Overview
LoginRadius Phone Authentication APIs enable customers to register, verify, and log in using their phone numbers. It provides a secure and streamlined authentication flow with One-Time Password (OTP) verification during registration, login, and password recovery. This method is particularly useful for mobile-first experiences and use cases where phone-based authentication is preferred over email.
LoginRadius Phone Authentication APIs require your LoginRadius API Key to access the phone-related endpoints. This key uniquely identifies your application and authorizes API requests.
Retrieve Your API Key:
- Log in to your LoginRadius Admin Console.
- Navigate to Tenant Settings.
- Locate the API Key under the API Configuration section.
Ensure this API Key is used in all phone authentication API requests for proper authorization.
Key Features and Use Cases
- Phone-Based Registration: Sign up using a phone number and password, with built-in OTP verification.
- Login via Phone: Authenticate using the phone number and password combination.
- OTP-Driven Flows: Enable phone verification and password resets and log in via OTP.
- Phone Number Management: Update, remove, and verify phone numbers from a user’s profile.
- Secure Recovery: Use OTPs to reset forgotten passwords securely.
Common API Endpoints
Here are the most commonly used endpoints in authentication workflows:
- Registration Endpoints
- Verification Endpoints
- Login Endpoints
- Forgot & Reset Password Endpoints
- Update Endpoints
- Account Delete Endpoints
These APIs enable user registration in LoginRadius using phone numbers. Verified phone numbers are stored in the customer's profile as a PhoneId. The following APIs are available to support registration with PhoneId.
| Action | Endpoint Description |
|---|---|
| Phone Number Availability | Check if a phone number is already registered. |
| Phone User Registration by SMS | Register with PhoneId and trigger OTP verification. |
These APIs are used to verify the OTP entered by the user during the authentication flow or can be used to resend the verification OTP.
| Action | Endpoint Description |
|---|---|
| Phone Verification by OTP | This API confirms the verification code sent to validate a user's phone number. |
| Phone Resend Verification OTP | This API resends a verification OTP to confirm a user's phone number. |
These endpoints enable existing users to log in using their registered phone numbers.
| Action | Endpoint Description |
|---|---|
| Phone Login | Log in using your Phone Number and password |
These APIs allow users to reset or recover their accounts with a phone OTP if they forget their password.
| Action | Endpoint Description |
|---|---|
| Phone Forgot Password by OTP | Send OTP for password reset |
| Phone Reset Password by OTP | Reset password using OTP |
This API allows users to update their existing phone numbers.
| Action | Endpoint Description |
|---|---|
| Phone Number Update | Update Phone number on user profile |
This API allows users to delete their accounts using their phone numbers.
| Action | Endpoint Description |
|---|---|
| Send Account Delete OTP | This API sends an OTP to the user's phone number for account deletion. |
Best Practices
- Ensure SMS provider configuration is complete in the Admin Console before using phone registration or OTP-based flows.
- Always verify phone numbers via OTP during registration to prevent fraudulent sign-ups.
- Limit OTP retries and set expiration times to protect against brute-force attacks.
- Use access tokens for sensitive operations like updating or removing PhoneIds.
- Avoid using unverified phone numbers for login or password recovery.