DocsAPI ReferenceBlog
Authentication

Authentication Module

Identity management and session control via Email OTP and secure cookies.

Description

The Authentication module provides the gateway to the VeriWorkly ecosystem. It utilizes a passwordless Email OTP (One-Time Password) flow to ensure a friction-less and secure user experience.

Once authenticated, the system establishes a secure, HTTP-only session that persists across the dashboard and resume builder.

Authentication Flow

VeriWorkly follows a simple 2-step verification process:

  1. OTP Request: The user submits their email. A short-lived, numeric code is sent via our SMTP provider.
  2. Verification: The user submits the code. Upon success, a secure cookie is set in the browser, and the user is granted access to their private data.

Security & session management

FeatureImplementation
ProtocolPasswordless Email OTP.
Session TypeHTTP-only, Secure, SameSite cookies to prevent CSRF and XSS.
ProviderPowered by Better Auth with a Prisma adapter for persistent session storage.

Available Endpoints

Post/auth/send-otp

Send OTP

Initiate login by sending a 6-digit code to an email.

Post

/auth/verify-otp

Verify OTP

Validate code and establish a secure session.

Get

/auth/get-session

Get Session

Retrieve active session data and status.

Post/auth/sign-out

Sign Out

Invalidate session and clear authentication cookies.

Health CheckGET

Check the health status of the server, database, and Redis.

Send OTPPOST

Sends a one-time password (OTP) to the specified email address.

On this page

DescriptionAuthentication FlowSecurity & session managementAvailable Endpoints
Edit on GitHub