Skip to content

Configuration Scenarios

Your project’s Auth settings determine which sign-in methods are available. This guide shows what options, fields, and example requests/responses you get for each configuration.

FlowPassword field?UI exampleUse when
Password sign-inYes, requiredSign up form: email, password, name. Login: email, password.Traditional web apps, B2B, forms
Passwordless (OTP)NoSingle screen: email or phone → OTP input → doneMobile apps, modern SaaS, quick onboarding

Password sign-in: Register (create account) + Login (returning users).
Passwordless: OTP Send + OTP Verify. User never sees a password field.

Sign-in methodRegisterOTP SendOTP VerifyCustom fields example
Email onlyemail, password, nameemailemail + codecompany, role
Phone onlyphonephone + code— (phone is identifier)
Bothemail, password, nameemail or phonesame + codephone, company

Configure Sign-in method in Dashboard → Project → Auth.

Password flow (Register + Login):

  1. Sign up: form with email, password, name (optional). Call POST /register.
  2. Sign in: form with email, password. Call POST /login.
  3. Password is required — users must set and remember it.

Passwordless flow (OTP):

  1. Single screen: input for email or phone. Call POST /otp/send.
  2. Next screen: 6-digit OTP input. Call POST /otp/verify with same identifier + code.
  3. No password field — user gets token after verify.

Config: Sign-in method = Email OTP only, or Email + Password without phone OTP.

Available:

Custom fields: Add company, role (or any keys) in Auth → Custom Registration Fields, then send in customFields.

{
"email": "user@example.com",
"password": "StrongPassword123!",
"name": "Jane Doe",
"customFields": {
"company": "Acme Inc",
"role": "Developer"
}
}
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": "user-uuid-here",
"email": "user@example.com",
"name": "Jane Doe"
},
"requiresVerification": false
}
{
"id": "user-uuid",
"email": "user@example.com",
"name": "Jane Doe",
"email_verified_at": null,
"profile_extras": {
"company": "Acme Inc",
"role": "Developer"
}
}

Config: Sign-in method = Phone OTP only. No email+password register in this flow; users are created on first OTP send when auto-create is enabled.

Available:

Custom fields: None collected at OTP signup. phone is the identifier and stored in the user record.

{
"phone": "+919876543210"
}
{
"message": "OTP sent successfully",
"accountExists": false
}
{
"phone": "+919876543210",
"code": "123456"
}
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": "user-uuid-here",
"email": "p9876543210@otp.aerostack.invalid",
"name": null
}
}

Config: Sign-in method = Both (Email or Phone OTP). Register (email+password) is typically also available.

Available:

Custom fields: Add phone (prebuilt) and company in Auth → Custom Registration Fields to collect during register.

Example: Register Request (with phone + company)

Section titled “Example: Register Request (with phone + company)”
{
"email": "user@example.com",
"password": "StrongPassword123!",
"name": "Jane Doe",
"customFields": {
"phone": "+919876543210",
"company": "Acme Inc"
}
}

Same as Scenario 1. Token and user returned.

{
"phone": "+919876543210"
}
{
"email": "user@example.com"
}
{
"phone": "+919876543210",
"code": "123456"
}

Example: GET /me (after register with custom fields)

Section titled “Example: GET /me (after register with custom fields)”
{
"id": "user-uuid",
"email": "user@example.com",
"name": "Jane Doe",
"email_verified_at": null,
"profile_extras": {
"phone": "+919876543210",
"company": "Acme Inc"
}
}