Request an email verification code (login or signup)
Unified login + registration lookup. If the email is already registered, an email login code is sent. Otherwise the optional signup fields are consumed and a registration code is sent.
Headers
HMAC-SHA256 signature: HMAC-SHA256(secretKey, timestamp + METHOD + path + body). Optional -- when omitted, HMAC verification is skipped.
Request timestamp in epoch milliseconds. Required when x-signature is provided. Rejected if drift exceeds 5 minutes.
Body
OpenAPI schema McpRequestAuthLookupBodyDto. Mirrors GraphQL RequestAuthLookupInput.
The user's email address to which the lookup code will be sent.
"alice@example.com"
reCAPTCHA token. Verification is skipped automatically in non-production environments.
"recaptcha_token_here"
Device fingerprint / visitor id generated by the client for session binding.
"fp_browser_abc123"
Desired username (only used when registering a new user).
5"alice_bob"
Opt-in to marketing offers / communications (new users only).
Indicates the user has accepted the platform's terms and conditions (new users only).
Promotional code (new users only).
"WELCOME2025"
Referral code from an invitation link (new users only).
"REF-ABC-123"
Username of the referring user (new users only).
"referrer_user"
User id of the referring user (new users only).
"507f1f77bcf86cd799439011"