Backend Services
- GET/.well-known/jwks.json
- POST/elevate/webauthn
- POST/elevate/webauthn/verify
- HEAD/healthz
- GET/healthz
- POST/link/idtoken
- GET/mfa/totp/generate
- POST/pat
- POST/signin/anonymous
- POST/signin/email-password
- POST/signin/idtoken
- POST/signin/mfa/totp
- POST/signin/otp/email
- POST/signin/otp/email/verify
- POST/signin/passwordless/email
- POST/signin/passwordless/sms
- POST/signin/passwordless/sms/otp
- POST/signin/pat
- GET/signin/provider/{provider}
- GET/signin/provider/{provider}/callback
- GET/signin/provider/{provider}/callback/tokens
- POST/signin/provider/{provider}/callback
- POST/signin/webauthn
- POST/signin/webauthn/verify
- POST/signout
- POST/signup/email-password
- POST/signup/webauthn
- POST/signup/webauthn/verify
- POST/token
- POST/token/provider/{provider}
- POST/token/verify
- GET/user
- POST/user/deanonymize
- POST/user/email/change
- POST/user/email/send-verification-email
- POST/user/mfa
- POST/user/password
- POST/user/password/reset
- POST/user/webauthn/add
- POST/user/webauthn/verify
- GET/verify
- GET/version
- GET
Client Libraries
Client Libraries (deprecated)
curl --request POST \
--url https://{subdomain}.auth.{region}.nhost.run/v1/signin/passwordless/sms/otp \
--header 'Content-Type: application/json' \
--data '
{
"phoneNumber": "+123456789",
"otp": "<string>"
}
'{
"session": {
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"accessTokenExpiresIn": 900,
"refreshTokenId": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"refreshToken": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"user": {
"avatarUrl": "https://myapp.com/avatars/user123.jpg",
"createdAt": "2023-01-15T12:34:56Z",
"defaultRole": "user",
"displayName": "John Smith",
"emailVerified": true,
"id": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"isAnonymous": false,
"locale": "en",
"metadata": {
"firstName": "John",
"lastName": "Smith"
},
"phoneNumberVerified": false,
"roles": [
"user",
"customer"
],
"email": "[email protected]",
"phoneNumber": "+12025550123",
"activeMfaType": "<string>"
}
},
"mfa": {
"ticket": "mfaTotp:abc123def456"
}
}verifySignInPasswordlessSms
Complete passwordless SMS authentication by verifying the one-time password. Returns a session if validation is successful.
curl --request POST \
--url https://{subdomain}.auth.{region}.nhost.run/v1/signin/passwordless/sms/otp \
--header 'Content-Type: application/json' \
--data '
{
"phoneNumber": "+123456789",
"otp": "<string>"
}
'{
"session": {
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"accessTokenExpiresIn": 900,
"refreshTokenId": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"refreshToken": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"user": {
"avatarUrl": "https://myapp.com/avatars/user123.jpg",
"createdAt": "2023-01-15T12:34:56Z",
"defaultRole": "user",
"displayName": "John Smith",
"emailVerified": true,
"id": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"isAnonymous": false,
"locale": "en",
"metadata": {
"firstName": "John",
"lastName": "Smith"
},
"phoneNumberVerified": false,
"roles": [
"user",
"customer"
],
"email": "[email protected]",
"phoneNumber": "+12025550123",
"activeMfaType": "<string>"
}
},
"mfa": {
"ticket": "mfaTotp:abc123def456"
}
}Body
Phone number and OTP code for SMS verification
Response
User successfully authenticated
User authentication session containing tokens and user information
Show child attributes
Show child attributes
JWT token for authenticating API requests
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Expiration time of the access token in seconds
900
Identifier for the refresh token
"2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24"
Token used to refresh the access token
"2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24"
User profile and account information
Show child attributes
Show child attributes
URL to the user's profile picture
"https://myapp.com/avatars/user123.jpg"
Timestamp when the user account was created
"2023-01-15T12:34:56Z"
Default authorization role for the user
"user"
User's display name
"John Smith"
Whether the user's email has been verified
true
Unique identifier for the user
"2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24"
Whether this is an anonymous user account
false
User's preferred locale (language code)
2"en"
Custom metadata associated with the user
{ "firstName": "John", "lastName": "Smith" }Whether the user's phone number has been verified
false
List of roles assigned to the user
["user", "customer"]User's email address
User's phone number
"+12025550123"
Active MFA type for the user
Was this page helpful?