Delete WebAuthn Credential
Delete a WebAuthn credential from the user's account.
Quick Navigation
Endpoint
DELETE /api/v1/webauthn/credentials/{credential_id}
Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer <access_token> |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
credential_id | integer | Yes | ID of the WebAuthn credential to delete |
Validations
- Credential ID must exist
- Credential must belong to current user
Response
Success (200)
{
"success": true,
"data": {
"success": true,
"message": "WebAuthn credential deleted successfully"
},
"message": "WebAuthn credential deleted successfully"
}
Error Codes
| Status | Code | Description |
|---|---|---|
| 401 | UNAUTHORIZED | Invalid or missing token |
| 404 | CREDENTIAL_NOT_FOUND | Credential not found or doesn't belong to user |
| 500 | CREDENTIAL_DELETION_FAILED | Internal server error |
Data Flow
-
Authentication
- Verify access token
- Get current user
-
Credential Validation
- Query WebAuthnCredential table
- Verify credential exists and belongs to user
-
Credential Deletion
- Delete credential from database
- Remove public key data
-
User Status Update
- If last credential: Update user's WebAuthn status
- Disable WebAuthn if no credentials remain
-
Audit Logging
- Log credential deletion event
- Record credential information
-
Response
- Return success confirmation
Features
- Remove credential from database
- Update user's WebAuthn status
- Audit logging
- Prevents removal of non-existent credentials
- Prevents removal of other users' credentials
Important Notes
- Removing the last credential disables WebAuthn for the user
- User can register new credentials anytime
- Credential deletion is permanent
Example
curl -X DELETE https://api.rivergen.com/api/v1/webauthn/credentials/1 \
-H "Authorization: Bearer <access_token>"
Related Endpoints
- List Credentials - View all credentials
- Start Registration - Add new credential