Apple Passkey Account Creation API on iOS 26

+70-page Enterprise Passkey Whitepaper:
Learn how leaders get +80% passkey adoption. Trusted by Rakuten, Klarna & Oracle

Get free Whitepaper

With the release of iOS, iPadOS, macOS and visionOS 26, Apple is accelerating the transition to a passwordless future. One unexpected new features of its passkey strategy is the new Passkey Account Creation API, a powerful tool that offers what Apple describes as "the fastest, easiest way to create a new account and it gives you a passkey from the start." For iOS developers, this API represents a great opportunity to enhance the user onboarding experience. This article provides a comprehensive look at the iOS Passkey Account Creation API, its benefits and how you can integrate it into your applications.

Apple's Passkey Account Creation API revolutionizes account onboarding by enabling a streamlined, one-step sign-up flow. Instead of traditional forms that require users to manually enter details and create a password, the system presents a pre-filled sign-up sheet. This sheet requests for example the user's name and email or phone number and automatically generates a passkey for the new account. With a simple confirmation and Face ID or Touch ID authentication, the user is signed up and logged in - no password required. This makes the account passkey creation on iOS process incredibly smooth.

Necessary information like name and email is pre-populated from the user's device data, though it remains editable.

Crucially, this flow establishes a passkey as the default credential for every new account. This passkey is saved to the user's iCloud Keychain by default, or to a third-party credential manager (e.g. Dashlane or 1Password) if supported and selected by the user, ensuring the account is protected by a phishing-resistant credential from day one. An account created on an iPhone is instantly available on their iPad or Mac (as the passkey is synced) with prompts for automatic passkey login. This cross-device convenience dramatically reduces friction.

Subscribe to our Passkeys Substack for the latest news.

Subscribe

Adopting the Passkey Account Creation API means leveraging a system-provided UI instead of building your own sign-up form. The system displays a native sign-up sheet that clearly outlines the requested information (like email, phone number, and name) and informs the user that a passkey will be created. This transparency, consistent with system behaviors like Sign in with Apple, helps build user trust. The API allows you to specify whether you need an email or phone number, and the sheet automatically pre-fills this contact information along with the user's name if requested, from their iCloud Keychain data.

Upon user confirmation via Face ID or Touch ID, the device seamlessly creates a new passkey credential for your app's domain (relying party). Behind the scenes, a new key pair is generated, and the private key is stored securely on the device. The public key is then sent to your server, allowing you to associate it with the new account in place of a password.

Become part of our Passkeys Community for updates & support.

Join

Integrating the Apple Passkey Account Creation API is straightforward, as it's part of the AuthenticationServices framework. You'll primarily work with the ASAuthorizationAccountCreationProvider class.

The process begins by creating a passkey registration request. You'll initialize an ASAuthorizationAccountCreationProvider and call its createPlatformPublicKeyCredentialRegistrationRequest method, specifying a few key parameters:

• acceptedContactIdentifiers: Define the user identity types your app accepts, such as .email or .phoneNumber.
• shouldRequestName: A boolean to indicate if your app requires the user's name.
• relyingPartyIdentifier: Your service's domain name.
• challenge: A one-time challenge from your server to secure the registration.
• userID: A new, unique identifier for the user account.

Next, you'll use an ASAuthorizationController to perform the request. In SwiftUI, you can easily access this from the environment. Once the user completes the native UI flow, you'll receive an ASAuthorizationResult. If successful, this will be a .passkeyAccountCreation result containing the user's details and the new ASAuthorizationPlatformPublicKeyCredential. With this information, you can create the user account in your database, store the public key, and log them into your app.

Here is a simplified Swift snippet illustrating the implementation for an iOS passkey account creation:

@Environment(\.authorizationController) var authorizationController  // SwiftUI environment controller
 
func performPasskeySignUp() async throws {
    let provider = ASAuthorizationAccountCreationProvider()
    let request = provider.createPlatformPublicKeyCredentialRegistrationRequest(
        acceptedContactIdentifiers: [.email, .phoneNumber],
        shouldRequestName: true,
        relyingPartyIdentifier: "example.com",
        challenge: try await fetchChallenge(),      // retrieve registration challenge from server
        userID: try await fetchNewUserID()          // obtain a new unique user ID from server
    )
    do {
        let result = try await authorizationController.performRequest(request)
        if case .passkeyAccountCreation(let account) = result {
            // Success: use `account` to get user details and public key credential
            // e.g., account.contactIdentifier (email/phone), account.name, account.credential
            // TODO: Send account.credential.publicKey to your server to register the new user
            // Then sign the user in to the app
        }
    } catch ASAuthorizationError.deviceNotConfiguredForPasskeyCreation {
        // Device not ready (e.g. no device passcode) – fall back to regular sign-up form
        showStandardSignUpForm()
    } catch ASAuthorizationError.canceled {
        // User canceled the sheet – fall back to regular sign-up form
        showStandardSignUpForm()
    } catch ASAuthorizationError.preferSignInWithApple {
        // User already has an account via Sign in with Apple – direct them to sign in with Apple
        await handleSignInWithAppleFlow()
    } catch {
        // Handle other errors (e.g. network issues)
        print("Passkey sign-up failed: \(error)")
    }
}

A real implementation requires handling edge cases gracefully. If the device isn't configured for passkey creation (e.g. no passcode is set), the API will throw a deviceNotConfiguredForPasskeyCreation error. Similarly, if the user cancels the flow, a canceled error is thrown. In both scenarios, your app should fall back to a traditional sign-up method to ensure users can still create an account.

A special case is the preferSignInWithApple error, which indicates the user may already have an account through Sign in with Apple. The best practice here is to immediately initiate a Sign in with Apple flow to avoid creating duplicate accounts.

To create the best user experience, consider implementing an automatic sign-in prompt on app launch. By checking for existing credentials when the app opens, you can offer to sign the user in instantly. This is particularly powerful for cross-device experiences, enhancing re-engagement. Finally, be sure to thoroughly test the new flow and your fallback mechanisms on various devices and configurations. A practical example of this seamless experience can be seen when a user quickly switches accounts on iOS, demonstrating how effortless and intuitive passkey-based sign-ins have become.

Why Are Passkeys Important For Enterprises?

Passkeys for Enterprises

Enterprises worldwide face severe risks due to weak passwords and phishing. Passkeys are a leading phishing-resistant MFA method that meets enterprise security and UX needs. Our whitepaper shows how to implement passkeys efficiently and what the business impact is.

Download free whitepaper

Work email *

Name *

Company *

Job title *

Get whitepaper

Apple's new Passkey Account Creation API is a significant step to spread passkeys even further making user onboarding frictionless and secure by default. By eliminating passwords at the point of creation, it offers a superior user experience and robust protection against phishing.

As an iOS developer, adopting this API will not only improve your sign-up conversion and security but also signal to users that your app is modern and privacy-conscious. As Apple emphasized at WWDC, developer adoption is key to making a passwordless world a reality. To get started, dive into Apple's official documentation for the AuthenticationServices framework and explore the sample code for ASAuthorizationAccountCreationProvider. Now is the perfect time to build a passwordless future into your apps!

The createPlatformPublicKeyCredentialRegistrationRequest method requires five parameters: acceptedContactIdentifiers (.email or .phoneNumber), shouldRequestName (boolean), relyingPartyIdentifier (your domain), a server-issued one-time challenge and a new unique userID. The challenge and userID must be fetched from your server before each registration attempt.

This error fires when the user's device has no passcode set, making passkey creation impossible. Fall back to a traditional sign-up form so users can still create an account. The canceled error, thrown when a user dismisses the sheet, requires the same fallback approach.

The native sign-up sheet pre-fills the user's name, email and phone number from their iCloud Keychain data. Developers control which fields appear using the acceptedContactIdentifiers parameter and the shouldRequestName boolean. All pre-filled information remains editable by the user before confirmation.

By replacing manual data-entry forms with a pre-filled system sheet confirmed via Face ID or Touch ID, the API reduces sign-up steps to a single confirmation gesture. The passkey syncs to iCloud Keychain immediately, so the new account is available on all linked Apple devices without any additional setup.