$_tuish
REST API

Authentication API

OTP-based authentication for returning customers

Authentication API

For returning customers, Tuish uses SMS OTP verification linked to their phone number.

Request Login OTP

POST /v1/auth/login/init

Sends an OTP to the customer's verified phone number.

Request

{
  "email": "user@example.com"
}

Response

{
  "otpId": "otp_xxx",
  "phoneMasked": "***-***-1234",
  "expiresIn": 300
}

Verify Login

POST /v1/auth/login/verify

Verifies the OTP and returns an identity token.

Request

{
  "email": "user@example.com",
  "otpId": "otp_xxx",
  "otp": "123456",
  "deviceFingerprint": "machine_xxx"
}

Response

{
  "identityToken": "eyJhbGciOiJIUzI1NiIs...",
  "licenses": [
    {
      "id": "lic_xxx",
      "productId": "prod_xxx",
      "productName": "My App",
      "status": "active",
      "features": [],
      "issuedAt": 1704067200000,
      "expiresAt": null,
      "licenseKey": "eyJhbGciOiJFZERT..."
    }
  ]
}

licenseKey is returned on login so clients can cache it for offline verification.

Using the Identity Token

After login, include the identity token in subsequent requests:

curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  https://api.tuish.dev/v1/purchase/init

The identity token is required for:

  • Initializing terminal purchases
  • Requesting purchase confirmation OTPs
  • Confirming purchases with saved cards

API Overview

REST API for the Tuish platform

Checkout API

Create and manage Stripe checkout sessions

On this page

Authentication APIRequest Login OTPRequestResponseVerify LoginRequestResponseUsing the Identity Token