Since March 2025, this feature works across the latest devices and browser versions. This feature might not work in older devices or browsers.
Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
The toJSON() method of the PublicKeyCredential interface returns a JSON type representation of a PublicKeyCredential.
The properties of the returned object depend on whether the credential is returned by navigator.credentials.create() when creating a key pair and registering a user, or navigator.credentials.get() when authenticating a user.
This method is automatically invoked when web app code calls JSON.stringify() to serialize a PublicKeyCredential so that it can be sent to relying party server when registering or authenticating a user. It not intended to be called directly in web app code.
toJSON()
None.
A JSON type representation of a PublicKeyCredential object.
The included properties depend on whether the credential was returned by navigator.credentials.create() on registration, or navigator.credentials.get() when authenticating a user. The values and types of included properties are the same as for PublicKeyCredential, with the exception that base64url-encoded strings are used in place of buffer properties.
The object properties are:
idThe value returned by PublicKeyCredential.id.
rawIdA base64url-encoded version of PublicKeyCredential.rawId.
authenticatorAttachment OptionalThe value returned by PublicKeyCredential.authenticatorAttachment.
typeThe string "public-key".
clientExtensionResultsAn array containing base64url-encoded versions of the values returned by PublicKeyCredential.getClientExtensionResults().
responseThe response property object depends on whether the credentials are returned following a registration or authentication operation.
When registering a new user response will be a JSON-type representation of AuthenticatorAttestationResponse where buffer values have been base64url encoded.
When authenticating a user the returned value will be a JSON-type representation version of AuthenticatorAssertionResponse where buffer values have been base64url encoded.
SecurityError DOMException
The RP domain is not valid.
When registering a new user, a relying party server will supply information about the expected credentials to the web app. The web app calls navigator.credentials.create() with the received information (createCredentialOptions below), which returns a promise that fulfills with the new credential (a PublicKeyCredential).
const newCredentialInfo = await navigator.credentials.create({
createCredentialOptions,
});
The web app then serializes the returned credential using JSON.stringify() (which in turn calls toJSON()) and posts it back to the server.
const registration_url = "https://example.com/registration";
const apiRegOptsResp = await fetch(registration_url, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify(newCredentialInfo), // Calls newCredentialInfo.toJSON
});
| Specification |
|---|
| Web Authentication: An API for accessing Public Key Credentials - Level 3> # dom-publickeycredential-tojson> |
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Opera | Safari | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | WebView Android | WebView on iOS | |
toJSON |
129 | 129 | 119 | 115 | 18.4 | 129 | 119 | 86 | 18.4 | 28.0 | No | 18.4 |
PublicKeyCredential.parseCreationOptionsFromJSON()PublicKeyCredential.parseRequestOptionsFromJSON()
© 2005–2025 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential/toJSON