Phone Authentication
This guide explains how to implement phone-based authentication in the LAX application.
Request Verification Code
Endpoint
- Method: POST
- URL:
/api/auth/phone-login-request
Request Headers
| Header | Value | Required |
|---|---|---|
| Content-Type | application/json | Yes |
| Accept | application/json | Yes |
Request Body
| Parameter | Type | Description | Required |
|---|---|---|---|
| phone | string | User's phone number with country code | Yes |
Success Response
{
"success": true,
"message": "Verification code has been sent",
"data": {
"phone": "+966500000000"
},
"status_code": 200
}
Error Responses
Invalid Phone Format (422)
{
"success": false,
"message": "The phone field must be a valid phone number",
"data": null,
"status_code": 422
}
Confirm Verification Code
Endpoint
- Method: POST
- URL:
/api/auth/phone-login-confirm
Request Headers
| Header | Value | Required |
|---|---|---|
| Content-Type | application/json | Yes |
| Accept | application/json | Yes |
Request Body
| Parameter | Type | Description | Required |
|---|---|---|---|
| phone | string | Phone number used in login request | Yes |
| token | string | Verification code received via SMS | Yes |
| device_type | string | Type of device (android/ios/web) | Yes |
| fcm_token | string | Firebase Cloud Messaging token | No |
| device_id | string | Unique device identifier | Required with fcm_token |
Success Response
{
"success": true,
"message": "You have logged in successfully",
"data": {
"id": 13,
"name": "John Doe",
"email": null,
"is_using_apple_private_relay_email": false,
"avatar": null,
"token": "93|MCYIcgaFQR1dlh8SBAAFD7EPR3fe3sWgGssmzYVpe7684615",
"is_app_rated": null,
"is_app_rated_reminder": null,
"is_subscribed": true
},
"status_code": 200
}
Error Responses
Invalid Code (422)
{
"success": false,
"message": "Invalid verification code",
"data": null,
"status_code": 422
}
Code Expired (422)
{
"success": false,
"message": "Verification code has expired",
"data": null,
"status_code": 422
}
Missing Required Fields (422)
{
"success": false,
"message": "The device type field is required",
"data": null,
"status_code": 422
}
Example Implementation Flow
- User enters phone number
- Application sends login request to
/api/auth/phone-login-request - User receives verification code via SMS
- Application collects:
- Phone number
- Verification code
- Device information
- Application sends confirmation request to
/api/auth/phone-login-confirm - Upon success:
- Store the returned API token securely
- Save user information locally
- Navigate to the main application screen
- Upon error:
- Display error message to user
- Allow user to request new code if expired