# Initiate Registration To register a user with Passkeys using the API you first need to make sure you have the values for your request headers set up by following the [Unauthenticated Requests](/appendix/api-request-setup/unauthenticated-requests.md) setup guide. Once you have your values for `x-scope-id` and `x-encrypted-key` setup. You can now initiate a user registration. The initiateRegistration method initiates the user registration process within a specific scope. It generates a registration challenge that the user must solve to proceed with their registration. ### **HTTP Method**: POST * [Headers](/appendix/api-request-setup/unauthenticated-requests.md) * X-Scope-Id: A UUID string representing the application scope. * X-Encrypted-Key: A string containing the encrypted key for secure communication. * **Body**: * **encrypted\_user**: String - A base64-encoded string containing encrypted user data. The `encrypted_user` is generated by RSA encrypting the user parameters with the non-encrypted AES key you generated when following [Unauthenticated Requests](/appendix/api-request-setup/unauthenticated-requests.md), and by using the following `aesEncrypt` function. ```typescript const aesEncrypt = async ( plainText: string, encryptionKey: BufferSource, keyFormat: "raw" = "raw", keyLength: number = 256 ) => { if (!encryptionKey) { throw Error("Encryption key not initialized"); } const encoder = new TextEncoder(); const data = encoder.encode(plainText); let cryptoKey: CryptoKey; let encrypted: ArrayBuffer; try { cryptoKey = await importKey(keyFormat, encryptionKey, { name: "AES-GCM", length: keyLength }, [ "encrypt", ]); const iv = cryptoObj.getRandomValues(new Uint8Array(12)); // Initialization vector // Same encrypt function from "Unauthenticated Requests" guide. encrypted = await encrypt({ name: "AES-GCM", iv }, cryptoKey, data); const combined = new Uint8Array(iv.length + encrypted.byteLength); combined.set(iv, 0); combined.set(new Uint8Array(encrypted), iv.length); return btoa(String.fromCharCode.apply(null, combined)); } catch (error) { console.error("AES-GCM Encryption error:", error); throw error; } }; ``` Now we can encrypt our user parameters and pass that value as our `encrypted_user` in our API request. ```typescript const params = { username: "test_user", userDisplayName: "test_user" } // Same aesKey created with `generateAesKey` const encrypted_user = await aesEncrypt(JSON.stringify(params), aesKey); ``` ### Response Spec * **challenge\_id**: String - A UUID that uniquely identifies the registration challenge. * **encrypted\_creation\_challenge**: String - A base64-encoded string representing the encrypted challenge that the user must solve to proceed with registration. ### Request Example ```http POST / HTTP/1.1 Host: tiramisu.0xpass.io Content-Type: application/json x-scope-id: 123e4567-e89b-12d3-a456-426614174000 x-encrypted-key: jp6t2GVOvzltN+4VGc21ZKPIbLjEvitE34cFYDvVNrcmF2ukcKMTO8R/F0wbonGZM0NZBg2X94FvirH6Hi2U1zFlXN5srkOdvQL3lVNZ86gbfEtJFPOEAeZkxtTOKOsH4ZXPtUbFOjT2Niblo8njOKibOoAMRKIhtsNTTvRXjHRxnNqVs3QcSe7XbO1DbH/pdRgq+YZN13znlSRsupu4G/h/KBEZr98wXFo8PeDV9F8ZV56F90GqQ3wKzFUBwC9rJihGz0omH+eJA0jB/K7BYt30fhWDnqaLNP2eb1mbIjBCmv6sXqu2jtghr3ejl0YwjP9lCO+aVD7bophfb/IyKg== { "jsonrpc": "2.0", "method": "initiateRegistration", "params": { "encrypted_user": "JZVjZw33OGoQDEMcbOdckx4TzspQEKP5j+iAGqf6b6gPleziY/Noyd4uW6KMSujq0HKP2Rb69p9Wi8ic5O8LZl9oTmmWk4op0CUKejqcV5DsNDp83PYzUg==" }, "id": 1 } ``` ### Response Example ```json { "jsonrpc": "2.0", "result": { "challenge_id": "e0f8cbee-6d64-4a9b-af88-3d73a8b95b34", "encrypted_creation_challenge": "JZVjZw33OGoQDEMcbOdckx4TzspQEKP5j+iAGqf6b6gPleziY/Noyd4uW6KMSujq0HKP2Rb69p9Wi8ic5O8LZl9oTmmWk4op0CUKejqcV5DsNDp83PYzUg==" }, "id": 1 } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.0xpass.io/authentication/passkeys/registration/register-using-api/initiate-registration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.