Skip to main content

Login with OTP

Login with OTP allow users to login with OTP (Password less login) received over their email address or mobile number which makes it more convenient to login.

Implementation of Login with OTP via Bridgekeeper API need few prerequisites from Quintype. Please proceed with implementation once the setup is complete.

API Sequence Diagram

Social Login Web Flow

Login with OTP flow

Below are the steps how we can use login with OTP.

  • User initiates a Send OTP request with a phone number or email address.

    • A POST call is needed to be made to /api/auth/v1/users/send-otp with below body.
      • phone-number phone number to which the user wants the OTP to be sent.
      • email email address to which the user wants the OTP to be sent.
      • always-send=true needs to be passed for the user who doesn't have a account in Bridgekeeper yet.

  • When the user initiates a Send OTP request with a phone number or email, an OTP would be sent as SMS to the phone number or to email address user provided which can be used now for login.

  • On receiving an OTP on email or SMS from the service provider, user needs to makes an POST login call with the phone-number and otp to/api/auth/v1/login.

  • auto-signup=true can be passed in the login body to create a user and then login if he doesn't exist in Bridgekeeper yet.

  • On successful login bridgekeeper returns a user object back and sets the qt-auth in cookies.

  • Post successful login, we can get the user details via GET /api/auth/v1/users/me call using the qt-auth cookie. This returns back the user details with a response code of 200 and the user is shown as logged in.

Sample CURLs

Refer to Swagger API docs for more info on API usage.

Send OTP via phone number

curl --request POST  'https://<client-domain>/api/auth/v1/users/send-otp' \
  -H 'Content-Type: application/json' \
  -H 'Origin: https://<client-domain>' \
  --data-raw '{"phone-number":"+919888888888"}' \

Send OTP via email

curl --request POST  'https://<client-domain>/api/auth/v1/users/send-otp' \
  -H 'Content-Type: application/json' \
  -H 'Origin: https://<client-domain>' \
  --data-raw '{"email":"johndoe@example.com"}' \

Login with phone number

curl --request POST 'https://<client-domain>/api/auth/v1/login' \
  -H 'Content-Type: application/json' \
  -H 'Origin: https://<client-domain>' \
  --data-raw '{"phone-number":"+919888888888","otp":"43210"}' \

Login with email

curl --request POST 'https://<client-domain>/api/auth/v1/login' \
  -H 'Content-Type: application/json' \
  -H 'Origin: https://<client-domain>' \
  --data-raw '{"email":"johndoe@example.com","otp":"43210"}' \