Skip to main content

Passwordless Sessions


AnchorOverview

This flow allows your user to generate a Session Token on their own behalf, without passwords. New users will be immediately authenticated, while existing users will need to authenticate via a one-time passcode (OTP).

Upon successful authentication, you will receive a valid Session object, which will include a token that be used as a Session Token with the GraphQL endpoint.

AnchorAuthorization

There is no authorization required to use these endpoints.

AnchorSchemas

User Session

id string
expiration integer
userId string
token string

AnchorPhone-Based Strategy

The Phone-based authentication strategy uses the user’s phone as their authentication username.

When prompted during the authentication flow, your user will receive a one-time passcode at the supplied phone number via SMS.

Note: Your deployment must be properly configured for the Phone-based authentication strategy. If you’re unsure, please contact support@quiltt.io.

AnchorRegister a New User

POST
https://auth.quiltt.io/v1/users/session

Generate a Session Token for a newly created user.

AnchorRequest Parameters

deploymentIdrequired string
UUID
phonerequired string
Must be in E.164 Format
email string
name string

AnchorRequest Example

AnchorResponse Example

200 OK

{
"id": "306b1926-087f-418b-a579-d2e1b04c0f3c",
"expiration": 1620966091,
"userId": "8bc57c16-3a4f-4f85-b7d5-9cf51172d0e3",
"token": "eyJhbGciOiJIUzUxMiJ9.eyJuYmYiOjE2MjA4Nzk2OTEsImlhdCI6MTYyMDg3OTY5MSwianRpIjoiMzA2YjE5MjYtMDg3Zi00MThiLWE1NzktZDJlMWIwNGMwZjNjIiwiaXNzIjoiYXV0aC5xdWlsdHQuaW8iLCJhdWQiOiJhcGkucXVpbHR0LmlvIiwiZXhwIjoxNjIwOTY2MDkxLCJ2ZXIiOjEsImFpZCI6IjdkODZiODI1LWY5MzctNGNiNS05N2NjLTM4NDYwMzczNmQ3YiIsInVpZCI6IjhiYzU3YzE2LTNhNGYtNGY4NS1iN2Q1LTljZjUxMTcyZDBlMyJ9.6bqfYMGZv1DCb6mPWyzdKoUMY04_sbR5jag21LDEM_LVz3NMzk8YoXwgdNrjmQ94yG02S3RbyOTjsaWoyzBhAA"
}

AnchorSend OTP to an Existing User

POST
https://auth.quiltt.io/v1/users/session

If a user with with the supplied phone exists, this request will send a one-time passcode to the user’s phone via SMS.

This passcode can then be used to authenticate the user and obtain a Session Token.

AnchorRequest Parameters

deploymentIdrequired string
UUID
phonerequired string
Must be in E.164 Format
email string
name string

AnchorRequest Example

AnchorResponse Example

202 Accepted

AnchorAuthenticate an Existing User via OTP

PUT
https://auth.quiltt.io/v1/users/session

Validate a submitted passcode and generate a Session Token for an existing user (identified by phone).

If additional information is included in the user object, such as email or name, the user Profile will be updated accordingly.

AnchorRequest Parameters

deploymentIdrequired string
UUID
phonerequired string
Must be in E.164 Format
passcoderequired string
email string
name string

AnchorRequest Example

AnchorResponse Example

200 OK

{
"id": "846af8cc-bae8-484d-8851-be7a3a9fba8f",
"expiration": 1620966198,
"userId": "8bc57c16-3a4f-4f85-b7d5-9cf51172d0e3",
"token": "eyJhbGciOiJIUzUxMiJ9.eyJuYmYiOjE2MjA4Nzk3OTgsImlhdCI6MTYyMDg3OTc5OCwianRpIjoiODQ2YWY4Y2MtYmFlOC00ODRkLTg4NTEtYmU3YTNhOWZiYThmIiwiaXNzIjoiYXV0aC5xdWlsdHQuaW8iLCJhdWQiOiJhcGkucXVpbHR0LmlvIiwiZXhwIjoxNjIwOTY2MTk4LCJ2ZXIiOjEsImFpZCI6IjdkODZiODI1LWY5MzctNGNiNS05N2NjLTM4NDYwMzczNmQ3YiIsInVpZCI6IjhiYzU3YzE2LTNhNGYtNGY4NS1iN2Q1LTljZjUxMTcyZDBlMyJ9.MSy1Zgg3mZ8neg538nXCQpL5XWHsDG5r2TReqI91jxUnJecI7FuEL2ENh97B3xvqPVmVYzkvlSupP47L0rD61A"
}

AnchorEmail-Based Strategy

The Email-based authentication strategy uses the user’s email as their authentication username.

When prompted during the authentication flow, your user will receive a one-time passcode at the supplied email address.

Note: Your deployment must be properly configured for the Email-based authentication strategy. If you’re unsure, please contact support@quiltt.io.

AnchorRegister a New User

POST
https://auth.quiltt.io/v1/users/session

Generate a Session Token for a newly created user.

AnchorRequest Parameters

deploymentIdrequired string
UUID
emailrequired string
name string
phone string
Must be in E.164 Format

AnchorRequest Example

AnchorResponse Example

200 OK

{
"id": "306b1926-087f-418b-a579-d2e1b04c0f3c",
"expiration": 1620966091,
"userId": "8bc57c16-3a4f-4f85-b7d5-9cf51172d0e3",
"token": "eyJhbGciOiJIUzUxMiJ9.eyJuYmYiOjE2MjA4Nzk2OTEsImlhdCI6MTYyMDg3OTY5MSwianRpIjoiMzA2YjE5MjYtMDg3Zi00MThiLWE1NzktZDJlMWIwNGMwZjNjIiwiaXNzIjoiYXV0aC5xdWlsdHQuaW8iLCJhdWQiOiJhcGkucXVpbHR0LmlvIiwiZXhwIjoxNjIwOTY2MDkxLCJ2ZXIiOjEsImFpZCI6IjdkODZiODI1LWY5MzctNGNiNS05N2NjLTM4NDYwMzczNmQ3YiIsInVpZCI6IjhiYzU3YzE2LTNhNGYtNGY4NS1iN2Q1LTljZjUxMTcyZDBlMyJ9.6bqfYMGZv1DCb6mPWyzdKoUMY04_sbR5jag21LDEM_LVz3NMzk8YoXwgdNrjmQ94yG02S3RbyOTjsaWoyzBhAA"
}

AnchorSend OTP to an Existing User

POST
https://auth.quiltt.io/v1/users/session

If a user with with the supplied phone exists, this request will send a one-time passcode to the user’s phone via SMS.

This passcode can then be used to authenticate the user and obtain a Session Token.

AnchorRequest Parameters

deploymentIdrequired string
UUID
emailrequired string
name string
phone string
Must be in E.164 Format

AnchorRequest Example

AnchorResponse Example

202 Accepted

AnchorAuthenticate an Existing User via OTP

PUT
https://auth.quiltt.io/v1/users/session

Validate a submitted passcode and generate a Session Token for an existing user (identified by email).

If additional information is included in the user object, such as email or name, the user Profile will be updated accordingly.

AnchorRequest Parameters

deploymentIdrequired string
UUID
emailrequired string
passcoderequired string
name string
phone string
Must be in E.164 Format

AnchorRequest Example

AnchorResponse Example

200 OK

{
"id": "846af8cc-bae8-484d-8851-be7a3a9fba8f",
"expiration": 1620966198,
"userId": "8bc57c16-3a4f-4f85-b7d5-9cf51172d0e3",
"token": "eyJhbGciOiJIUzUxMiJ9.eyJuYmYiOjE2MjA4Nzk3OTgsImlhdCI6MTYyMDg3OTc5OCwianRpIjoiODQ2YWY4Y2MtYmFlOC00ODRkLTg4NTEtYmU3YTNhOWZiYThmIiwiaXNzIjoiYXV0aC5xdWlsdHQuaW8iLCJhdWQiOiJhcGkucXVpbHR0LmlvIiwiZXhwIjoxNjIwOTY2MTk4LCJ2ZXIiOjEsImFpZCI6IjdkODZiODI1LWY5MzctNGNiNS05N2NjLTM4NDYwMzczNmQ3YiIsInVpZCI6IjhiYzU3YzE2LTNhNGYtNGY4NS1iN2Q1LTljZjUxMTcyZDBlMyJ9.MSy1Zgg3mZ8neg538nXCQpL5XWHsDG5r2TReqI91jxUnJecI7FuEL2ENh97B3xvqPVmVYzkvlSupP47L0rD61A"
}