will be added to the request body and sent to the remote endpoint with the credentials.


passwordCredential.additionalData = formData
formData = passwordCredential.additionalData
passwordCredential.additionalData = urlSearchParams
ulrSearchParams = passwordCredential.additionalData


One of a FormData instance, a URLSearchParams instance, or null.


The following example creates a FormData object with an appended CSRF token. It then stores the form object in the additionalData parameter, before sending it to server in a call to fetch.

//The options object was previously created. 
navigator.credentials.get(options).then(function(creds) {
  if (creds.type == 'password') {
    var form = new FormData();
    var csrf_token = document.querySelector('csrf_token').value;
    form.append('csrf_token', csrf_token);

    creds.additionalData = form;

    fetch('', {
      method: 'POST',
      credentials: creds


Specification Status Comment
Credential Management Level 1 Working Draft Initial definition.

Browser compatibility

FeatureChromeEdgeFirefoxInternet ExplorerOperaSafari
Basic support51 ? ? ? ? ?
FeatureAndroid webviewChrome for AndroidEdge mobileFirefox for AndroidOpera AndroidiOS SafariSamsung Internet
Basic support5151 ? ? ? ? ?

Document Tags and Contributors

Contributors to this page: Sheppy, connorshea, jpmedley, david_ross, mantou
Last updated by: Sheppy,