Challenges

Create an authentication challenge

Issue an authentication challenge for a user.

The response type depends on the authentication method:

OTP: Returns a Challenge with ID and expiration. The one-time passcode is sent to the user’s email or phone.
Passkey: Returns PasskeyAuthenticationOptions with WebAuthn challenge for authentication.

For OTP, either phoneNumber or emailAddress is required. For passkey, phoneNumber or emailAddress is optional (enables usernameless flow when omitted).

Challenges may only be issued on a fixed time interval.

POST

auth

challenges

Create an authentication challenge

curl --request POST \
  --url https://api.guile.app/auth/challenges \
  --header 'Content-Type: application/json' \
  --data '
{
  "method": "otp",
  "phoneNumber": "<string>",
  "emailAddress": "<string>"
}
'

{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "expiresAt": "2023-11-07T05:31:56Z"
}

Body

application/json

The request body for issuing a new authentication challenge.

For OTP authentication, either phoneNumber or emailAddress is required. For passkey authentication, phoneNumber or emailAddress is optional (enables usernameless flow when omitted).

method

enum<string>

default:otp

The authentication method to use. Defaults to "otp" for backward compatibility.

Available options:

otp,

passkey

phoneNumber

string<phoneNumber>

The phone number of a user.

For OTP: Required (unless emailAddress is provided) to send the one-time passcode.
For passkey: Optional. When provided, enables username-first authentication flow.

emailAddress

string<emailAddress>

The email address of a user.

For OTP: Required (unless phoneNumber is provided) to send the one-time passcode.
For passkey: Optional. When provided, enables username-first authentication flow.

Required string length: 6 - 100

Response

Created.

Option 1
Option 2

Response from creating an authentication challenge.

The response type depends on the authentication method specified in the request:

For OTP method: Returns a Challenge with ID and expiration
For passkey method: Returns PasskeyAuthenticationOptions with WebAuthn challenge

string<uuid>

required

The unique, opaque system identifier for a resource. This case-sensitive ID is also used as path parameters in URLs or in other properties or parameters that reference a resource by ID rather than URL.

expiresAt

string<date-time>

required

The expiration datetime of the challenge in the ISO-8601 format.

Verify authenticationUnified endpoint for verifying authentication using either OTP or passkey. The request body must include a method field to specify the authentication type: - **OTP**: Include challengeId and code to verify a one-time passcode - **Passkey**: Include assertion to verify a WebAuthn credential Upon successful verification, returns access and refresh tokens.

⌘I

Create an authentication challenge

curl --request POST \
  --url https://api.guile.app/auth/challenges \
  --header 'Content-Type: application/json' \
  --data '
{
  "method": "otp",
  "phoneNumber": "<string>",
  "emailAddress": "<string>"
}
'

{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "expiresAt": "2023-11-07T05:31:56Z"
}

Public APIs

API Concepts

Admin

Authentication

Appointments

Barbers

Businesses

Clients

Customers

Fees

Integrations

Invitations

Payouts

Photos

Refunds

Services

Create an authentication challenge

Body

Response