# Mobile Auth
### OTP Login
The OTP login is based on a single login without a password. This kind of login is based on two steps:
1. A request to provide the sign-in code to the user via email
2. A second endpoint to verify the code.
### Refresh Token
The login endpoint will provide several fields for the user session. The most important one is the `accessToken` as `JWT` that will represent the user identity on each request.\
\
This `accessToken` has an expiration time to protect the user's identity when he is out of the platform. If the user interacts with the platform, the session needs to be refreshed to get a new `accessToken`\
\
The API uses a `refreshToken` to prevent users from entering the OTP Login several times: The client needs to save the `refreshToken` obtained from the Login and use it to refresh the user access token (`JWT)` \
\
This way, the client can save the last valid `refreshToken` for the future and obtain the user credentials. Avoiding the login step.
## OTP Login Request
`POST` `https://kend.elixir.app/sdk/auth/v2/signin/otp-login`
In this request, the user must submit his email address, the server will then validate the address and, if every check is passed, send an email with the code to it.\
\
The client must save the transaction id in order to verify the code in the next step.
#### Headers
| Name | Type | Description |
| ------------------------------------------- | ------ | ---------------------------------------------- |
| x-api-key\* | String | Public Key obtained in the developer dashboard |
#### Request Body
| Name | Type | Description |
| --------------------------------------- | ------ | -------------------------------- |
| email\* | String | User email provided in the input |
{% tabs %}
{% tab title="200: OK Production" %}
```javascript
{
"code": 1,
"success": true,
"data": {
"transactionId": "0306d0b1-bb5c-4a9b-aa55-8b56fe659168"
}
}
```
{% endtab %}
{% tab title="400: Bad Request Failed response" %}
```javascript
{
"code": -1,
"success": false,
"error": {
"status": 400,
"code": 1001,
"message": "Invalid API Key"
}
}
```
{% endtab %}
{% endtabs %}
## OTP Login Verify
`POST` `https://kend.elixir.app/sdk/auth/v2/signin/otp-verify`
This endpoint completes the process of the OTP Login.\
\
Here the user must provide the code so the API can validate it for the current transaction id.
#### Headers
| Name | Type | Description |
| ------------------------------------------- | ------ | ---------------------------------------------- |
| x-api-key\* | String | Public Key obtained in the developer dashboard |
#### Request Body
| Name | Type | Description |
| ----------------------------------------------- | ------ | ----------------------------------------- |
| transactionId\* | String | OTP Login transaction id from the request |
| code\* | String | Code from user input |
{% tabs %}
{% tab title="200: OK Login credentials" %}
```javascript
{
"code": 1,
"success": true,
"data": {
"token": "eyJhbGciOiJIU...",
"tokenExpiry": 1678126661453,
"tokenLifeMS": 30000000000,
"refreshToken": "210...5bc",
"user": {
"_id": "6d3...5d",
"status": "ACTIVE",
"banReason": null
},
"newAccount": false // True if its a register
}
}
```
{% endtab %}
{% tab title="400: Bad Request Failed response" %}
```javascript
{
"code": -1,
"success": false,
"error": {
"status": 400,
"code": 1001,
"message": "Invalid API Key"
}
```
{% endtab %}
{% endtabs %}
## Refresh Session
`POST` `https://kend.elixir.app/sdk/auth/v2/session/refresh`
The client will use the refreshToken obtained at the login verification and will use it on this request to extend the user access token.\
\
When the client does not have a valid access token, this request will provide the corresponding credentials for the given refreshToken.
#### Headers
| Name | Type | Description |
| ------------------------------------------- | ------ | ---------------------------------------------- |
| x-api-key\* | String | Public Key obtained in the developer dashboard |
#### Request Body
| Name | Type | Description |
| ---------------------------------------------- | ------ | ------------- |
| refreshToken\* | String | Refresh token |
{% tabs %}
{% tab title="200: OK Successful response" %}
```javascript
{
"code": 1,
"success": true,
"data": {
"token": "eyJhbGciOiJIUzUxMi...",
"tokenExpiry": 1678138840184,
"tokenLifeMS": 30000000000,
"refreshToken": "31e...c95",
"user": {
"_id": "aea...36",
"status": "ACTIVE",
"banReason": ""
}
}
}
```
{% endtab %}
{% tab title="400: Bad Request " %}
```javascript
{
"code": -1,
"success": false,
"error": {
"status": 400,
"code": "INVALID_REFRESH_TOKEN"
}
}
```
{% endtab %}
{% endtabs %}
## Sign Out
`POST` `https://kend.elixir.app/sdk/auth/v2/session/signout`
This endpoint allows the user to remove the current session from the client.
#### Headers
| Name | Type | Description |
| ----------------------------------------------- | ------ | ---------------------------------------------- |
| x-api-key\* | String | Public Key obtained in the developer dashboard |
| authorization\* | String | "Bearer \" |
{% tabs %}
{% tab title="200: OK Success message" %}
```javascript
{
"code": 1,
"success": true,
"data": {
"message": "Session closed successfully for this device"
}
}
```
{% endtab %}
{% tab title="400: Bad Request " %}
```javascript
{
"code": -1,
"success": false,
"error": {
"status": 400,
"code": 1000,
"message": "Invalid Credentials!"
}
}
```
{% endtab %}
{% endtabs %}
## QR Verify
`POST` `https://kend.elixir.app/sdk/auth/v2/signin/qr-verify`
Obtain the user credentials by scanning QR code available on Elixir > My Account > Security
#### Headers
| Name | Type | Description |
| ------------------------------------------- | ------ | ---------------------------------------------- |
| x-api-key\* | String | Public Key obtained in the developer dashboard |
#### Request Body
| Name | Type | Description |
| ----------------------------------------- | ------ | ---------------------------------------- |
| qrValue\* | String | Value obtained from scanning the QR code |
{% tabs %}
{% tab title="200: OK " %}
```javascript
{
"code": 1,
"success": true,
"data": {
"token": "eyJhbGciOiJIU...",
"tokenExpiry": 1703309445119,
"tokenLifeMS": 31557600000,
"refreshToken": "5fb...38e"
}
}
```
{% endtab %}
{% tab title="400: Bad Request " %}
```javascript
{
"code": -1,
"success": false,
"error": {
"status": 400,
"code": 1000,
"message": "Invalid Credentials!"
}
}
```
{% endtab %}
{% endtabs %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.elixir.app/api-docs/api-docs-1/mobile-auth.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.