zMesh DocsDashboard

User Auth (Project)

End-user authentication for your project's users. Supports email/password, OTP (SMS, WhatsApp), magic links, and social OAuth (Google, GitHub).

Auth via API Key

All User Auth endpoints require the apikey header with your project API key.

Email / Password

// Sign Up
POST /user-auth/{project_id}/signup
{ "email": "user@example.com", "password": "SecurePass123", "full_name": "Rahul" }

// Login
POST /user-auth/{project_id}/login
{ "email": "user@example.com", "password": "SecurePass123" }

// Response
{
  "access_token": "eyJ...",
  "refresh_token": "rt_...",
  "token_type": "Bearer",
  "expires_in": 604800
}

Token Refresh

POST /user-auth/{project_id}/token/refresh
{ "refresh_token": "rt_..." }

Get Current User

GET /user-auth/{project_id}/user
Authorization: Bearer <user_access_token>

// Response
{
  "id": "uuid",
  "email": "user@example.com",
  "full_name": "Rahul",
  "provider": "email",
  "email_verified": true,
  "created_at": "..."
}

OTP (SMS / WhatsApp)

// Send OTP
POST /user-auth/{project_id}/otp/send
{
  "phone": "+919876543210",
  "channel": "sms"  // or "whatsapp"
}

// Verify OTP
POST /user-auth/{project_id}/otp/verify
{
  "phone": "+919876543210",
  "channel": "sms",
  "code": "123456"
}

SMS providers: Twilio, MSG91, TextLocal, 2Factor. Configure in Dashboard → Auth Providers.

Magic Link

// Send magic link
POST /user-auth/{project_id}/otp/send
{
  "email": "user@example.com",
  "channel": "magic_link"
}

// Verify (user clicks the link → redirected to callback with token)
GET /user-auth/{project_id}/magic-link/verify?token=TOKEN

Social OAuth (Google / GitHub)

// Redirect user to provider
GET /user-auth/{project_id}/oauth/google
GET /user-auth/{project_id}/oauth/github

// Callback (handled automatically)
GET /user-auth/{project_id}/oauth/{provider}/callback

// Returns tokens after successful authentication

Configure Auth Providers

// List providers
GET /projects/{project_id}/auth/providers

// Enable/configure a provider
PUT /projects/{project_id}/auth/providers/oauth_google
{
  "is_enabled": true,
  "config": {
    "client_id": "your-google-client-id",
    "client_secret": "your-google-secret",
    "callback_url": "https://your-app.com/auth/callback"
  }
}

// Available providers:
// email_password, magic_link, oauth_google, oauth_github,
// sms_twilio, sms_msg91, sms_textlocal, sms_2factor, whatsapp_otp

Manage End Users (Dashboard)

MethodPathDescription
GET/projects/{id}/auth/usersList end users (paginated, searchable)
GET/projects/{id}/auth/users/statsUser stats (total, active, by provider)
PATCH/projects/{id}/auth/users/{uid}Ban/unban, activate/deactivate
DELETE/projects/{id}/auth/users/{uid}Delete end user