The WebAuthn API allows RelyingParties to integrate with strong authenticators such as Windows Hello, Apple TouchId or roaming security keys. The specification was written by W3C and FIDO with contributions by Google, Mozilla, Microsoft and Yubico, and is supported by most modern browsers.
Through the WebAuthn API, in a process called attestation, a public-private keypair bound to a RelyingParty is created. If the authenticator supports usernameless/credential discovery via residence keys the private key is stored on the authenticator. Otherwise, the created private key is encrypted using the private key that never leaves the authenticator and stored by the RelyingParty. The WebAuthn API can then be used to request an authentication using the credential created during the registration/attestation process allowing for usernameless/passwordless authentication.
Both the Attestation and Authentication WebAuthn processes are configurable, for a full list of options see Attestation, Authentication