API ReferenceAuth
Otp Request
Generate a one-time code, email it, return acknowledgement.
Behaviour:
- Always returns 200 with
{sent: true}so the response is uniform regardless of whether the email exists. Defends against email enumeration. - Rate-limited at 5/min per IP via slowapi, plus a per-email "no-second-code-within-60s" check so a single inbox can't be spammed.
- Code is hashed before storage; raw code only lives in the email.
Email is canonicalised via _normalize_email so paste artefacts
(trailing punctuation, escape backslashes) don't desync from the
whitelist row.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
curl -X POST "https://example.com/auth/otp/request" \ -H "Content-Type: application/json" \ -d '{ "email": "string" }'null{ "detail": [ { "loc": [ "string" ], "msg": "string", "type": "string", "input": null, "ctx": {} } ]}