Login with OTP
Authenticate a user using their phone number and the OTP code received via SMS. This endpoint returns a JWT token for subsequent API calls.
OTP codes must be verified within 5 minutes of generation. After 3 failed attempts, a new OTP must be requested.
Request Body
User’s phone number in international format (same as used for OTP request)
6-digit OTP code received via SMS
Optional device identifier for session tracking
Response
Indicates if the login was successful
Human-readable message about the operation
User’s verified phone number
User’s email address (if provided)
ISO 8601 timestamp when phone was verified
ISO 8601 timestamp when account was created
JWT access token for API authentication
Refresh token for extending session
Token lifetime in seconds (3600 = 1 hour)
curl -X POST "https://staging-api.loyalty.lt/en/shop/auth/login" \
-H "X-API-Key: your_api_key" \
-H "X-API-Secret: your_api_secret" \
-H "Content-Type: application/json" \
-d '{
"phone": "+37060000000",
"otp": "123456",
"device_name": "iPhone 13"
}'
{
"success": true,
"message": "Login successful",
"data": {
"user": {
"id": 123,
"phone": "+37060000000",
"email": "user@example.com",
"name": "Jonas Jonaitis",
"phone_verified_at": "2024-01-15T10:30:00Z",
"created_at": "2024-01-01T00:00:00Z"
},
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
"refresh_token": "refresh_token_string_here",
"expires_in": 3600
}
}
Token Usage
After successful login, use the JWT token for authenticated requests:
curl -X GET "https://staging-api.loyalty.lt/en/shop/auth/me" \
-H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." \
-H "Content-Type: application/json"
Security Best Practices
Token Storage: Store tokens securely using platform-specific secure storage:
- Web: HttpOnly cookies or secure localStorage
- Mobile: Keychain (iOS) or Keystore (Android)
- Server: Environment variables or secure configuration
Never expose tokens in:
- URL parameters
- Browser console logs
- Version control systems
- Client-side JavaScript source
Next Steps
