Overview
Auth flow
Section titled “Auth flow”Three-step email-first flow. Each success response captures fields into the environment for the next step.
Decision tree:
| From step | Response | Next request to run |
|---|---|---|
email-check | userFound: true (SMS PIN fires automatically) | verify-pin |
email-check | userFound: false | register |
register | 201 {phoneLastFourDigits} (SMS PIN fires) | verify-pin |
verify-pin | 200 {accessToken, ...} (captured automatically) | anything in Public / Bidder |
JSON variable gotcha: Postman env variables that carry string values (like {{email}}) must be wrapped in quotes inside the JSON body. Example: "email": "{{email}}", not "email": {{email}}. The auth-flow bodies here are already correctly quoted.
Mobile format: three formats accepted on register — E.164 +13035551234, international 13035551234, or local 3035551234 (with countryCode: "US" as the region hint).