Developer Documentation

Mobile Auth

Mobile Authentication

Mobile auth endpoints mirror the base auth flow with device-aware responses:

• POST /mobile/auth/register/customer
• POST /mobile/auth/register/merchant
• POST /mobile/auth/login
• POST /mobile/auth/refresh
• POST /mobile/auth/logout
• POST /mobile/auth/logout-all
• POST /mobile/auth/verify-phone
• POST /mobile/auth/resend-otp
• POST /mobile/auth/forgot-password
• POST /mobile/auth/reset-password

Login requires phone, password, device_id, device_name, platform, and app_version.

The response includes tokens, profile role, onboarding status, KYC status, wallet status, and required_next_action:

• verify_phone
• complete_kyc
• await_merchant_approval
• set_transaction_pin
• none

Refresh tokens rotate. Device changes are captured for risk review.