Auth Configuration
Configure which sign-in methods are available in your project: Dashboard → Auth → Configuration.
Sign-in methods
Section titled “Sign-in methods”| Method | Description | Use when |
|---|---|---|
| Email + Password | Traditional sign-up/sign-in with email and password | Web apps, B2B, forms |
| Email OTP | Passwordless sign-in via 6-digit code to email | Mobile apps, modern SaaS |
| Phone OTP | Passwordless sign-in via SMS code | Consumer apps, emerging markets |
| Both | Email+password and/or OTP on email or phone | Maximum flexibility |
Email only
Section titled “Email only”Available endpoints:
POST /auth/register—email,password,name,customFieldsPOST /auth/login—email,passwordPOST /auth/otp/send—email(if OTP enabled)POST /auth/otp/verify—email+code
Example register with custom fields:
{ "email": "user@example.com", "password": "StrongPassword123!", "name": "Jane Doe", "customFields": { "company": "Acme Inc", "role": "Developer" }}Phone only
Section titled “Phone only”Available endpoints:
POST /auth/otp/send—phonePOST /auth/otp/verify—phone+code
Example:
{ "phone": "+919876543210" }// → verify with code{ "phone": "+919876543210", "code": "123456" }Both (email and phone)
Section titled “Both (email and phone)”Available endpoints:
- All of the above
POST /auth/otp/sendaccepts eitheremailorphone
// Passwordless via phone{ "phone": "+919876543210" }
// Passwordless via email{ "email": "user@example.com" }Custom registration fields
Section titled “Custom registration fields”Add custom fields in Dashboard → Auth → Custom Registration Fields. These are stored in profile_extras and returned via GET /me:
// Register{ "email": "user@example.com", "password": "password", "customFields": { "plan": "pro", "company": "Acme" }}
// GET /me response{ "id": "uuid", "email": "user@example.com", "profile_extras": { "plan": "pro", "company": "Acme" }}Email verification
Section titled “Email verification”Toggle Require email verification in the dashboard. When enabled, signUp returns requiresVerification: true and no token is issued until the email is confirmed.
See Email Verification for handling this in your app.
Redirect URLs
Section titled “Redirect URLs”Configure these in Dashboard → Auth → Configuration:
| Setting | Description |
|---|---|
| Email Verification URL | Your app’s /verify-email route — Aerostack appends ?token=... |
| Password Reset URL | Your app’s /reset-password route — Aerostack appends ?token=... |