Quiltt's client-side authentication system combines the Sign up and Sign In actions into one flow, using one-time passcodes (OTP) to reduces onboarding friction and remove the need to store or exchange password.
To get started, you will need to have a Quiltt App configured with your desired authentication strategy. Currently, we support email-based and phone-based (SMS-based) authentication strategies. The strategy will determine what will serve as the user's username (
- Your App sends the user's username (
phone) to Quiltt's authentication endpoint.
- If no user is found with the given username (
phone), the request will create a new user, and return a Session Token for that user, completing the flow.
- If an existing user is found with the given username (
phone), the request will issue a one-time passcode to the user (via email or SMS). Your application can then supply this
passcode, along with the user's username (
phone), and Quiltt will return a Session Token for the user.
The session token will be returned in the
Authorization header as a Bearer token. You can authenticate with our GraphQL endpoint by providing this session token in the
Authenticating a user (phone-based strategy)
Authenticating an existing user (phone-based strategy)
Once you have obtained a Session Token, you are ready to talk to GraphQL and interact with the user's financial data.
See our API Reference for additional authentication actions, including endpoints token introspection and revocation.