Authentication API
Aerostack provides a flexible authentication system. All endpoints are under:
/api/v1/public/projects/:projectSlug/authTwo Sign-in Flows
Your project can support one or both. Configure in Dashboard → Project → Auth:
| Flow | Password required? | When to use | API |
|---|---|---|---|
| Password sign-in | Yes | Traditional web apps, forms with email + password | Register, Login |
| Passwordless (OTP) | No | Modern mobile apps, single-screen sign-in (email/phone → OTP → token) | OTP Send, OTP Verify |
Password sign-in is always available when auth is enabled. Passwordless (OTP) must be enabled in Auth settings — user enters email or phone, receives a code, verifies, and gets a token. No password field.
See Configuration scenarios for per-method examples, request/response, and UI hints.
Auth Methods (Passwordless Options)
When Passwordless (OTP) is enabled, choose how users identify:
| Method | Description | API |
|---|---|---|
| Email OTP only | User enters email, receives code via email | OTP Send, OTP Verify |
| Phone OTP only | User enters phone, receives code via SMS | OTP Send, OTP Verify |
| Both | User chooses email or phone | OTP Send, OTP Verify |
Configure Sign-in method in Auth settings. Email OTP requires an Email Provider (Resend/SES). Phone OTP requires an SMS provider (MSG91 or Twilio).
Endpoints
| Endpoint | Description |
|---|---|
| POST /register | Create new users (email + password) |
| POST /login | Authenticate with email and password |
| POST /otp/send | Send OTP to email or phone |
| POST /otp/verify | Verify OTP and get JWT |
| GET /me | Get current user (requires JWT) |
| GET /verify-email | Verify email with token from email |
| POST /resend-verification | Resend verification email |
| POST /reset-password-request | Request password reset email |
| POST /reset-password | Set new password with reset token |
Each endpoint page includes request/response shapes, error codes, and a Try it playground where applicable.