# Passwordless

## SMS code prelogin

 - [POST /resources/auth/v1/passwordless/smscode/prelogin](https://developers.frontegg.com/ciam/api/identity/passwordless/authenticationpasswordlesscontrollerv1_smscodeprelogin.md): Initiate SMS-based passwordless authentication by sending a one-time code (OTC) to the user's phone.

This is the first step in the SMS OTC passwordless login flow. The system sends an SMS to the user associated with the provided email address.

Request body must include:
- email: The email address of the user initiating the login.
- invitationToken (optional): Include if the user is signing up through an invitation.
- recaptchaToken (optional): Required if reCAPTCHA is enabled for login.

Use this endpoint to begin the passwordless login process using SMS verification.

## SMS code postlogin

 - [POST /resources/auth/v1/passwordless/smscode/postlogin](https://developers.frontegg.com/ciam/api/identity/passwordless/authenticationpasswordlesscontrollerv1_smscodepostlogin.md): Complete passwordless authentication using a one-time code (OTC) sent via SMS.

This is the second step in the SMS OTC passwordless login flow. After the user receives the code, this endpoint finalizes authentication and returns a valid JWT and refresh cookie.

Request body must include:
- token: The token ID associated with the SMS OTC sent to the user.
- invitationToken (optional): Include if the user is signing up through an invitation.
- recaptchaToken (optional): Required if reCAPTCHA is enabled for login.

Use this endpoint to complete passwordless login via SMS and receive authentication tokens for the session.

## Magic link prelogin

 - [POST /resources/auth/v1/passwordless/magiclink/prelogin](https://developers.frontegg.com/ciam/api/identity/passwordless/authenticationpasswordlesscontrollerv1_magiclinkprelogin.md): Initiate passwordless authentication by sending a magic link to the user's email address.

This is the first step in the magic link passwordless login flow for local users. The system sends an email containing a secure login link to the provided address.

Request body must include:
- email: The email address of the user initiating the login.
- invitationToken (optional): Include if the user is signing up through an invitation.
- recaptchaToken (optional): Required if reCAPTCHA is enabled for login.

Use this endpoint to start the magic link authentication process by delivering a login link to the user's email inbox.

## Magic link postlogin

 - [POST /resources/auth/v1/passwordless/magiclink/postlogin](https://developers.frontegg.com/ciam/api/identity/passwordless/authenticationpasswordlesscontrollerv1_magiclinkpostlogin.md): Complete passwordless authentication using a magic link.

This is the second step in the magic link passwordless login flow for local users. After the user clicks the link in their email, this endpoint validates the token and authenticates the user.

Request body must include:
- token: The token ID extracted from the magic link.
- invitationToken (optional): Include if the user is signing up through an invitation.
- recaptchaToken (optional): Required if reCAPTCHA is enabled for login.

Use this endpoint to complete the magic link login flow and receive authentication credentials, including a JWT and a refresh cookie.

## OTC (One-Time Code) prelogin

 - [POST /resources/auth/v1/passwordless/code/prelogin](https://developers.frontegg.com/ciam/api/identity/passwordless/authenticationpasswordlesscontrollerv1_emailcodeprelogin.md): Initiate passwordless authentication by sending a one-time code (OTC) to the user's email address.

This is the first step in the email OTC (one-time code) passwordless login flow for local users. The system sends a time-sensitive code to the specified email address.

Request body must include:
- email: The email address of the user initiating the login.
- invitationToken (optional): Include if the user is signing up through an invitation.
- recaptchaToken (optional): Required if reCAPTCHA is enabled for login.

Use this endpoint to start the passwordless login process via an email-based one-time code.

## OTC (One-Time Code) postlogin

 - [POST /resources/auth/v1/passwordless/code/postlogin](https://developers.frontegg.com/ciam/api/identity/passwordless/authenticationpasswordlesscontrollerv1_emailcodepostlogin.md): Complete passwordless authentication using a one-time code (OTC) sent to the user's email.

This is the second step in the email OTC passwordless login flow. After the user receives and enters the code, this endpoint validates the token and finalizes authentication.

Request body must include:
- token: The token ID associated with the email OTC sent to the user.
- invitationToken (optional): Include if the user is signing up via an invitation.
- recaptchaToken (optional): Required if reCAPTCHA is enabled for login.

Use this endpoint to validate the email-based one-time code and receive authentication credentials, including a JWT and refresh cookie.