Minctrl Docs

Otp Request

POST
/auth/otp/request

Generate a one-time code, email it, return acknowledgement.

Behaviour:

  • Always returns 200 with {sent: true} so the response is uniform regardless of whether the email exists. Defends against email enumeration.
  • Rate-limited at 5/min per IP via slowapi, plus a per-email "no-second-code-within-60s" check so a single inbox can't be spammed.
  • Code is hashed before storage; raw code only lives in the email.

Email is canonicalised via _normalize_email so paste artefacts (trailing punctuation, escape backslashes) don't desync from the whitelist row.

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

application/json

curl -X POST "https://example.com/auth/otp/request" \  -H "Content-Type: application/json" \  -d '{    "email": "string"  }'
null
{  "detail": [    {      "loc": [        "string"      ],      "msg": "string",      "type": "string",      "input": null,      "ctx": {}    }  ]}