Skip to main content
POST
/
auth
/
v1
/
create
Create
curl --request POST \
  --url https://auth.otpless.app/auth/v1/create \
  --header 'Content-Type: application/json' \
  --header 'clientId: <api-key>' \
  --header 'clientSecret: <api-key>' \
  --data '
{
  "phoneNumber": "9876543210",
  "countryCode": "91",
  "expiry": 300,
  "tid": "your-template-id"
}
'
{
  "requestId": "ARID_A1B2C3D4E5F6"
}
The Create API is the first step of the authentication flow. Your backend calls it with the user’s phone number and, in return, receives a requestId. By passing the phone number you are effectively generating a requestId bound to that identity — you then use this same requestId to invoke the SDK and perform the authentication on the client, and to track the result via the Status Check API.
This is a server-to-server call. It requires your clientId and clientSecret, which must never be exposed in client-side code.
Either phoneNumber + countryCode or email must be provided. For SNA-only flows, use phoneNumber + countryCode — SNA authenticates against the SIM and requires a mobile number.

Authorizations

clientId
string
header
required

OTPless API Client ID

clientSecret
string
header
required

OTPless API Client Secret

Body

application/json
phoneNumber
string

Phone number without country code. Required if email is not provided.

Example:

"9876543210"

countryCode
string

Country dial code (e.g. 91). Required when phoneNumber is provided.

Example:

"91"

email
string

User email. Required if phoneNumber is not provided.

Example:

"user@example.com"

expiry
integer

Auth request validity in seconds. Min: 60, Max: 86400. Default: 900.

Example:

300

tid
string

Template ID to pin a specific channel config template for the subsequent initiate call.

Example:

"your-template-id"

Response

HTTP 200 — Auth request created. Returns the requestId to pass to the SDK.

requestId
string
required

Unique auth request ID (ARID token). Pass this to the SDK and use it when polling Status Check.

Example:

"ARID_A1B2C3D4E5F6"