Skip to main content

Client-Side Authentication


AnchorOverview

This flow allows your user to generate a User Session on their own behalf.

New users will be immediately authenticated, while existing users will need to authenticate via a one-time passcode.

All requests require your App ID to be included as part of the request payload as appId.

Upon successful authentication, Quiltt will return a valid User Session object:

User Session

id string
expiration integer
userId string
token string

Once you’ve obtained a token, you can use it as a User Session Token with our GraphQL endpoint.


AnchorPhone-Based Strategy

The Phone-based authentication strategy uses the user’s phone as their authentication username.

When prompted during the authentication flow, your user will receive a one-time passcode at the supplied phone number via SMS.

Note: Your app must be properly configured for the Phone-based authentication strategy. If you’re unsure, please contact support@quiltt.io.

AnchorSign up a new user

POST
https://auth.quiltt.io/v1/users/session

Create a User Session for a new user.

Authorization

This request does not require authentication.

Response - 200 OK

{
"id": "306b1926-087f-418b-a579-d2e1b04c0f3c",
"expiration": 1620966091,
"userId": "8bc57c16-3a4f-4f85-b7d5-9cf51172d0e3",
"token": "eyJhbGciOiJIUzUxMiJ9.eyJuYmYiOjE2MjA4Nzk2OTEsImlhdCI6MTYyMDg3OTY5MSwianRpIjoiMzA2YjE5MjYtMDg3Zi00MThiLWE1NzktZDJlMWIwNGMwZjNjIiwiaXNzIjoiYXV0aC5xdWlsdHQuaW8iLCJhdWQiOiJhcGkucXVpbHR0LmlvIiwiZXhwIjoxNjIwOTY2MDkxLCJ2ZXIiOjEsImFpZCI6IjdkODZiODI1LWY5MzctNGNiNS05N2NjLTM4NDYwMzczNmQ3YiIsInVpZCI6IjhiYzU3YzE2LTNhNGYtNGY4NS1iN2Q1LTljZjUxMTcyZDBlMyJ9.6bqfYMGZv1DCb6mPWyzdKoUMY04_sbR5jag21LDEM_LVz3NMzk8YoXwgdNrjmQ94yG02S3RbyOTjsaWoyzBhAA"
}

AnchorSend one-time passcode (OTP) to an existing user

POST
https://auth.quiltt.io/v1/users/session

If a user with with the supplied phone exists, Quiltt will issue a one-time passcode to the user’s phone, via SMS.

This passcode can then be used to obtain a User Session.

Authorization

This request does not require authentication.

Response - 202 Accepted

AnchorAuthenticate an existing user via OTP

PUT
https://auth.quiltt.io/v1/users/session

Validate a submitted passcode and create a Session Token for an existing user (identified by phone).

If additional information is included in the user object, such as email or name, the user profile will be updated accordingly.

Authorization

This request does not require authentication.

Response - 200 OK

{
"id": "846af8cc-bae8-484d-8851-be7a3a9fba8f",
"expiration": 1620966198,
"userId": "8bc57c16-3a4f-4f85-b7d5-9cf51172d0e3",
"token": "eyJhbGciOiJIUzUxMiJ9.eyJuYmYiOjE2MjA4Nzk3OTgsImlhdCI6MTYyMDg3OTc5OCwianRpIjoiODQ2YWY4Y2MtYmFlOC00ODRkLTg4NTEtYmU3YTNhOWZiYThmIiwiaXNzIjoiYXV0aC5xdWlsdHQuaW8iLCJhdWQiOiJhcGkucXVpbHR0LmlvIiwiZXhwIjoxNjIwOTY2MTk4LCJ2ZXIiOjEsImFpZCI6IjdkODZiODI1LWY5MzctNGNiNS05N2NjLTM4NDYwMzczNmQ3YiIsInVpZCI6IjhiYzU3YzE2LTNhNGYtNGY4NS1iN2Q1LTljZjUxMTcyZDBlMyJ9.MSy1Zgg3mZ8neg538nXCQpL5XWHsDG5r2TReqI91jxUnJecI7FuEL2ENh97B3xvqPVmVYzkvlSupP47L0rD61A"
}

AnchorEmail-Based Strategy

The Email-based authentication strategy uses the user’s email as their authentication username.

When prompted during the authentication flow, your user will receive a one-time passcode at the supplied email address.

Note: Your app must be properly configured for the Email-based authentication strategy. If you’re unsure, please contact support@quiltt.io.

AnchorSign up a new user

POST
https://auth.quiltt.io/v1/users/session

Create a User Session for a new user.

Authorization

This request does not require authentication.

Response - 200 OK

{
"id": "306b1926-087f-418b-a579-d2e1b04c0f3c",
"expiration": 1620966091,
"userId": "8bc57c16-3a4f-4f85-b7d5-9cf51172d0e3",
"token": "eyJhbGciOiJIUzUxMiJ9.eyJuYmYiOjE2MjA4Nzk2OTEsImlhdCI6MTYyMDg3OTY5MSwianRpIjoiMzA2YjE5MjYtMDg3Zi00MThiLWE1NzktZDJlMWIwNGMwZjNjIiwiaXNzIjoiYXV0aC5xdWlsdHQuaW8iLCJhdWQiOiJhcGkucXVpbHR0LmlvIiwiZXhwIjoxNjIwOTY2MDkxLCJ2ZXIiOjEsImFpZCI6IjdkODZiODI1LWY5MzctNGNiNS05N2NjLTM4NDYwMzczNmQ3YiIsInVpZCI6IjhiYzU3YzE2LTNhNGYtNGY4NS1iN2Q1LTljZjUxMTcyZDBlMyJ9.6bqfYMGZv1DCb6mPWyzdKoUMY04_sbR5jag21LDEM_LVz3NMzk8YoXwgdNrjmQ94yG02S3RbyOTjsaWoyzBhAA"
}

AnchorSend one-time passcode (OTP) to an existing user

POST
https://auth.quiltt.io/v1/users/session

If a user with with the supplied phone exists, this request will issue a one-time passcode to the user’s phone, via SMS.

This passcode can then be used to obtain a User Session.

Authorization

This request does not require authentication.

AnchorResponse - 202 Accepted

AnchorAuthenticate an existing user via OTP

PUT
https://auth.quiltt.io/v1/users/session

Validate a submitted passcode and create a Session Token for an existing user (identified by email).

If additional information is included in the user object, such as email or name, the user profile will be updated accordingly.

Authorization

This request does not require authentication.

Response - 200 OK

{
"id": "846af8cc-bae8-484d-8851-be7a3a9fba8f",
"expiration": 1620966198,
"userId": "8bc57c16-3a4f-4f85-b7d5-9cf51172d0e3",
"token": "eyJhbGciOiJIUzUxMiJ9.eyJuYmYiOjE2MjA4Nzk3OTgsImlhdCI6MTYyMDg3OTc5OCwianRpIjoiODQ2YWY4Y2MtYmFlOC00ODRkLTg4NTEtYmU3YTNhOWZiYThmIiwiaXNzIjoiYXV0aC5xdWlsdHQuaW8iLCJhdWQiOiJhcGkucXVpbHR0LmlvIiwiZXhwIjoxNjIwOTY2MTk4LCJ2ZXIiOjEsImFpZCI6IjdkODZiODI1LWY5MzctNGNiNS05N2NjLTM4NDYwMzczNmQ3YiIsInVpZCI6IjhiYzU3YzE2LTNhNGYtNGY4NS1iN2Q1LTljZjUxMTcyZDBlMyJ9.MSy1Zgg3mZ8neg538nXCQpL5XWHsDG5r2TReqI91jxUnJecI7FuEL2ENh97B3xvqPVmVYzkvlSupP47L0rD61A"
}