naftiko: 1.0.0-alpha2 info: label: FusionAuth API — WebAuthn description: 'FusionAuth API — WebAuthn. 10 operations. Lead operation: Retrieves all WebAuthn credentials for the given user.. Self-contained Naftiko capability covering one business surface.' tags: - FusionAuth - WebAuthn created: '2026-05-20' modified: '2026-05-20' binds: - namespace: env keys: FUSIONAUTH_API_KEY: FUSIONAUTH_API_KEY capability: consumes: - type: http namespace: fusionauth-webauthn baseUri: http://localhost:9011 description: FusionAuth API — WebAuthn business capability. Self-contained, no shared references. resources: - name: api-webauthn path: /api/webauthn operations: - name: deletewebauthncredentialsforuserwithid method: DELETE description: Deletes all of the WebAuthn credentials for the given User Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: query type: string description: The unique Id of the User to delete WebAuthn passkeys for. - name: retrievewebauthncredentialsforuserwithid method: GET description: Retrieves all WebAuthn credentials for the given user. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: query type: string description: The user's ID. - name: api-webauthn-assert path: /api/webauthn/assert operations: - name: completewebauthnassertionwithid method: POST description: 'Complete a WebAuthn authentication ceremony by validating the signature against the previously generated challenge without logging the user ' outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-webauthn-import path: /api/webauthn/import operations: - name: importwebauthncredentialwithid method: POST description: Import a WebAuthn credential outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-webauthn-login path: /api/webauthn/login operations: - name: completewebauthnloginwithid method: POST description: Complete a WebAuthn authentication ceremony by validating the signature against the previously generated challenge and then login the user i outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-webauthn-register-complete path: /api/webauthn/register/complete operations: - name: completewebauthnregistrationwithid method: POST description: Complete a WebAuthn registration ceremony by validating the client request and saving the new credential outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-webauthn-register-start path: /api/webauthn/register/start operations: - name: startwebauthnregistrationwithid method: POST description: Start a WebAuthn registration ceremony by generating a new challenge for the user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-webauthn-start path: /api/webauthn/start operations: - name: startwebauthnloginwithid method: POST description: Start a WebAuthn authentication ceremony by generating a new challenge for the user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-webauthn-id path: /api/webauthn/{id} operations: - name: deletewebauthncredentialwithid method: DELETE description: Deletes the WebAuthn credential for the given Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The Id of the WebAuthn credential to delete. required: true - name: retrievewebauthncredentialwithid method: GET description: Retrieves the WebAuthn credential for the given Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The Id of the WebAuthn credential. required: true exposes: - type: rest namespace: fusionauth-webauthn-rest port: 8080 description: REST adapter for FusionAuth API — WebAuthn. One resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/webauthn name: api-webauthn description: REST surface for api-webauthn. operations: - method: DELETE name: deletewebauthncredentialsforuserwithid description: Deletes all of the WebAuthn credentials for the given User Id. call: fusionauth-webauthn.deletewebauthncredentialsforuserwithid with: userId: rest.userId outputParameters: - type: object mapping: $. - method: GET name: retrievewebauthncredentialsforuserwithid description: Retrieves all WebAuthn credentials for the given user. call: fusionauth-webauthn.retrievewebauthncredentialsforuserwithid with: userId: rest.userId outputParameters: - type: object mapping: $. - path: /v1/api/webauthn/assert name: api-webauthn-assert description: REST surface for api-webauthn-assert. operations: - method: POST name: completewebauthnassertionwithid description: 'Complete a WebAuthn authentication ceremony by validating the signature against the previously generated challenge without logging the user ' call: fusionauth-webauthn.completewebauthnassertionwithid with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/webauthn/import name: api-webauthn-import description: REST surface for api-webauthn-import. operations: - method: POST name: importwebauthncredentialwithid description: Import a WebAuthn credential call: fusionauth-webauthn.importwebauthncredentialwithid with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/webauthn/login name: api-webauthn-login description: REST surface for api-webauthn-login. operations: - method: POST name: completewebauthnloginwithid description: Complete a WebAuthn authentication ceremony by validating the signature against the previously generated challenge and then login the user i call: fusionauth-webauthn.completewebauthnloginwithid with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/webauthn/register/complete name: api-webauthn-register-complete description: REST surface for api-webauthn-register-complete. operations: - method: POST name: completewebauthnregistrationwithid description: Complete a WebAuthn registration ceremony by validating the client request and saving the new credential call: fusionauth-webauthn.completewebauthnregistrationwithid with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/webauthn/register/start name: api-webauthn-register-start description: REST surface for api-webauthn-register-start. operations: - method: POST name: startwebauthnregistrationwithid description: Start a WebAuthn registration ceremony by generating a new challenge for the user call: fusionauth-webauthn.startwebauthnregistrationwithid with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/webauthn/start name: api-webauthn-start description: REST surface for api-webauthn-start. operations: - method: POST name: startwebauthnloginwithid description: Start a WebAuthn authentication ceremony by generating a new challenge for the user call: fusionauth-webauthn.startwebauthnloginwithid with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/webauthn/{id} name: api-webauthn-id description: REST surface for api-webauthn-id. operations: - method: DELETE name: deletewebauthncredentialwithid description: Deletes the WebAuthn credential for the given Id. call: fusionauth-webauthn.deletewebauthncredentialwithid with: id: rest.id outputParameters: - type: object mapping: $. - method: GET name: retrievewebauthncredentialwithid description: Retrieves the WebAuthn credential for the given Id. call: fusionauth-webauthn.retrievewebauthncredentialwithid with: id: rest.id outputParameters: - type: object mapping: $. - type: mcp namespace: fusionauth-webauthn-mcp port: 9090 transport: http description: MCP adapter for FusionAuth API — WebAuthn. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: fusionauth-deletewebauthncredentialsforuserwithid description: Deletes all of the WebAuthn credentials for the given User Id. hints: readOnly: false destructive: true idempotent: true call: fusionauth-webauthn.deletewebauthncredentialsforuserwithid with: userId: tools.userId outputParameters: - type: object mapping: $. - name: fusionauth-retrievewebauthncredentialsforuserwithid description: Retrieves all WebAuthn credentials for the given user. hints: readOnly: true destructive: false idempotent: true call: fusionauth-webauthn.retrievewebauthncredentialsforuserwithid with: userId: tools.userId outputParameters: - type: object mapping: $. - name: fusionauth-completewebauthnassertionwithid description: 'Complete a WebAuthn authentication ceremony by validating the signature against the previously generated challenge without logging the user ' hints: readOnly: false destructive: false idempotent: false call: fusionauth-webauthn.completewebauthnassertionwithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-importwebauthncredentialwithid description: Import a WebAuthn credential hints: readOnly: false destructive: false idempotent: false call: fusionauth-webauthn.importwebauthncredentialwithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-completewebauthnloginwithid description: Complete a WebAuthn authentication ceremony by validating the signature against the previously generated challenge and then login the user i hints: readOnly: false destructive: false idempotent: false call: fusionauth-webauthn.completewebauthnloginwithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-completewebauthnregistrationwithid description: Complete a WebAuthn registration ceremony by validating the client request and saving the new credential hints: readOnly: false destructive: false idempotent: false call: fusionauth-webauthn.completewebauthnregistrationwithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-startwebauthnregistrationwithid description: Start a WebAuthn registration ceremony by generating a new challenge for the user hints: readOnly: false destructive: false idempotent: false call: fusionauth-webauthn.startwebauthnregistrationwithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-startwebauthnloginwithid description: Start a WebAuthn authentication ceremony by generating a new challenge for the user hints: readOnly: false destructive: false idempotent: false call: fusionauth-webauthn.startwebauthnloginwithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-deletewebauthncredentialwithid description: Deletes the WebAuthn credential for the given Id. hints: readOnly: false destructive: true idempotent: true call: fusionauth-webauthn.deletewebauthncredentialwithid with: id: tools.id outputParameters: - type: object mapping: $. - name: fusionauth-retrievewebauthncredentialwithid description: Retrieves the WebAuthn credential for the given Id. hints: readOnly: true destructive: false idempotent: true call: fusionauth-webauthn.retrievewebauthncredentialwithid with: id: tools.id outputParameters: - type: object mapping: $.