Login API
The login endpoints allow users to authenticate with the ProductFlo API and obtain access tokens for subsequent API calls.
Email Login
POST /auth/login
Authenticate a user with email and password
Authenticates a user with their email and password, returning a session with access and refresh tokens.
Request
curl -X POST https://api.productflo.io/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "your-password"
}'
curl -X POST https://api.productflo.io/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "your-password"
}'
const response = await fetch('https://api.productflo.io/auth/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
email: 'user@example.com',
password: 'your-password',
}),
credentials: 'include' // Important for cookie-based auth
});
const data = await response.json();
import requests
response = requests.post(
'https://api.productflo.io/auth/login',
json={
'email': 'user@example.com',
'password': 'your-password'
}
)
data = response.json()
Request Body
Response
User information
The user’s unique identifier
Metadata about the user’s account
User-specific metadata including profile information
The audience the token is intended for
Session information
Token used to refresh the access token
Number of seconds until the token expires
Type of token (usually “bearer”)
{
"email": "user@example.com",
"password": "your-password"
}
{
"user": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"aud": "authenticated",
"role": "authenticated",
"email": "user@example.com",
"email_confirmed_at": "2023-01-01T12:00:00.000Z",
"phone": "",
"confirmed_at": "2023-01-01T12:00:00.000Z",
"last_sign_in_at": "2023-05-01T12:34:56.789Z",
"app_metadata": {
"provider": "email",
"providers": ["email"]
},
"user_metadata": {
"first_name": "John",
"last_name": "Doe",
"avatar_url": "https://example.com/avatar.jpg"
},
"identities": [],
"created_at": "2023-01-01T12:00:00.000Z",
"updated_at": "2023-05-01T12:34:56.789Z"
},
"session": {
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 3600,
"refresh_token": "aBcDeFgHiJkLmNoPqRsTuVwXyZ..."
}
}
Phone Login
POST /auth/phone-login
Authenticate a user with phone number and password
Authenticates a user with their phone number and password, returning a session with access and refresh tokens.
Request
curl -X POST https://api.productflo.io/auth/phone-login \
-H "Content-Type: application/json" \
-d '{
"phone_number": "+12345678901",
"password": "your-password"
}'
curl -X POST https://api.productflo.io/auth/phone-login \
-H "Content-Type: application/json" \
-d '{
"phone_number": "+12345678901",
"password": "your-password"
}'
const response = await fetch('https://api.productflo.io/auth/phone-login', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
phone_number: '+12345678901',
password: 'your-password',
}),
credentials: 'include'
});
const data = await response.json();
Request Body
The user’s phone number in international format (e.g., +12345678901)
Response
Same structure as the email login response.
Magic Link Authentication
POST /auth/magic-link
Send a magic link to the user’s email for passwordless login
Sends a magic link to the user’s email address for passwordless authentication.
Request
curl -X POST https://api.productflo.io/auth/magic-link \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com"
}'
curl -X POST https://api.productflo.io/auth/magic-link \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com"
}'
const response = await fetch('https://api.productflo.io/auth/magic-link', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
email: 'user@example.com',
})
});
const data = await response.json();
Request Body
Response
{
"email": "user@example.com"
}
{
"message": "Magic link sent to email"
}
OTP Authentication
POST /auth/phone-otp
Send a one-time password to the user’s phone
Sends a one-time password (OTP) to the user’s phone number for authentication.
Request
curl -X POST https://api.productflo.io/auth/phone-otp \
-H "Content-Type: application/json" \
-d '{
"phone_number": "+12345678901"
}'
curl -X POST https://api.productflo.io/auth/phone-otp \
-H "Content-Type: application/json" \
-d '{
"phone_number": "+12345678901"
}'
Request Body
The user’s phone number in international format
Response
{
"phone_number": "+12345678901"
}
{
"message": "OTP sent to phone number"
}
Verify OTP
POST /auth/verify-phone-otp
Verify a one-time password sent to the user’s phone
Verifies the one-time password (OTP) sent to the user’s phone number.
Request
curl -X POST https://api.productflo.io/auth/verify-phone-otp \
-H "Content-Type: application/json" \
-d '{
"phone_number": "+12345678901",
"token": "123456"
}'
curl -X POST https://api.productflo.io/auth/verify-phone-otp \
-H "Content-Type: application/json" \
-d '{
"phone_number": "+12345678901",
"token": "123456"
}'
Request Body
The user’s phone number in international format
The OTP code received by the user
Response
Same structure as the login response, containing user and session information.
