Login via Email OTP

The Passwordless Login via Email OTP (One-Time Password) feature allows users to authenticate securely without requiring a traditional password. Instead, users receive a temporary verification code by email and use it to complete the login process.

The login flow consists of two main stages: requesting an OTP and verifying the OTP.

Step-by-Step Description

1. Request OTP Code

Endpoint: POST /api/v1/users/auth/passwordless/email/generate-otp
Purpose: Initiates an OTP session and sends the code to the user’s registered email.

Request Body:

{
  "emailAddress": "[email protected]"
}

Response:

{
  "success": true,
  "statusCode": 200,
  "message": "The request was successful.",
  "data": "ojLdGCcokeTyaseHvSAJtQh3ho2ey5jf8IdOimzlOS/ObjKMCh0e/NWomcYddisNYVPUEs1XRCcdq5oBNPiHEXRrhf7LY7mrJsALH0KXGv+mWscLpCfSINMA/5wf5Tyw4wcRKPIKZTUtOX49zpVRpcaRpIk9NqTNKNK243fXEQmqAsIWYWO1MDXuonI123WWncNCnBzRbdqAzkd3hQzix+dYLMq4zO76HSNtkjVCZw2nS3+ZM=",
  "errors": []
}

2. Receive OTP via Email

The user checks their email inbox for the OTP code.
OTP is time-limited (e.g., valid for 5 minutes) and single-use only.

3. Verify OTP Code

Endpoint: POST /api/v1/users/auth/passwordless/email/verify-otp
Purpose: Validates the OTP and issues access tokens.

Request Body:

{
  "code": "123456",
  "token": "TOKE_PREVIOUS_GENERATE"
}

Response:

{
  "authKey": "AUTH_KEY_VALUE",
  "refreshKey": "REFRESH_KEY_VALUE"
}

Last updated 1 month ago

Was this helpful?