Authentication

Authentication in DOSS follows a two-stage flow: verify an email address, verify a phone number, set a 4-digit PIN, then confirm it. Returning users log in directly with their phone number and PIN.

Registration and OTP endpoints do not require an Authorization header. All other endpoints require a Bearer token.

Send email OTP

POST /v2/email_send_otp Sends a one-time verification code to the provided email address. On success, the response includes the user object with email, uuid, and verification_code used in the next step.

Request body

string

required

The user’s email address. Must be a valid email format.

Response

response

object

Show properties

user

object

Show properties

string

The email address the OTP was sent to.

uuid

string

The user’s unique identifier, used in subsequent registration steps.

verification_code

string

The verification code (included in development environments for debugging).

curl -X POST https://dossapp.com/api/v2/email_send_otp \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{"email": "user@example.com"}'

Verify email OTP

POST /v2/email_verify_otp Verifies the 4-digit code sent to the user’s email address.

Request body

string

required

The email address the OTP was sent to.

verification_code

string

required

The 4-digit verification code received by the user.

Response

email_verify_at

string

Timestamp at which the email was verified.

curl -X POST https://dossapp.com/api/v2/email_verify_otp \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{"email": "user@example.com", "verification_code": "1234"}'

Send phone OTP

POST /v2/phone_send_otp Sends a one-time verification code to the provided phone number.

Request body

string

required

The user’s email address, passed to associate the phone with the existing registration session.

phone

string

required

The user’s phone number, including the country dial code (e.g., +18681234567).

curl -X POST https://dossapp.com/api/v2/phone_send_otp \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{"email": "user@example.com", "phone": "+18681234567"}'

Verify phone OTP

POST /v2/phone_verify_otp Verifies the 4-digit code sent to the user’s phone number.

Request body

uuid

string

required

The user’s UUID, obtained from the email_send_otp response.

verification_code

string

required

The 4-digit verification code received by the user.

Response

phone_verify_at

string

Timestamp at which the phone number was verified.

curl -X POST https://dossapp.com/api/v2/phone_verify_otp \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{"uuid": "abc-123", "verification_code": "5678"}'

Set PIN

POST /v2/set_pin Sets the user’s 4-digit PIN during the registration flow.

Request body

uuid

string

required

The user’s UUID.

string

required

A 4-digit numeric PIN chosen by the user.

curl -X POST https://dossapp.com/api/v2/set_pin \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{"uuid": "abc-123", "pin": "4242"}'

Confirm PIN

POST /v2/confirm_pin Confirms the PIN set in the previous step, completing the registration process. Returns an authentication token on success.

Request body

uuid

string

required

The user’s UUID.

confirm_pin

string

required

The same 4-digit PIN entered in the set_pin step.

Firebase Cloud Messaging token for the device, used to send push notifications.

Response

success

object

Show properties

user

object

Show properties

token

string

Bearer token to be stored and used for all subsequent authenticated requests.

pin_verify_at

string

Timestamp at which the PIN was confirmed.

curl -X POST https://dossapp.com/api/v2/confirm_pin \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{"uuid": "abc-123", "confirm_pin": "4242", "fcm_last_login_device_token": "fcm-token"}'

Log in

POST /v2/new-login Authenticates a returning user with their phone number and PIN. Returns a Bearer token on success.

Request body

phone

string

required

The user’s phone number, including the country dial code.

password

string

required

The user’s 4-digit PIN.

Firebase Cloud Messaging token for the device.

Response

response

object

Show properties

token

string

Bearer token for authenticated requests.

integer

The user’s numeric ID.

first_name

string

The user’s first name.

last_name

string

The user’s last name.

string

The user’s email address.

phone

string

The user’s phone number.

image

string

URL of the user’s profile photo.

uuid

string

The user’s UUID, used for identity QR codes.

message

string

Error message returned on failed login attempts.

curl -X POST https://dossapp.com/api/v2/new-login \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{"phone": "+18681234567", "password": "4242", "fcm_last_login_device_token": "fcm-token"}'

Endpoints

Send email OTP

Request body

Response

Verify email OTP

Request body

Response

Send phone OTP

Request body

Verify phone OTP

Request body

Response

Set PIN

Request body

Confirm PIN

Request body

Response

Log in

Request body

Response

Build docs developers (and LLMs) love

Endpoints

​Send email OTP

​Request body

​Response

​Verify email OTP

​Request body

​Response

​Send phone OTP

​Request body

​Verify phone OTP

​Request body

​Response

​Set PIN

​Request body

​Confirm PIN

​Request body

​Response

​Log in

​Request body

​Response

Build docs developers (and LLMs) love

Send email OTP

Request body

Response

Verify email OTP

Request body

Response

Send phone OTP

Request body

Verify phone OTP

Request body

Response

Set PIN

Request body

Confirm PIN

Request body

Response

Log in

Request body

Response