Product
3 Min.
Read

New and improved features for the Hanko Authentication API

Announcing our all-new Hanko Authentication API - the complete software toolkit for implementing passwordless FIDO®-based strong multi-factor authentication for securing access to online applications.


We’ve made some significant changes to Hanko Authentication API that went live earlier today. The release includes completely redesigned WebAuthn API endpoints and a number of new features which are largely aimed at simplifying the way that developers build passwordless authentication into their applications. Before we get into the details, we wanted to thank all of our early adopters who helped us get this far!


Can’t wait to dive in? You can find the new API docs and accompanying guides here


What's new in Hanko Authentication API?

Streamlined WebAuthn API

When building Hanko, our main goal was taking the complexity out of user authentication – for the end-user, but especially for the developer. Passwordless authentication is now even easier to implement with Hanko due to our all-new WebAuthn API. We’ve redesigned all WebAuthn endpoints to reflect our learnings with v1 and all the changes that the FIDO and WebAuthn specs went through since we’ve built our first (now deprecated) API. Most importantly, the new API does not try to hide any FIDO-specific content anymore. In our old concept, we built an abstraction layer ("Hanko request") around all FIDO messages, regardless of the actual protocol (WebAuthn, UAF) used. We realized that this led to unnecessary steps when interacting with our API as well as some confusion as to what data needed to be contained in the request bodies. The new API is now handling FIDO requests directly as specified by the W3C WebAuthn specs. Further ease-of-use and a simplifying abstraction layer is achieved with our server-side and client-side SDKs.


Private name spaces and separation of customer data

With this release, we've also changed the deployment model of Hanko Authentication API. Instead of a multi-tenant approach like before, the new Hanko Authentication API is truly cloud-native. Every customer API is living in its own private name space, meaning there's no central application handling data of multiple customers any more. So you can be sure that only your user's data is processed and stored in your Hanko Authentication API.

Better scalability

Due to our new deployment model, we have not only improved data privacy and data security, but also the individual scaling capabilities per customer API. Now we can freely scale each individual API without affecting other customer’s operations at all.


Open-source

From the beginning on, Hanko was built for developers. And right from the start, we were convinced that we wanted to make our API open-source. With this release, we successfully did the first steps for an open source WebAuthn / FIDO2 API implementation (written in Golang) which will soon be available on Github.


New documentation and guides

Besides the technical changes in our API, we also cleaned up our documentation. With the new landing page, you can navigate faster through our docs and find your way around easier. Here are a few things you may find helpful when starting working with Hanko:


New overview page

Use our new overview page as an entry point to working with Hanko's Authentication API. Beside our core components, you will find all devices we support and also different use cases how you can use the API. 

Implementation guide

A simple step-by-step guide to build the foundation for implementing passwordless authentication with Hanko.


SDKs

Our SDKs aim at making it as easy as possible for you to integrate Hanko into your existing application. So far, we are offering a client-side SDK for JavaScript / TypeScript and a server-side SDK for Go. Next up will be a Java SDK that will be released in a few days. More languages will follow soon. Stay tuned or contact us if you are looking for a specific one.

OpenAPI reference

We provide an OpenAPI-conformant API description for Hanko Authentication that contains the full API specification. There's no better way to dive deep into all features we offer.

This is just the beginning. Your user experience is of utmost importance to us. We continually work on our tech behind the scenes so that we can roll out updates and new features to you. So that you can focus on your core products.


Start building passwordless authentication for free!

You can start using the new API today. Simply head to the Hanko Console, set it up according to our docs and you are good to go. If you already have API keys for the old Hanko API, you can still continue to use it through the old Console that can be accessed here.

Back to overview
Share Post on

More blog posts like this one

Don't miss out on the latest developments in the authentication space and on Hanko's product.