> ## Documentation Index
> Fetch the complete documentation index at: https://docs.echozero.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Request an email verification code (login or signup)

> Unified login + registration lookup. If the email is already registered, an email login code is sent. Otherwise the optional signup fields are consumed and a registration code is sent.



## OpenAPI

````yaml https://mcp.echozero.app/api/docs-json post /api/auth/lookup
openapi: 3.0.0
info:
  title: EchoZero MCP API
  description: >-
    EchoZero MCP Server - Developer API for agent management, trading,
    marketplace, and AI chat.


    **Rate Limiting:** All endpoints enforce per-API-key rate limits. Tiers:
    free (60 req/min), standard (300 req/min), premium (1000 req/min). Every
    response includes `X-RateLimit-Limit`, `X-RateLimit-Remaining`,
    `X-RateLimit-Reset` headers. Exceeding the limit returns `429 Too Many
    Requests` with a `Retry-After` header.
  version: '1.0'
  contact: {}
servers:
  - url: https://mcp.echozero.app
    description: Production
security: []
tags:
  - name: MCP Protocol
    description: >-
      Model Context Protocol (Streamable HTTP): `/mcp`, `/mcp/sse` — not under
      `/api`; same API key as REST
  - name: Health
    description: Server health check
  - name: API Keys
    description: API key generation, listing, and revocation
  - name: User
    description: >-
      User profile, sessions, social, onboarding, internal agent subscriptions,
      and bot activations (v1: /v1/users/me)
  - name: Token
    description: Token data and trending
  - name: Trade
    description: Trade execution and history
  - name: Strategy
    description: Strategy (trading bot) configuration and control
  - name: Agent
    description: Agent registration and management
  - name: AI
    description: AI chat, intent, and insights
  - name: Wallet
    description: Wallet operations, deposits, and withdrawals
  - name: Notification
    description: Notification management and settings
  - name: Auth
    description: >-
      Public authentication: signup / login lookup, code verification, Google
      OAuth, refresh, and sign-out. Returns `accessToken` / `refreshToken` in
      the JSON body.
  - name: OAuth
    description: >-
      OAuth 2.1 authorization-code + PKCE for AI assistant clients:
      `/oauth/authorize`, `/oauth/token`, `/oauth/introspect`, `/status`.
  - name: Activity
    description: User trade activity list and search
  - name: Feed
    description: Social activity feed timeline
  - name: Earn
    description: Leaderboard, rewards, and referrals
  - name: Statics
    description: Countries, languages, and static data
  - name: Misc
    description: File uploads and utility endpoints
  - name: Developer
    description: Developer registration and profile
  - name: Developer dashboard
    description: >-
      Per-agent dashboard: subscribers (anonymized), performance detail, signal
      history (v1)
  - name: Developer Agent
    description: Developer agent listings and management
  - name: Developer Agents (Marketplace)
    description: Public browse, search, and subscribe to external developer-listed agents
  - name: Admin
    description: Admin-only endpoints for review, approval, and platform management
  - name: Webhooks
    description: >-
      Inbound provider webhooks (no API key). Telegram signal-bot uses
      `X-Telegram-Bot-Api-Secret-Token` when configured.
paths:
  /api/auth/lookup:
    post:
      tags:
        - Auth
      summary: Request an email verification code (login or signup)
      description: >-
        Unified login + registration lookup. If the email is already registered,
        an email login code is sent. Otherwise the optional signup fields are
        consumed and a registration code is sent.
      operationId: McpAuthController_requestAuthLookup
      parameters:
        - name: x-signature
          in: header
          required: false
          description: >-
            HMAC-SHA256 signature: HMAC-SHA256(secretKey, timestamp + METHOD +
            path + body). Optional -- when omitted, HMAC verification is
            skipped.
          schema:
            type: string
        - name: x-timestamp
          in: header
          required: false
          description: >-
            Request timestamp in epoch milliseconds. Required when x-signature
            is provided. Rejected if drift exceeds 5 minutes.
          schema:
            type: string
      requestBody:
        required: true
        description: >-
          OpenAPI schema **McpRequestAuthLookupBodyDto**. Mirrors GraphQL
          `RequestAuthLookupInput`.
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/McpRequestAuthLookupBodyDto'
            examples:
              minimal:
                summary: Login / existing user
                description: >-
                  Smallest valid payload -- used when the email is already
                  registered. The optional signup fields are ignored for
                  existing users.
                value:
                  email: alice@example.com
                  recaptcha: recaptcha_token_here
                  fingerprint: fp_browser_abc123
              fullAllFields:
                summary: Register new user (all fields)
                description: >-
                  Exhaustive payload the controller accepts. Every optional
                  field is populated -- mirrors GraphQL
                  `RequestAuthLookupInput`.
                value:
                  email: newuser@example.com
                  recaptcha: recaptcha_token_here
                  fingerprint: fp_browser_abc123
                  username: new_user
                  receiveMarketingOffers: true
                  agreedToTerms: true
                  promoCode: WELCOME2025
                  referralCode: REF-ABC-123
                  referrerUsername: referrer_user
                  referrerUserId: 507f1f77bcf86cd799439011
      responses:
        '200':
          description: Lookup request accepted; email dispatched when applicable.
          content:
            application/json:
              schema:
                allOf:
                  - $ref: '#/components/schemas/McpSuccessResponseDto'
                  - properties:
                      data:
                        $ref: '#/components/schemas/McpRequestLookupResponseDto'
        '400':
          description: Validation error (email, recaptcha, username, ...).
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/McpErrorResponseDto'
        '403':
          description: reCAPTCHA verification failed.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/McpErrorResponseDto'
        '429':
          description: Too many lookup requests -- retry after `nextRequestAt`.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/McpErrorResponseDto'
components:
  schemas:
    McpRequestAuthLookupBodyDto:
      type: object
      properties:
        email:
          type: string
          description: The user's email address to which the lookup code will be sent.
          example: alice@example.com
        recaptcha:
          type: string
          description: >-
            reCAPTCHA token. Verification is skipped automatically in
            non-production environments.
          example: recaptcha_token_here
        fingerprint:
          type: string
          description: >-
            Device fingerprint / visitor id generated by the client for session
            binding.
          example: fp_browser_abc123
        username:
          type: string
          description: Desired username (only used when registering a new user).
          minLength: 5
          example: alice_bob
        receiveMarketingOffers:
          type: boolean
          description: Opt-in to marketing offers / communications (new users only).
        agreedToTerms:
          type: boolean
          description: >-
            Indicates the user has accepted the platform's terms and conditions
            (new users only).
        promoCode:
          type: string
          description: Promotional code (new users only).
          example: WELCOME2025
        referralCode:
          type: string
          description: Referral code from an invitation link (new users only).
          example: REF-ABC-123
        referrerUsername:
          type: string
          description: Username of the referring user (new users only).
          example: referrer_user
        referrerUserId:
          type: string
          description: User id of the referring user (new users only).
          example: 507f1f77bcf86cd799439011
      required:
        - email
        - recaptcha
        - fingerprint
    McpSuccessResponseDto:
      type: object
      properties:
        success:
          type: boolean
          example: true
        data:
          type: object
          description: Endpoint-specific payload
          additionalProperties: true
      required:
        - success
        - data
    McpRequestLookupResponseDto:
      type: object
      properties:
        status:
          type: string
          enum:
            - success
            - error
        userId:
          type: string
          description: Resolved user id when the user exists.
        email:
          type: string
          description: Echo of the email used.
        nextRequestAt:
          type: number
          description: Unix epoch seconds after which a new lookup may be requested.
        mfaRequired:
          type: boolean
          description: MFA verification required to complete login.
        errorMessage:
          type: string
          description: Error message when `status === error`.
        unlocksAt:
          type: string
          format: date-time
      required:
        - status
    McpErrorResponseDto:
      type: object
      properties:
        success:
          type: boolean
          example: false
        error:
          $ref: '#/components/schemas/McpErrorBodyDto'
      required:
        - success
        - error
    McpErrorBodyDto:
      type: object
      properties:
        code:
          type: string
          example: NOT_FOUND
        message:
          type: string
          example: Resource not found
      required:
        - code
        - message

````