Wiki · Concept · Last reviewed June 25, 2026

Credential Management API

The Credential Management API is the browser mediation surface behind navigator.credentials: a common entry point where websites request, create, store, or block silent use of credentials while the user agent manages credential stores, prompts, and credential-type extensions.

Snapshot

Definition

The Credential Management API is a web platform API family for letting a website interact with credentials through the user agent rather than by scraping forms, guessing password-manager behavior, or inventing a separate prompt for each credential technology. The W3C Level 1 draft defines the base Credential interface and the CredentialsContainer exposed as navigator.credentials.

The API is not one credential format. It is a mediation layer. Level 1 defines password and legacy federated credential interfaces, while other specifications extend or use the same browser surface. WebAuthn defines PublicKeyCredential for scoped public-key authentication, FedCM defines a browser-mediated federated-login flow, and the Digital Credentials API covers mediated presentation and issuance of wallet-style credentials.

The term should stay close to Digital Identity, NIST Digital Identity Guidelines, Device Bound Session Credentials, and AI Agent Identity, because credential retrieval, authentication, session continuity, authorization, and delegated machine action are related but separate controls.

Current Context

Credential Management Level 1 remains draft standards work. W3C's publication history lists a July 2, 2026 Working Draft, and the status text says Working Draft publication does not imply W3C endorsement and that the document should be cited as work in progress. That matters because production behavior depends on browser implementation, credential type, origin context, enterprise policy, and platform credential managers.

The live web platform is layered. MDN summarizes the API around four credential families: password credentials, federated identity credentials, one-time-password credentials, and WebAuthn public-key credentials. But that summary is an implementation-facing map, not proof that every browser supports every credential type in the same way. Operational claims should name the browser, version, operating system, credential type, mediation mode, and test date.

The identity stack around the API is also changing. WebAuthn Level 3 is a W3C Candidate Recommendation Snapshot dated May 26, 2026. The Digital Credentials API is a separate W3C Working Draft dated June 26, 2026. FedCM's W3C technical report remains a First Public Working Draft dated August 20, 2024. These documents can share vocabulary and browser entry points, but they should not be collapsed into one "credential API" claim.

How It Works

The basic pattern is simple. A site can ask the browser to create or store a credential after a successful sign-in, and later ask the browser to retrieve a credential that may help sign the user back in or complete a step-up ceremony. The W3C draft exposes this through a secure-context API on navigator.credentials.

The W3C draft frames the API as a way to reduce brittle sign-in heuristics. Browsers already save passwords and fill forms, but that behavior often depends on guessing which forms, redirects, and page states mean sign-in, sign-out, password change, or account switch. Credential Management lets a cooperating site tell the browser that a credential worked, should be stored, should be retrieved, or should stop being available silently.

Origin and embedding context matter. The Level 1 draft treats credentials as effective for origins, exposes the API only in secure contexts, and restricts some password and federated credential collection to contexts that are same-origin with their ancestors. Those boundaries are part of the security model; a credential prompt in an embedded, cross-origin, or automated browsing context should not be treated as equivalent to a first-party login form.

Credential Boundaries

User Mediation

User mediation is the core governance concept. A credential request can be silent, optional, conditional, or required depending on credential type and browser support. Silent access may support seamless return visits, but it also changes the privacy and accountability meaning of a page load because a session may be restored before the user has made a fresh choice.

The preventSilentAccess() method matters because it lets a site tell the browser that automatic sign-in should stop for an origin, such as after sign-out. The draft warns that a careless or malicious site could neglect this call, so users still need browser controls to require mediation and remove stored credentials.

For high-impact flows, mediation should be treated as an evidence event rather than a UI detail. The record should distinguish whether the browser showed a chooser, whether the request was silent, whether the user selected an account or authenticator, whether the site was switching users, and whether the session gained new authority after the ceremony.

Agent Context

For browser agents, credential mediation is a boundary between authentication and delegation. A credential proves or helps establish who the user is to a site. It does not prove that an agent should be allowed to read every account page, submit every form, buy goods, change settings, or share identity attributes.

An agent should not scrape, store, replay, or infer credentials from page content. It should treat browser credential prompts as privileged ceremonies that require user intent. If an agent sees a sign-in surface, password manager prompt, passkey prompt, FedCM prompt, or digital-credential prompt, the governance record should distinguish the user's authentication act from any later agent action.

The safest pattern is explicit delegation after authentication. A user may sign in with a password, passkey, OTP, federated account, or digital credential, but the agent still needs scoped authority, a task purpose, time limits, approvals for high-impact actions, and revocation. A borrowed human browser session is not an agent identity model.

Governance Use

A useful implementation keeps credential mediation visible in AI Audit Trails and security logs without exposing secrets. It records when a credential request was initiated, which origin requested it, which credential type was involved, whether a user-facing chooser or prompt appeared, whether silent access was blocked or permitted, and what authority became available after sign-in.

This is especially important for AI browsers and computer use. Automated browsing can make login feel like an implementation detail, but login changes the legal, financial, and privacy context of every later action. Credential Management should be treated as a control surface, not a convenience hook.

NIST SP 800-63-4 is useful context because it separates authentication, federation, assurance levels, session management, and wallets. Credential Management can participate in a sign-in ceremony, but governance still has to answer which assurance level is needed, what session was created, which party is relying on the credential, and which later actions require step-up authentication or human confirmation.

Limits

The API does not replace strong authentication, authorization, fraud controls, session security, account recovery, or step-up confirmation. A password credential remains a password credential. A public-key credential inherits WebAuthn's stronger phishing resistance, but the Credential Management surface itself does not decide what a post-login agent may do.

It also does not make scripts, extensions, iframes, or automated browsers trustworthy. Password credentials can still be exposed to JavaScript when returned to the site, sessions can still be abused after sign-in, and a compromised browser environment can still act with the user's authority. Treat the API as a mediation surface, not a complete security boundary.

Implementation is browser-dependent. The W3C draft describes the intended model; MDN and browser documentation should be checked for current support and behavior. Operational claims should name the browser, credential type, mediation setting, origin, embedding context, and date tested.

Minimum Evidence Record

For agent-mediated login or high-impact browser automation, preserve enough evidence for security review, incident response, and user contestability without turning credentials into logs.

Defense Pattern

Source Discipline

Use the W3C Credential Management draft and publication history for the core API and standards status; WebAuthn for public-key credential claims; FedCM for browser-mediated federated sign-in claims; Digital Credentials for wallet-style presentation and issuance claims; NIST SP 800-63-4 for authentication, federation, session, and assurance framing; and MDN or browser documentation for implementation-facing interface summaries. Do not collapse those layers into one identity system.

When writing implementation claims, say exactly which browser, version, operating system, credential type, method, mediation mode, origin relationship, and date were tested. "Supports Credential Management" is too broad to be useful unless the credential type and ceremony are named.

Spiralist Reading

Spiralism reads Credential Management as a struggle over who stages identity. A website wants seamless return. A browser wants a trustworthy ceremony. A user wants convenience without surrendering all future context. An agent wants the task to continue.

The humane design is not silent magic. It is legible mediation: this origin is asking, this credential type is involved, this user chose, and this later action is separate from the act of signing in.

Open Questions

Sources


Return to Wiki