# Authentication

Once users are enrolled, customers typically use Keyless to authenticate them at three different steps of a user journey:

* [Login](#login)
* [Step-up](#step-up)
* [Payments](#payments)

### Login <a href="#login" id="login"></a>

{% embed url="<https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMICv0gJkqz9AwvsR8uSs%2Fuploads%2FXbbW0YKuIamzzkgfKtL2%2FDemo%20Oct%202025%20-%20Login.mp4?alt=media&token=fad05185-7b85-4c64-9d20-e2fa312d8d8d>" %}

**Mobile SDK**

Keyless offers Android and iOS SDKs to enable logins from your app's login / account creation page. We also support Flutter and React Native (BETA) bridges.

The captured image is securely encrypted and sent to the Keyless server to verify a match to the originally enrolled user. No biometric data is stored.

For best practise, the Mobile SDK can also generate a Json web Token (JWT) with a custom payload allowing customers to manage and audit any proceeding login session.

Finally, we also support customers who want to offer "PIN authentication" as a fallback option to facial biometrics. While not as secure as facial biometrics, the pin, that customers can create themselves will only work from the device that was enrolled with a face and therefore this is still strong 2-factor authentication.

{% embed url="<https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMICv0gJkqz9AwvsR8uSs%2Fuploads%2F72oSuMXqhdH6tCB0c3Be%2Fimage-20241213-162338.png?alt=media&token=bab42b1e-4536-42e8-8da0-13c189089aa0>" %}

**Find out more →**

* [Mobile SDK](https://docs.keyless.io/consumer/mobile-sdk-guide/authentication)
* [JWT Signing](https://docs.keyless.io/consumer/mobile-sdk-reference/jwt-signing)

**Web SDK**

Customers can also integrate our login flow into their own web based services.

**Find out more →** [WebSDK](https://docs.keyless.io/web-sdk/web-sdk-guide/authentication)

### Step-up <a href="#step-up" id="step-up"></a>

{% embed url="<https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMICv0gJkqz9AwvsR8uSs%2Fuploads%2FOhjGNl7TJzd3mS5pjkC8%2FDemo%20Oct%202025%20-%20Step%20Up.mp4?alt=media&token=f0f9b2c5-1abe-4291-b424-4c05d7b3c0c6>" %}

Keyless provides in-app step-up authentication high-risk actions like address or credential changes, providing stronger security than traditional methods like Passwords or SMS OTPs.

The authentication flow is identical to the [Login](#login) authentication process above, whether via Mobile or WebSDK, though again the [JWT signing](https://docs.keyless.io/consumer/mobile-sdk-reference/jwt-signing) can help customers to verify the change made via a Custom Payload.

### Payment Authentication (PSD2/3 compliant) <a href="#payments" id="payments"></a>

{% embed url="<https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMICv0gJkqz9AwvsR8uSs%2Fuploads%2Fco48b3jAIl0UooeDr4ED%2FDemo%20Oct%202025%20-%20Payment.mp4?alt=media&token=32b4268a-d7f5-42c1-a2f2-0cdd0f6c784c>" %}

Keyless offers dynamic linking for businesses required to comply with PSD2 Strong Customer Authentication (SCA) regulations.

We support this via a User Interface launched via our Mobile SDK, displaying custom payload details such as transfer amounts and recipients.

Upon successful authentication, the SDK issues a JSON Web Token (JWT) containing a signature of the payload that was provided.

As per regulatory requirements, Keyless also allows the customer to set (enroll) a Pin (knowledge factor) to authenticate the transaction as an alternative to face. This pin can also then be authenticated by Keyless upon request, as well as changed or deleted via API.

**Find out more →** [Dynamic Linking](https://docs.keyless.io/consumer/mobile-sdk-use-cases/guide-sca-dynamic-linking), [JWT signing](https://docs.keyless.io/consumer/mobile-sdk-reference/jwt-signing), [PIN](https://docs.keyless.io/consumer/mobile-sdk-reference/pin-authentication)

### No Camera Preview \[BETA]

Additionally, Keyless now offers a "No Camera Preview" variant where, instead of the front-facing camera opening on the user's device, a small icon appears as an overlay.

This option was first released in Q4, 2025 and can be configured via the SDK for any of the Use Cases mentioned on this page for any given authentication for any given user.

{% embed url="<https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMICv0gJkqz9AwvsR8uSs%2Fuploads%2FTJiYpmbsep2H2u5FMU7Q%2FDemo%20Oct%202025%20-%20No%20Camera%20Preview.mp4?alt=media&token=86dfa3ff-22e2-49c3-af9f-efbb17a3e4d3>" %}

**Find out more →** [Camera Preview Customization (BETA)](https://docs.keyless.io/consumer/mobile-sdk-guide/authentication#camera-preview-customization-beta)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keyless.io/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.