Skip to content

POST /auth/otp/send

Send a one-time code for passwordless sign-in — no password field. User enters email or phone, receives a code, then verifies with POST /auth/otp/verify to get a token.

Email OTP delivers the code via email; Phone OTP delivers via SMS. Which method is available depends on your project’s Auth settings (Sign-in method: Email OTP only, Phone OTP only, or Both).

When Auto-create user on first OTP is enabled, a new account is created if the identifier (email or phone) doesn’t exist yet.

POST /v1/public/projects/:projectSlug/auth/otp/send

Send either email or phone—one is required. Which is accepted depends on your project’s otp_channels (Email OTP only, Phone OTP only, or Both).

FieldTypeRequiredDescription
emailstringOne of email/phoneEmail address (valid format)
phonestringOne of email/phonePhone in E.164 format (e.g. +919876543210)
{
"email": "user@example.com"
}
{
"phone": "+919876543210"
}
{
"message": "OTP sent successfully",
"accountExists": true
}
FieldTypeDescription
messagestringSuccess message
accountExistsbooleantrue if the user already had an account; false if a new user was created (when auto-create is enabled)
Status CodeDescription
400Invalid request: missing/ invalid email or phone; or “Phone OTP is not enabled for this project” / “Email OTP is not enabled for this project” when using an identifier your project doesn’t support
400”No account found. Please sign up first.” when identifier is unknown and auto-create is disabled
429Too many OTP requests (rate limited)
POSThttps://api.aerostack.dev/v1/public/projects/your-project/auth/otp/send