Verify code & start session

curl -X POST https://gpuoutlet.ai/v1/auth/verify-code \
  -H "Content-Type: application/json" \
  -d '{"email":"you@example.com","code":"123456"}' \
  --cookie-jar cookies.txt

{
  "user": {
    "id": "usr_01H8E3...",
    "email": "you@example.com",
    "createdAt": "2026-06-07T08:14:22Z"
  },
  "expiresAt": "2026-07-07T08:14:22Z"
}

POST

auth

verify-code

curl -X POST https://gpuoutlet.ai/v1/auth/verify-code \
  -H "Content-Type: application/json" \
  -d '{"email":"you@example.com","code":"123456"}' \
  --cookie-jar cookies.txt

{
  "user": {
    "id": "usr_01H8E3...",
    "email": "you@example.com",
    "createdAt": "2026-06-07T08:14:22Z"
  },
  "expiresAt": "2026-07-07T08:14:22Z"
}

string

required

The email the code was sent to. Must exactly match.

code

string

required

The 6-digit code received by email.

user

object

The signed-in user.

Show user

string

Stable user ID (usr_…)

string

Verified email

createdAt

string

ISO 8601 UTC timestamp

expiresAt

string

ISO 8601 UTC timestamp when the session will expire (default: 30 days from now, refreshed on every authenticated request).

curl -X POST https://gpuoutlet.ai/v1/auth/verify-code \
  -H "Content-Type: application/json" \
  -d '{"email":"you@example.com","code":"123456"}' \
  --cookie-jar cookies.txt

{
  "user": {
    "id": "usr_01H8E3...",
    "email": "you@example.com",
    "createdAt": "2026-06-07T08:14:22Z"
  },
  "expiresAt": "2026-07-07T08:14:22Z"
}

Attempt limit

5 wrong attempts per code. After the 5th, the code is invalidated even if you guess correctly next — you’ll need to request a new one.

On success

The server:

Marks the code as consumed (single-use)
Creates a session record in the database
Sets the sid HttpOnly cookie on the response
Returns the user + session expiry

After this, every authenticated endpoint accepts the cookie.

Request a verification code Get current user

⌘I

​Attempt limit

​On success

Attempt limit

On success