PublicKeyCredential: toJSON() method

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

The toJSON() method of the PublicKeyCredential interface returns a JSON type representation of a PublicKeyCredential.

The properties of the returned object depend on whether the credential is returned by navigator.credentials.create() when creating a key pair and registering a user, or navigator.credentials.get() when authenticating a user.

This method is automatically invoked when web app code calls JSON.stringify() to serialize a PublicKeyCredential so that it can be sent to relying party server when registering or authenticating a user. It not intended to be called directly in web app code.





Return value

A JSON type representation of a PublicKeyCredential object.

The included properties depend on whether the credential was returned by navigator.credentials.create() on registration, or navigator.credentials.get() when authenticating a user. The values and types of included properties are the same as for PublicKeyCredential, with the exception that base64url-encoded strings are used in place of buffer properties.

The object properties are:


The value returned by


A base64url-encoded version of PublicKeyCredential.rawId.

authenticatorAttachment Optional

The value returned by PublicKeyCredential.authenticatorAttachment.


The string "public-key".


An array contaning base64url-encoded versions of the values returned by PublicKeyCredential.getClientExtensionResults().


The response property object depends on whether the credentials are returned following a registration or authentication operation.


When registering a new user, a relying party server will supply information about the expected credentials to the web app. The web app calls navigator.credentials.create() with the received information (createCredentialOptions below), which returns a promise that fulfills with the new credential (a PublicKeyCredential).

const newCredentialInfo = await navigator.credentials.create({

The web app then serializes the returned credential using JSON.stringify() (which in turn calls toJSON()) and posts it back to the server.

const registration_url = "";
const apiRegOptsResp = await fetch(registration_url, {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify(newCredentialInfo), //Calls newCredentialInfo.toJSON


Web Authentication: An API for accessing Public Key Credentials - Level 3
# dom-publickeycredential-tojson

Browser compatibility

BCD tables only load in the browser

See also