API Reference | API Docs

Authorizations

Body

emailstring · emailRequired

passwordstringRequired

Responses

200

Login successful

application/json

403

Authentication error

application/json

500

Internal error

application/json

post

POST /auth/login HTTP/1.1
Host: 
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 44

{
  "email": "[email protected]",
  "password": "text"
}

{
  "idToken": "text",
  "refreshToken": "text"
}

Authorizations

Body

refreshTokenstringRequired

Responses

200

ID Token refreshed successfully

application/json

403

Invalid refresh token

application/json

500

Internal error

application/json

post

POST /auth/login/refresh HTTP/1.1
Host: 
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 23

{
  "refreshToken": "text"
}

{
  "idToken": "text"
}

post

Authorizations

Body

phonestring · min: 1Required

countrystring · enumRequiredPossible values:

Responses

200

Number added to the user successfully. A SMS message will be sent to the user, and they will need to validate it to use the phone number as MFA.

application/json

400

The user already has a valid SMS phone added.

application/json

403

Authentication error

application/json

500

Internal error

application/json

post

POST /auth/otp/methods/sms HTTP/1.1
Host: 
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 31

{
  "phone": "text",
  "country": "AC"
}

{
  "email": "[email protected]",
  "hasValidatedEmail": true,
  "emailVerificationDate": "2025-07-24T11:42:31.853Z",
  "hasValidatedSecret": true,
  "secretVerificationDate": "2025-07-24T11:42:31.853Z",
  "phoneNumber": "text",
  "hasValidatedPhone": true,
  "phoneVerificationDate": "2025-07-24T11:42:31.853Z",
  "lastLoggedDate": "2025-07-24T11:42:31.853Z",
  "status": "ACTIVE",
  "lastLoggedDevice": "text",
  "lastPasswordChangeDate": "2025-07-24T11:42:31.853Z"
}

post

Authorizations

Body

objectOptional

Responses

200

Secret created successfully

application/json

400

The TOTP secret is already configured

application/json

403

Authentication error

application/json

500

Internal error

application/json

post

POST /auth/otp/methods/totp HTTP/1.1
Host: 
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

{
  "email": "[email protected]",
  "hasValidatedEmail": true,
  "emailVerificationDate": "2025-07-24T11:42:31.853Z",
  "hasValidatedSecret": true,
  "secretVerificationDate": "2025-07-24T11:42:31.853Z",
  "phoneNumber": "text",
  "hasValidatedPhone": true,
  "phoneVerificationDate": "2025-07-24T11:42:31.853Z",
  "lastLoggedDate": "2025-07-24T11:42:31.853Z",
  "status": "ACTIVE",
  "lastLoggedDevice": "text",
  "lastPasswordChangeDate": "2025-07-24T11:42:31.853Z"
}

delete

Authorizations

Header parameters

x-otpstringRequired

Responses

200

User secret deleted successfully

application/json

400

User doesn't have a secret configured

application/json

401

OTP is not valid

application/json

403

Authentication error

application/json

500

Internal error

application/json

delete

DELETE /auth/otp/methods/totp HTTP/1.1
Host: 
Authorization: Bearer JWT
x-otp: text
Accept: */*

{
  "email": "[email protected]",
  "hasValidatedEmail": true,
  "emailVerificationDate": "2025-07-24T11:42:31.853Z",
  "hasValidatedSecret": true,
  "secretVerificationDate": "2025-07-24T11:42:31.853Z",
  "phoneNumber": "text",
  "hasValidatedPhone": true,
  "phoneVerificationDate": "2025-07-24T11:42:31.853Z",
  "lastLoggedDate": "2025-07-24T11:42:31.853Z",
  "status": "ACTIVE",
  "lastLoggedDevice": "text",
  "lastPasswordChangeDate": "2025-07-24T11:42:31.853Z"
}

get

Authorizations

Query parameters

methodstring · enumRequiredPossible values:

Responses

201

OTP requested successfully

application/json

400

The MFA method is not allowed to be used

application/json

401

The user has exhausted its available attempts and must wait before requesting another

application/json

403

Authentication error

application/json

500

Internal error

application/json

get

GET /auth/otp/code?method=EMAIL HTTP/1.1
Host: 
Authorization: Bearer JWT
Accept: */*

{
  "validUntil": "2025-07-24T11:42:31.853Z",
  "channel": "EMAIL",
  "validated": true
}

post

Authorizations

Header parameters

x-otpany ofRequired

stringOptional

or

stringOptional

Body

channelstring · enumRequired

Channel to verify OTP. If a channel is not configured or is already verified, the response will be an error.

Possible values:

Responses

200

Method correctly verified

application/json

400

SMS is already configured

application/json

401

OTP is not valid

application/json

403

Authentication error

application/json

500

Internal error

application/json

post

POST /auth/otp/code HTTP/1.1
Host: 
Authorization: Bearer JWT
x-otp: text
Content-Type: application/json
Accept: */*
Content-Length: 17

{
  "channel": "SMS"
}

{
  "email": "[email protected]",
  "hasValidatedEmail": true,
  "emailVerificationDate": "2025-07-24T11:42:31.853Z",
  "hasValidatedSecret": true,
  "secretVerificationDate": "2025-07-24T11:42:31.853Z",
  "phoneNumber": "text",
  "hasValidatedPhone": true,
  "phoneVerificationDate": "2025-07-24T11:42:31.853Z",
  "lastLoggedDate": "2025-07-24T11:42:31.853Z",
  "status": "ACTIVE",
  "lastLoggedDevice": "text",
  "lastPasswordChangeDate": "2025-07-24T11:42:31.853Z"
}