Developer platform

Add hardware-rooted human authorization to your app in minutes.

SDKs, API playgrounds, and production-ready patterns for WebAuthn, passkeys, AI approvals, and challenge-response flows.

  • JS/TS, Python, and cURL quickstarts
  • Challenge lifecycle: request → verify → attest → sign
  • Production-safe patterns for AI approvals
Open Developer DocsSee challenge lifecycle
KEYRA ONE device for developer authorization flows

  • WebAuthn / FIDO2

    Hardware-bound credentials aligned with FIDO2 relying-party flows.

  • Challenge-response

    Cryptographic challenges with single-use, time-bound verification.

  • Secure element

    Keys and signing operations stay inside tamper-resistant hardware.

  • No biometric transmission

    Biometric templates never leave the device or your backend.

  • Human-in-the-loop AI approvals

    Explicit human proof before agents move funds or release data.

Challenge lifecycle

Request → verify → attest → sign.

Every integration follows the same human-in-the-loop pattern — whether you are building passkey login, AI approvals, or physical access.

01 · Request

An app, AI agent, or lock issues a cryptographic challenge — never a password field.

02 · Verify

You touch KEYRA ONE. Biometric proof is checked locally in milliseconds.

03 · Attest

The secure element signs a response bound to the challenge — no replay possible.

04 · Sign

The relying party receives hardware-rooted proof that a human authorized the action.

Integration patterns

Built for real production flows.

WebAuthn & Passkeys

Hardware-bound credentials with FIDO2-aligned flows — biometrics never leave KEYRA.

AI Agent Approvals

Sign agent-initiated actions with explicit human proof before funds move or data is released.

BLE Challenge-Response

Low-latency attestation for physical access, device pairing, and high-trust mobile flows.

Physical Access

BLE challenge unlock with utility logging and an auditable access ledger.

Financial Approval

High-value transfers and treasury actions gated by hardware-rooted human authorization.

Data Release Authorization

Consent and data-export workflows with cryptographic proof of who approved release.

API example

Start with a challenge.

Issue a time-bound challenge from your backend. KEYRA handles local verification, secure-element signing, and returns attestation your server can verify.

Read the full API reference →
POST/v1/challenges
const response = await fetch("https://api.keyra.key/v1/challenges", {
  method: "POST",
  headers: {
    Authorization: "Bearer sk_live_...",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    action: "transfer.approve",
    amount: 12500,
    currency: "USD",
    userId: "usr_8f2a",
    requiresHuman: true,
  }),
});

const challenge = await response.json();
// → { challengeId: "chl_...", expiresAt: "..." }

Sample payload

{
  "action": "transfer.approve",
  "amount": 12500,
  "currency": "USD",
  "userId": "usr_8f2a",
  "requiresHuman": true
}

Security principles

Predictable. Auditable. Human-first.

KEYRA is designed for security teams who need proof — not promises — that a real human authorized each action.

  • Single-use, time-bound challenges
  • Server-side attestation verification
  • Device certificate validation
  • No biometric template leaves KEYRA
  • Webhooks for approve / reject / expired
  • Audit log for every authorization

Build with proof that a real human authorized the action.

Open the docs, reserve founder hardware, or talk to our enterprise team.

Open Developer DocsContact Enterprise