Quiltt's client-side authentication system combines the Sign up and Sign In actions into one flow, using one-time passcodes (OTP) to reduces onboarding friction and remove the need to store or exchange password.
To get started, you will need to have a Quiltt App configured with your desired authentication strategy. Currently, we support email-based and phone-based (SMS-based) authentication strategies. The strategy will determine what will serve as the user's username (
- Your App sends the user's username (
phone) to Quiltt's authentication endpoint.
- If no user is found with the given username (
phone), the request will create a new user, and return a Session Token for that user, completing the flow.
- If an existing user is found with the given username (
phone), the request will issue a one-time passcode to the user (via email or SMS). Your application can then supply this
passcode, along with the user's username (
phone), and Quiltt will return a Session Token for the user.
The session token will be returned in the
Authorization header as a Bearer token. You can authenticate with our GraphQL endpoint by providing this session token in the
Authenticating a user (phone-based strategy)
Authenticating an existing user (phone-based strategy)
Once you have obtained a User Session Token, you are ready to talk to GraphQL and interact with the customer's financial data.
See our API Reference for additional authentication actions, including endpoints token introspection and revocation.