Skip to main content
POST
/
v1
/
auth
/
request-code
curl -X POST https://gpuoutlet.ai/v1/auth/request-code \
  -H "Content-Type: application/json" \
  -d '{"email":"you@example.com","intent":"signup"}'

{
  "ok": true,
  "created": true
}
Triggers an email containing a 6-digit code, valid for 10 minutes.
email
string
required
The email address to send the code to. Must be a valid format.
intent
string
Optional. Hints to the server whether the user is creating a new account or signing into an existing one. Affects telemetry only — the actual account-creation behavior is the same either way (we upsert on email).
ok
boolean
Always true on success.
created
boolean
true if a new user record was created (the email was not in our system before), false if this email already had an account.
curl -X POST https://gpuoutlet.ai/v1/auth/request-code \
  -H "Content-Type: application/json" \
  -d '{"email":"you@example.com","intent":"signup"}'

{
  "ok": true,
  "created": true
}

Rate limit

One request per email address per 30 seconds. Subsequent attempts get 429 code_request_rate_limited.

What happens on the server

  1. Validate the email format
  2. Upsert a user row by email — creates one if missing
  3. Generate a 6-digit code, hash and store with 10-minute TTL
  4. Send the email via our email provider
  5. Return success
We don’t reveal whether the email already existed via the error path — both signup and login return 200 ok regardless. The created field is the only signal, and it’s only useful to clients that need it (the dashboard does, to pick between welcome and direct-to-app routing).