Skip to content
Nhost Documentation
Support Dashboard

Sign in with SMS OTP

POST
/signin/passwordless/sms

Initiate passwordless authentication by sending a one-time password to the user’s phone number. If the user doesn’t exist and AUTH_DISABLE_AUTO_SIGNUP is not set, a new account will be created with the provided options. When AUTH_DISABLE_AUTO_SIGNUP is enabled, users must use the /signup/passwordless/sms endpoint to register first.

Request Body required

Section titled “Request Body required ”

Phone number and optional user options for SMS OTP authentication

object
phoneNumber
required

Phone number of the user

string
Example
+123456789
options
object
allowedRoles
Array<string>
Example
[
  "me",
  "user"
]
defaultRole
string
Example
user
displayName
string
<= 32 characters /^[\p{L}\p{N}\p{S} ,.'-]+$/
Example
John Smith
locale

A two or three characters locale

string
>= 2 characters <= 3 characters
Example
en
metadata
object
key
additional properties
any
Example
{
  "firstName": "John",
  "lastName": "Smith"
}
redirectTo
string format: uri
Example
https://my-app.com/catch-redirection

Responses

Section titled “ Responses ”

200

Section titled “200 ”

OTP sent to the user’s phone number. To prevent account enumeration, this response is also returned without side effects when the phone number is not registered and AUTH_DISABLE_AUTO_SIGNUP is enabled.

string
Allowed values: OK

default

Section titled “default ”

An error occurred while processing the request

Standardized error response

object
status
required

HTTP status error code

integer
Example
400
message
required

Human-friendly error message

string
Example
Invalid email format
error
required

Error code identifying the specific application error

string
Allowed values: default-role-must-be-in-allowed-roles disabled-endpoint disabled-user user-already-exists email-already-verified forbidden-anonymous internal-server-error invalid-email-password invalid-request locale-not-allowed password-too-short password-in-hibp-database redirectTo-not-allowed role-not-allowed signup-disabled unverified-user user-not-anonymous invalid-pat invalid-refresh-token invalid-ticket disabled-mfa-totp no-totp-secret invalid-totp mfa-type-not-found totp-already-active invalid-state oauth-token-echange-failed oauth-profile-fetch-failed oauth-provider-error invalid-otp cannot-send-sms provider-account-already-linked