Passage Passkey Flex docs are in beta. Passkey Complete docs can be found at

App management

Apps are the fundamental components of Passage. They provide authentication solutions for a set of end users.

Organizations & apps

All apps are owned by an Organization. You can create multiple Passage apps, including separate apps for unrelated websites or different environments (for example dev, staging, and production).

App types

Embedded authentication

Embedded apps provide authentication solutions built into your web and mobile applications. There are two different types of embedded apps: Passkey Complete and Passkey Flex. Learn more about the difference between Passkey Complete and Passkey Flex.

Hosted authentication

Hosted apps provide authentication solutions on a Passage hosted login page. The Passage hosted login page is an OIDC-compliant identity provider. Learn more about how hosted authentication works (opens in a new tab).

App settings

All apps require the following values:

App nameA Passage app's name distinguishes it from other apps or environments in your Passage Console. An app's name should represent a specific userbase.
Authentication origin

An authentication origin is the full URL of the app that Passage will run on. It includes the protocol, domain, and port (if non-standard). Passage biometrics will not work on domains without TLS (i.e. https://), but Passage web biometrics will work on http://localhost (opens in a new tab) for testing.

Authentication origins of are not allowed, and will automatically be changed to localhost.

API keys

API keys are critical for the security of using Passage, as they grant full access to manage your users. When deploying your application to a new environment, we recommend generating a new API key and storing it in your system's secrets storage.

Native mobile apps

To support Passage on Android and iOS, you must create native mobile apps for your Passage app. This allows authentication to be connected across web and mobile applications.


Android apps require the following values:

Native app nicknameName to distinguish from other native apps
Package nameApplication ID
Signing certificate SHA256 fingerprintApp signing certificate


iOS apps require the following values:

Native app nicknameName to distinguish from other native apps
App bundle IDiOS bundle identifier
Team IDApple team ID

App transfers

For app organization transfers, please contact our dedicated support team at They will assist you with the necessary steps and provide guidance throughout the process.