Oauth

curl --request POST \
  --url https://api.turnkey.com/public/v1/submit/oauth \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header "X-Stamp: <YOUR_API_KEY.YOUR_API_SECRET>" \
  --data '{
    "type": "ACTIVITY_TYPE_OAUTH",
    "timestampMs": "<string> (e.g., 1745474677471)",
    "organizationId": "<string> (Your Organization ID)",
    "parameters": {
        "oidcToken": "<string>",
        "targetPublicKey": "<string>",
        "apiKeyName": "<string>",
        "expirationSeconds": "<string>"
    }
}'

{
  "activity": {
    "id": "<activity-id>",
    "status": "ACTIVITY_STATUS_COMPLETED",
    "type": "ACTIVITY_TYPE_OAUTH",
    "organizationId": "<organization-id>",
    "timestampMs": "<timestamp> (e.g., 1745474677471)",
    "result": {
      "activity": {
        "type": "<string>",
        "intent": {
          "oauthIntent": {
            "oidcToken": "<string>",
            "targetPublicKey": "<string>",
            "apiKeyName": "<string>",
            "expirationSeconds": "<string>"
          }
        },
        "result": {
          "oauthResult": {
            "userId": "<string>",
            "apiKeyId": "<string>",
            "credentialBundle": "<string>"
          }
        }
      }
    }
  }
}

curl --request POST \
  --url https://api.turnkey.com/public/v1/submit/oauth \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header "X-Stamp: <YOUR_API_KEY.YOUR_API_SECRET>" \
  --data '{
    "type": "ACTIVITY_TYPE_OAUTH",
    "timestampMs": "<string> (e.g., 1745474677471)",
    "organizationId": "<string> (Your Organization ID)",
    "parameters": {
        "oidcToken": "<string>",
        "targetPublicKey": "<string>",
        "apiKeyName": "<string>",
        "expirationSeconds": "<string>"
    }
}'

{
  "activity": {
    "id": "<activity-id>",
    "status": "ACTIVITY_STATUS_COMPLETED",
    "type": "ACTIVITY_TYPE_OAUTH",
    "organizationId": "<organization-id>",
    "timestampMs": "<timestamp> (e.g., 1745474677471)",
    "result": {
      "activity": {
        "type": "<string>",
        "intent": {
          "oauthIntent": {
            "oidcToken": "<string>",
            "targetPublicKey": "<string>",
            "apiKeyName": "<string>",
            "expirationSeconds": "<string>"
          }
        },
        "result": {
          "oauthResult": {
            "userId": "<string>",
            "apiKeyId": "<string>",
            "credentialBundle": "<string>"
          }
        }
      }
    }
  }
}

POST

public

submit

oauth

Authorizations

API Key
Webauthn (Passkey)

X-Stamp

string

header

required

Body

type

enum<string>

required

Enum options: ACTIVITY_TYPE_OAUTH

timestampMs

string

required

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId

string

required

Unique identifier for a given Organization.

parameters

object

required

parameters field

Show details

parameters.oidcToken

string

required

Base64 encoded OIDC token

parameters.targetPublicKey

string

required

Client-side public key generated by the user, to which the oauth bundle (credentials) will be encrypted.

parameters.apiKeyName

string

Optional human-readable name for an API Key. If none provided, default to Oauth - <Timestamp>

parameters.expirationSeconds

string

Expiration window (in seconds) indicating how long the API key is valid. If not provided, a default of 15 minutes will be used.

Response

A successful response returns the following fields:

activity

object

required

The activity object containing type, intent, and result

Show activity details

activity.type

string

required

The activity type

activity.intent

object

required

The intent of the activity

Show intent details

activity.intent.oauthIntent

object

required

The oauthIntent object

Show oauthIntent details

activity.intent.oauthIntent.oidcToken

string

required

Base64 encoded OIDC token

activity.intent.oauthIntent.targetPublicKey

string

required

Client-side public key generated by the user, to which the oauth bundle (credentials) will be encrypted.

activity.intent.oauthIntent.apiKeyName

string

Optional human-readable name for an API Key. If none provided, default to Oauth - <Timestamp>

activity.intent.oauthIntent.expirationSeconds

string

Expiration window (in seconds) indicating how long the API key is valid. If not provided, a default of 15 minutes will be used.

activity.result

object

required

The result of the activity

Show result details

activity.result.oauthResult

object

required

The oauthResult object

Show oauthResult details

activity.result.oauthResult.userId

string

required

Unique identifier for the authenticating User.

activity.result.oauthResult.apiKeyId

string

required

Unique identifier for the created API key.

activity.result.oauthResult.credentialBundle

string

required

HPKE encrypted credential bundle

curl --request POST \
  --url https://api.turnkey.com/public/v1/submit/oauth \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header "X-Stamp: <YOUR_API_KEY.YOUR_API_SECRET>" \
  --data '{
    "type": "ACTIVITY_TYPE_OAUTH",
    "timestampMs": "<string> (e.g., 1745474677471)",
    "organizationId": "<string> (Your Organization ID)",
    "parameters": {
        "oidcToken": "<string>",
        "targetPublicKey": "<string>",
        "apiKeyName": "<string>",
        "expirationSeconds": "<string>"
    }
}'

{
  "activity": {
    "id": "<activity-id>",
    "status": "ACTIVITY_STATUS_COMPLETED",
    "type": "ACTIVITY_TYPE_OAUTH",
    "organizationId": "<organization-id>",
    "timestampMs": "<timestamp> (e.g., 1745474677471)",
    "result": {
      "activity": {
        "type": "<string>",
        "intent": {
          "oauthIntent": {
            "oidcToken": "<string>",
            "targetPublicKey": "<string>",
            "apiKeyName": "<string>",
            "expirationSeconds": "<string>"
          }
        },
        "result": {
          "oauthResult": {
            "userId": "<string>",
            "apiKeyId": "<string>",
            "credentialBundle": "<string>"
          }
        }
      }
    }
  }
}

Init OTP auth OTP auth

⌘I

Activities

Queries

Authorizations

Body

Response