Login via SMS OTP

Passwordless login with SMS OTP provides a secure and convenient way for your users to authenticate without remembering or managing a password. Instead, they receive a one-time passcode (OTP) directly on their mobile phone, which they can use to log in.

Step-by-Step Description

1. Request OTP Code

• Endpoint: POST /api/v1/users/auth/passwordless/phone/generate-otp

• Purpose: Initiates an OTP session and sends the code to the user’s registered phone number.

• Request Body:

  Copy

  {
    "phoneNumber": "+123456789"
  }

• Response:

  Copy

  {
    "success": true,
    "statusCode": 200,
    "message": "The request was successful.",
    "data": "ojLdGCcokeTyaseHvSAJtQh3ho2ey5jf8IdOimzlOS/ObjKMCh0e/NWomcYddisNYVPUEs1XRCcdq5oBNPiHEXRrhf7LY7mrJsALH0KXGv+mWscLpCfSINMA/5wf5Tyw4wcRKPIKZTUtOX49zpVRpcaRpIk9NqTNKNK243fXEQmqAsIWYWO1MDXuonI123WWncNCnBzRbdqAzkd3hQzix+dYLMq4zO76HSNtkjVCZw2nS3+ZM=",
    "errors": []
  }

2. Receive OTP via SMS

• The user checks their sms message for the OTP code.

• OTP is time-limited (e.g., valid for 5 minutes) and single-use only.

3. Verify OTP Code

• Endpoint: POST /api/v1/users/auth/passwordless/phone/verify-otp

• Purpose: Validates the OTP and issues access tokens.

• Request Body:

  Copy

  {
    "code": "123456",
    "token": "TOKE_PREVIOUS_GENERATE"
  }

• Response:

  Copy

  {
    "authKey": "AUTH_KEY_VALUE",
    "refreshKey": "REFRESH_KEY_VALUE"
  }