Getting Started
The TreyMellon JavaScript SDK lets you add passwordless authentication with Passkeys / WebAuthn to your web app. It handles the full browser flow and returns a session_token that your backend can validate and use to create your own session.
What this SDK does
- Handles the full Passkey flow in the browser
- Talks to the TryMellon API
- Returns a
session_tokenyour backend can verify - Handles Base64URL ↔ ArrayBuffer conversion
- Emits events for better UX (e.g. spinners)
- Supports email fallback (OTP) when WebAuthn is unavailable
- Retries with exponential backoff and validates all inputs
What it does not do
- It does not create user sessions (your backend does)
- It does not replace your auth system
- It does not store end users or cookies
Installation
npm install @trymellon/jsRequirements
- A browser with WebAuthn support (Chrome, Safari, Firefox, Edge)
- HTTPS (required except on
localhost) - An Application created in the TreyMellon dashboard with your origin configured
Quickstart
import { TryMellon } from '@trymellon/js'
const client = new TryMellon({
appId: 'app_live_xxxx', // From your TreyMellon dashboard
apiKey: 'key_live_xxxx', // Application API key
})
// Register passkey
const registerResult = await client.register({ externalUserId: 'user_123' })
if (registerResult.ok) {
console.log('Session token:', registerResult.value.session_token)
}
// Authenticate
const authResult = await client.authenticate({ externalUserId: 'user_123' })
if (authResult.ok) {
console.log('Session token:', authResult.value.session_token)
}Then send the session_token to your backend (e.g. POST /api/login with { session_token }) and validate it with TryMellon before creating your own session. See Backend validation for details.
Demo vs production
The live demo on this site may use a simplified client configuration (e.g. only apiBaseUrl) for the public try-out. For your own app you must use appId and apiKey from your TreyMellon dashboard, as shown in the Quickstart above.