---
url: 'https://www.corbado.com/blog/passkey-account-creation-api'
title: 'Apple Passkey Account Creation API on iOS 26'
description: 'Learn about the new Apple Passkey Account Creation API on iOS 26. A guide for developers to implement one-step, passwordless sign-up in their apps.'
lang: 'en'
author: 'Vincent Delitz'
date: '2025-06-11T13:12:04.199Z'
lastModified: '2026-03-27T07:01:33.652Z'
keywords: 'Passkey Account Creation API, Account Creation API, iOS Creation API, iOS Account Creation'
category: 'Passkeys Implementation'
---

# Apple Passkey Account Creation API on iOS 26

## Key Facts

- **Apple's Passkey Account Creation API** on iOS 26 enables one-step passwordless
  sign-up: a native sheet pre-fills user details and automatically generates a passkey
  credential from the start.
- The API is part of the **`AuthenticationServices`** framework, using
  `ASAuthorizationAccountCreationProvider` to replace custom sign-up forms with a
  system-provided UI requiring no password.
- Passkeys created via this flow sync to **iCloud Keychain** by default, making new
  accounts instantly available across iPhone, iPad and Mac with automatic login prompts.
- The **`preferSignInWithApple`** error signals an existing account. Best practice is to
  trigger a Sign in with Apple flow immediately to prevent duplicate accounts from being
  created.
- Developers must supply a **server-issued `challenge`** and a unique `userID` per
  request. The device generates a key pair and sends only the public key to the server for
  storage.

## 1. Introduction: Account Creation API

With the release of [iOS](https://www.corbado.com/blog/webauthn-errors), iPadOS, macOS and visionOS 26, Apple is
accelerating the transition to a passwordless future. One unexpected new features of its
[passkey strategy](https://www.corbado.com/blog/passkeys-product-design-strategy) is the new **Passkey Account
Creation API**, a powerful tool that offers what Apple describes as _"the fastest, easiest
way to create a new account and it gives you a passkey from the start."_ For
[iOS](https://www.corbado.com/blog/webauthn-errors) developers, this API represents a great opportunity to
enhance the user onboarding experience. This article provides a comprehensive look at the
**iOS Passkey Account Creation API**, its benefits and how you can integrate it into your
applications.

![passkey account creation api](https://s3.eu-central-1.amazonaws.com/corbado-cloud-staging-website-assets/passkey_account_creation_api_1d6c50877a.png)

## 2. What is the Passkey Account Creation API?

**Apple's Passkey Account Creation API** revolutionizes account onboarding by enabling a
streamlined, one-step sign-up flow. Instead of traditional forms that require users to
manually enter details and create a password, the system presents a pre-filled sign-up
sheet. This sheet requests for example the user's name and email or phone number and
automatically generates a passkey for the new account. With a simple confirmation and Face
ID or Touch ID authentication, the user is signed up and logged in - no password required.
This makes the **account passkey creation on iOS** process incredibly smooth.

Necessary information like name and email is pre-populated from the user's device data,
though it remains editable.

Crucially, this flow establishes a passkey as the default credential for every new
account. This passkey is saved to the user's [iCloud Keychain](https://www.corbado.com/glossary/icloud-keychain)
by default, or to a third-party credential manager (e.g.
[Dashlane](https://www.corbado.com/blog/dashlane-passkeys) or
[1Password](https://www.corbado.com/blog/1password-passkeys-best-practices-analysis)) if supported and selected
by the user, ensuring the account is protected by a
[phishing](https://www.corbado.com/glossary/phishing)-resistant credential from day one. An account created on an
iPhone is instantly available on their iPad or Mac (as the passkey is synced) with prompts
for [automatic passkey login](https://www.corbado.com/blog/passkey-login-best-practices). This cross-device
convenience dramatically reduces friction.

## 3. How does the Account Creation API work?

Adopting the **Passkey Account Creation API** means leveraging a system-provided UI
instead of building your own sign-up form. The system displays a native sign-up sheet that
clearly outlines the requested information (like email, phone number, and name) and
informs the user that a passkey will be created. This transparency, consistent with system
behaviors like Sign in with Apple, helps build
[user trust](https://www.corbado.com/faq/fallback-management-user-trust-passkey-retention). The API allows you to
specify whether you need an email or phone number, and the sheet automatically pre-fills
this contact information along with the user's name if requested, from their iCloud
Keychain data.

Upon user confirmation via [Face ID](https://www.corbado.com/faq/is-face-id-passkey) or Touch ID, the device
seamlessly creates a new passkey credential for your app's domain
([relying party](https://www.corbado.com/glossary/relying-party)). Behind the scenes, a new key pair is
generated, and the private key is stored securely on the device. The public key is then
sent to your server, allowing you to associate it with the new account in place of a
password.

## 4. Implementing the Passkey Account Creation API

Integrating the **Apple Passkey Account Creation API** is straightforward, as it's part of
the `AuthenticationServices` framework. You'll primarily work with the
`ASAuthorizationAccountCreationProvider` class.

The process begins by creating a passkey registration request. You'll initialize an
`ASAuthorizationAccountCreationProvider` and call its
`createPlatformPublicKeyCredentialRegistrationRequest` method, specifying a few key
parameters:

- **`acceptedContactIdentifiers`**: Define the user identity types your app accepts, such
  as `.email` or `.phoneNumber`.
- **`shouldRequestName`**: A boolean to indicate if your app requires the user's name.
- **`relyingPartyIdentifier`**: Your service's domain name.
- **`challenge`**: A one-time challenge from your server to secure the registration.
- **`userID`**: A new, unique identifier for the user account.

Next, you'll use an `ASAuthorizationController` to perform the request. In SwiftUI, you
can easily access this from the environment. Once the user completes the native UI flow,
you'll receive an `ASAuthorizationResult`. If successful, this will be a
`.passkeyAccountCreation` result containing the user's details and the new
`ASAuthorizationPlatformPublicKeyCredential`. With this information, you can create the
user account in your database, store the public key, and log them into your app.

Here is a simplified Swift snippet illustrating the implementation for an **iOS passkey
account creation**:

```swift
@Environment(\.authorizationController) var authorizationController  // SwiftUI environment controller

func performPasskeySignUp() async throws {
    let provider = ASAuthorizationAccountCreationProvider()
    let request = provider.createPlatformPublicKeyCredentialRegistrationRequest(
        acceptedContactIdentifiers: [.email, .phoneNumber],
        shouldRequestName: true,
        relyingPartyIdentifier: "example.com",
        challenge: try await fetchChallenge(),      // retrieve registration challenge from server
        userID: try await fetchNewUserID()          // obtain a new unique user ID from server
    )
    do {
        let result = try await authorizationController.performRequest(request)
        if case .passkeyAccountCreation(let account) = result {
            // Success: use `account` to get user details and public key credential
            // e.g., account.contactIdentifier (email/phone), account.name, account.credential
            // TODO: Send account.credential.publicKey to your server to register the new user
            // Then sign the user in to the app
        }
    } catch ASAuthorizationError.deviceNotConfiguredForPasskeyCreation {
        // Device not ready (e.g. no device passcode) – fall back to regular sign-up form
        showStandardSignUpForm()
    } catch ASAuthorizationError.canceled {
        // User canceled the sheet – fall back to regular sign-up form
        showStandardSignUpForm()
    } catch ASAuthorizationError.preferSignInWithApple {
        // User already has an account via Sign in with Apple – direct them to sign in with Apple
        await handleSignInWithAppleFlow()
    } catch {
        // Handle other errors (e.g. network issues)
        print("Passkey sign-up failed: \(error)")
    }
}
```

## 5. Handling Edge Cases & Best Practices

A real implementation requires handling edge cases gracefully. If the device isn't
configured for [passkey creation](https://www.corbado.com/blog/passkey-creation-best-practices) (e.g. no passcode
is set), the API will throw a `deviceNotConfiguredForPasskeyCreation` error. Similarly, if
the user cancels the flow, a `canceled` error is thrown. In both scenarios, your app
should fall back to a traditional sign-up method to ensure users can still create an
account.

A special case is the `preferSignInWithApple` error, which indicates the user may already
have an account through Sign in with Apple. The best practice here is to immediately
initiate a Sign in with Apple flow to avoid creating duplicate accounts.

![ios account creation api](https://s3.eu-central-1.amazonaws.com/corbado-cloud-staging-website-assets/ios_account_creation_api_63a40cd8a7.png)

To create the best user experience, consider implementing an automatic sign-in prompt on
app launch. By checking for existing credentials when the app opens, you can offer to sign
the user in instantly. This is particularly powerful for cross-device experiences,
enhancing re-engagement. Finally, be sure to thoroughly test the new flow and your
fallback mechanisms on various devices and configurations. A practical example of this
seamless experience can be seen when a user quickly switches accounts on
[iOS](https://www.corbado.com/blog/webauthn-errors), demonstrating how effortless and intuitive passkey-based
sign-ins have become.

![switch account identifier ios](https://s3.eu-central-1.amazonaws.com/corbado-cloud-staging-website-assets/switch_account_identifier_ios_01946d0055.png)

## 6. Conclusion and Next Steps

Apple's new **Passkey Account Creation API** is a significant step to spread passkeys even
further making user onboarding frictionless and secure by default. By eliminating
passwords at the point of creation, it offers a superior user experience and robust
protection against [phishing](https://www.corbado.com/glossary/phishing).

As an iOS developer, adopting this API will not only improve your sign-up conversion and
security but also signal to users that your app is modern and privacy-conscious. As Apple
emphasized at WWDC, developer adoption is key to making a passwordless world a reality. To
get started, dive into Apple's official documentation for the `AuthenticationServices`
framework and explore the sample code for `ASAuthorizationAccountCreationProvider`. Now is
the perfect time to build a passwordless future into your apps!

## Frequently Asked Questions

### What parameters does ASAuthorizationAccountCreationProvider require to register a passkey?

The `createPlatformPublicKeyCredentialRegistrationRequest` method requires five
parameters: `acceptedContactIdentifiers` (`.email` or `.phoneNumber`), `shouldRequestName`
(boolean), `relyingPartyIdentifier` (your domain), a server-issued one-time `challenge`
and a new unique `userID`. The challenge and userID must be fetched from your server
before each registration attempt.

### How should I handle the deviceNotConfiguredForPasskeyCreation error in the Passkey Account Creation API?

This error fires when the user's device has no passcode set, making passkey creation
impossible. Fall back to a traditional sign-up form so users can still create an account.
The `canceled` error, thrown when a user dismisses the sheet, requires the same fallback
approach.

### What information does the Passkey Account Creation API pre-fill and where does it come from?

The native sign-up sheet pre-fills the user's name, email and phone number from their
iCloud Keychain data. Developers control which fields appear using the
`acceptedContactIdentifiers` parameter and the `shouldRequestName` boolean. All pre-filled
information remains editable by the user before confirmation.

### How does the Passkey Account Creation API improve sign-up conversion compared to traditional forms?

By replacing manual data-entry forms with a pre-filled system sheet confirmed via Face ID
or Touch ID, the API reduces sign-up steps to a single confirmation gesture. The passkey
syncs to iCloud Keychain immediately, so the new account is available on all linked Apple
devices without any additional setup.