Skip to content
My Docs

Login with phone and otp code

POST
/sessions/phone

Will generate a session token for the user using phone and otp code

Flow:

  1. Validate request.
    - phoneNumber and otpCode are required.
    - Validate phoneNumber should be a valid phone.
    - Device info are coming from headers, and they’re optional.
  2. Validate user with the phoneNumber should exists
  3. Validate user status is not blocked or paused
  4. Get OTP code from cache. (cache set in POST /otp)
  5. Validate OTP code from request should be the same as the one in cache.
  6. Insert to device table
  7. Generate refresh token and insert to refresh_token table
  8. Update user’s last_active_at
  9. Delete OTP code from cache.
  10. Generate JWT access token and return to user.

Authorizations

Section titled “Authorizations ”

Request Body

Section titled “Request Body ”

LoginPhoneRequest

object
otpCode
string
222222
phoneNumber
string
+6282243350992

Responses

Section titled “ Responses ”

200

Section titled “200 ”

OK

object
data
object
accessToken
string
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLXNlcnZpY2UiLCJzdWIiOiI2NWI4YTE2MjYzNTEyNjAwMTI3YTQxYTQiLCJleHAiOjE3MzkyNzYwNzMsIm5iZiI6MTczOTI3NTE3MywiaWF0IjoxNzM5Mjc1MTczLCJqdGkiOiJjdWxqbjlhc3A1anJmam83NWdiZyIsImlkIjoiNjViOGExNjI2MzUxMjYwMDEyN2E0MWE0IiwidXNlclR5cGUiOiJETlQiLCJpc0FkbWluIjp0cnVlLCJkZXZpY2VJZCI6MzE4M30.ZuzROGxJ1pq_veRe93Z8bfS5YTzmAp5_wrzTUmvLzk8
expiresIn
integer
900
refreshToken
string
culjn9asp5jrfjo75gc0
tokenType
string
Bearer

400

Section titled “400 ”

Bad request

object
error
string
some meaningful error message

401

Section titled “401 ”

Unauthorized

object
error
string
some meaningful error message

403

Section titled “403 ”

Forbidden

object
error
string
some meaningful error message

404

Section titled “404 ”

Not found

object
error
string
some meaningful error message

500

Section titled “500 ”

Internal server error

object
error
string
some meaningful error message