Login via Email OTP

The Passwordless Login via Email OTP (One-Time Password) feature allows users to authenticate securely without requiring a traditional password. Instead, users receive a temporary verification code by email and use it to complete the login process.

The login flow consists of two main stages: requesting an OTP and verifying the OTP.

Step-by-Step Description

1. Request OTP Code

• Endpoint: POST /api/v1/users/auth/passwordless/email/generate-otp

• Purpose: Initiates an OTP session and sends the code to the user’s registered email.

• Request Body:

  Copy

  {
    "emailAddress": "[email protected]"
  }

• Response:

  Copy

  {
    "success": true,
    "statusCode": 200,
    "message": "The request was successful.",
    "data": "ojLdGCcokeTyaseHvSAJtQh3ho2ey5jf8IdOimzlOS/ObjKMCh0e/NWomcYddisNYVPUEs1XRCcdq5oBNPiHEXRrhf7LY7mrJsALH0KXGv+mWscLpCfSINMA/5wf5Tyw4wcRKPIKZTUtOX49zpVRpcaRpIk9NqTNKNK243fXEQmqAsIWYWO1MDXuonI123WWncNCnBzRbdqAzkd3hQzix+dYLMq4zO76HSNtkjVCZw2nS3+ZM=",
    "errors": []
  }

2. Receive OTP via Email

• The user checks their email inbox for the OTP code.

• OTP is time-limited (e.g., valid for 5 minutes) and single-use only.

3. Verify OTP Code

• Endpoint: POST /api/v1/users/auth/passwordless/email/verify-otp

• Purpose: Validates the OTP and issues access tokens.

• Request Body:

  Copy

  {
    "code": "123456",
    "token": "TOKE_PREVIOUS_GENERATE"
  }

• Response:

  Copy

  {
    "authKey": "AUTH_KEY_VALUE",
    "refreshKey": "REFRESH_KEY_VALUE"
  }