{
  "email": "user@example.com",
  "password": "your-password"
}

{
  "user": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "aud": "authenticated",
    "role": "authenticated",
    "email": "user@example.com",
    "email_confirmed_at": "2023-01-01T12:00:00.000Z",
    "phone": "",
    "confirmed_at": "2023-01-01T12:00:00.000Z",
    "last_sign_in_at": "2023-05-01T12:34:56.789Z",
    "app_metadata": {
      "provider": "email",
      "providers": ["email"]
    },
    "user_metadata": {
      "first_name": "John",
      "last_name": "Doe",
      "avatar_url": "https://example.com/avatar.jpg"
    },
    "identities": [],
    "created_at": "2023-01-01T12:00:00.000Z",
    "updated_at": "2023-05-01T12:34:56.789Z"
  },
  "session": {
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "token_type": "bearer",
    "expires_in": 3600,
    "refresh_token": "aBcDeFgHiJkLmNoPqRsTuVwXyZ..."
  }
}

Login API

The login endpoints allow users to authenticate with the ProductFlo API and obtain access tokens for subsequent API calls.

Email Login

POST /auth/login

Authenticate a user with email and password
Authenticates a user with their email and password, returning a session with access and refresh tokens.

Request

curl -X POST https://api.productflo.io/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "your-password"
  }'

Request Body

email
string
required
The user’s email address
password
string
required
The user’s password

Response

user
object
User information
session
object
Session information
{
  "email": "user@example.com",
  "password": "your-password"
}

{
  "user": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "aud": "authenticated",
    "role": "authenticated",
    "email": "user@example.com",
    "email_confirmed_at": "2023-01-01T12:00:00.000Z",
    "phone": "",
    "confirmed_at": "2023-01-01T12:00:00.000Z",
    "last_sign_in_at": "2023-05-01T12:34:56.789Z",
    "app_metadata": {
      "provider": "email",
      "providers": ["email"]
    },
    "user_metadata": {
      "first_name": "John",
      "last_name": "Doe",
      "avatar_url": "https://example.com/avatar.jpg"
    },
    "identities": [],
    "created_at": "2023-01-01T12:00:00.000Z",
    "updated_at": "2023-05-01T12:34:56.789Z"
  },
  "session": {
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "token_type": "bearer",
    "expires_in": 3600,
    "refresh_token": "aBcDeFgHiJkLmNoPqRsTuVwXyZ..."
  }
}

Phone Login

POST /auth/phone-login

Authenticate a user with phone number and password
Authenticates a user with their phone number and password, returning a session with access and refresh tokens.

Request

curl -X POST https://api.productflo.io/auth/phone-login \
  -H "Content-Type: application/json" \
  -d '{
    "phone_number": "+12345678901",
    "password": "your-password"
  }'

Request Body

phone_number
string
required
The user’s phone number in international format (e.g., +12345678901)
password
string
required
The user’s password

Response

Same structure as the email login response.

POST /auth/magic-link

Send a magic link to the user’s email for passwordless login
Sends a magic link to the user’s email address for passwordless authentication.

Request

curl -X POST https://api.productflo.io/auth/magic-link \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com"
  }'

Request Body

email
string
required
The user’s email address

Response

message
string
Confirmation message
{
  "email": "user@example.com"
}

{
  "message": "Magic link sent to email"
}

OTP Authentication

POST /auth/phone-otp

Send a one-time password to the user’s phone
Sends a one-time password (OTP) to the user’s phone number for authentication.

Request

curl -X POST https://api.productflo.io/auth/phone-otp \
  -H "Content-Type: application/json" \
  -d '{
    "phone_number": "+12345678901"
  }'

Request Body

phone_number
string
required
The user’s phone number in international format

Response

message
string
Confirmation message
{
  "phone_number": "+12345678901"
}

{
  "message": "OTP sent to phone number"
}

Verify OTP

POST /auth/verify-phone-otp

Verify a one-time password sent to the user’s phone
Verifies the one-time password (OTP) sent to the user’s phone number.

Request

curl -X POST https://api.productflo.io/auth/verify-phone-otp \
  -H "Content-Type: application/json" \
  -d '{
    "phone_number": "+12345678901",
    "token": "123456"
  }'

Request Body

phone_number
string
required
The user’s phone number in international format
token
string
required
The OTP code received by the user

Response

Same structure as the login response, containing user and session information.