HomeDocumentation Index
Fetch the complete documentation index at: https://turnkey-0e7c1f5b-graham-docs-revamp.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Types
Authenticators — WebAuthn devices registered on Turnkey: passkeys, biometrics, and hardware keys. Used to sign requests directly, using the WebAuthn standard (no passwords). API keys — P-256 key pairs used to sign API requests. Come in two forms:- Long-lived — created via the dashboard, CLI, or API. You generate the key pair; Turnkey stores the public key.
- Expiring — issued automatically when a user authenticates via email, SMS, OAuth, or wallet auth. Short-lived by default (15 minutes), with a configurable expiration window.
Credential types
Each issuance path produces a credential of a specific type, which Turnkey returns in API responses. You can retrieve the type and public key for any API key via GetAPIKey.| Credential type | Issued by |
|---|---|
CREDENTIAL_TYPE_WEBAUTHN_AUTHENTICATOR | Passkeys |
CREDENTIAL_TYPE_API_KEY_P256 | Manually created API keys |
CREDENTIAL_TYPE_OTP_AUTH_KEY_P256 | Email OTP or SMS auth |
CREDENTIAL_TYPE_EMAIL_AUTH_KEY_P256 | Email auth — credential bundle method (legacy) |
CREDENTIAL_TYPE_RECOVER_USER_KEY_P256 | Email recovery (legacy) |
CREDENTIAL_TYPE_OAUTH_KEY_P256 | Social logins |
CREDENTIAL_TYPE_API_KEY_SECP256K1 | Wallet auth — Ethereum/SECP256K1 |
CREDENTIAL_TYPE_API_KEY_ED25519 | Wallet auth — Solana/ED25519 |
CREDENTIAL_TYPE_READ_WRITE_SESSION_KEY_P256 | Read-write sessions |
CREDENTIAL_TYPE_LOGIN | IndexedDB auth — OTP, passkey, or OAuth |