Passage Passkey Flex docs are in beta. Passkey Complete docs can be found at


Passage APIs provide a flexible solution to integrate Passage into your existing auth systems.

The APIs are organized around REST principles. They utilize predictable resource-oriented URLs, accept form-encoded request bodies, return JSON-encoded responses, and use standard HTTP response codes, authentication, and verbs.

Passage SDKs are available for simplified integration with your app. However, for more advanced or unsupported use cases, the APIs can be used directly.

Server side requests are made to the Passage Management Flex SDK API (opens in a new tab).

Base URL

Neccessary values

API keys

Apps must utilize API keys to authenticate with the Passage API. To generate an API key, navigate to Settings > API Keys in the Passage Console.

The HTTP Authorization request header must be sent with the API key in the following format:

"Authorization": "Bearer {PASSAGE_API_KEY}"
App settings pageApp settings page in Passage Console

App ID

The App ID is a unique identifier for your app, used to identify the app in the Passage system. The App ID is required for all API requests.


Passage supports conventional HTTP response codes.

2xx codes indicate success.

4xx codes indicate an error with the information provided in the request.

5xx codes indicate a Passage server error.

Error properties

PropertyData Type
codestring Enum

400 Bad Request

Invalid request errors are returned when the request is missing required parameters or the parameters are invalid.

Swagger docs (opens in a new tab)

401 Unauthorized

Login failures and invalid request data. An invalid access token occurs when the API key is expired, revoked, or invalid. See API key.

Swagger docs (opens in a new tab)

403 Forbidden

Returned when the user does not have the necessary permissions to access the resource.

Swagger docs (opens in a new tab)

404 Not Found

Resource not found.

Swagger docs (opens in a new tab)

500 Internal Server Error

Problem with the Passage server.

Swagger docs (opens in a new tab)