Customer auth

Send a 6-digit login code to the customer's email.

Always returns success to prevent email enumeration.

Request Body

emailEmail

Formatemail

tenant_slugTenant Slug

Length1 <= length <= 100

Response Body

curl -X POST "https://loading/v1/customer-auth/login" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "tenant_slug": "string"
  }'

curl -X POST "https://loading/v1/customer-auth/login" \  -H "Content-Type: application/json" \  -d '{    "email": "user@example.com",    "tenant_slug": "string"  }'

{}

{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string"
    }
  ]
}

Customer Logout

Revoke customer refresh token and clear portal cookies.

Request Body

refresh_token?Refresh Token

Default""

Response Body

curl -X POST "https://loading/v1/customer-auth/logout" \
  -H "Content-Type: application/json" \
  -d '{}'

curl -X POST "https://loading/v1/customer-auth/logout" \  -H "Content-Type: application/json" \  -d '{}'

Empty

{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string"
    }
  ]
}

Customer Refresh

Rotate customer access + refresh tokens.

Request Body

refresh_token?Refresh Token

Default""

Response Body

curl -X POST "https://loading/v1/customer-auth/refresh" \
  -H "Content-Type: application/json" \
  -d '{}'

curl -X POST "https://loading/v1/customer-auth/refresh" \  -H "Content-Type: application/json" \  -d '{}'

{
  "access_token": "string",
  "customer_id": "160c0c4b-9966-4dc1-a916-8407eb10d74e",
  "expires_in": 3600,
  "refresh_token": "string",
  "tenant_id": "34f5c98e-f430-457b-a812-92637d0c6fd0",
  "token_type": "bearer"
}

{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string"
    }
  ]
}

Customer Programmatic Token

Programmatic portal token endpoint — exchanges magic-link code for tokens, NEVER sets cookies.

Request Body

codeCode

Length6 <= length <= 6

emailEmail

Formatemail

tenant_slugTenant Slug

Length1 <= length <= 100

Response Body

curl -X POST "https://loading/v1/customer-auth/token" \
  -H "Content-Type: application/json" \
  -d '{
    "code": "string",
    "email": "user@example.com",
    "tenant_slug": "string"
  }'

curl -X POST "https://loading/v1/customer-auth/token" \  -H "Content-Type: application/json" \  -d '{    "code": "string",    "email": "user@example.com",    "tenant_slug": "string"  }'

{
  "access_token": "string",
  "customer_id": "160c0c4b-9966-4dc1-a916-8407eb10d74e",
  "expires_in": 3600,
  "refresh_token": "string",
  "tenant_id": "34f5c98e-f430-457b-a812-92637d0c6fd0",
  "token_type": "bearer"
}

{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string"
    }
  ]
}

Customer Verify

Exchange a 6-digit code for access + refresh tokens.

Request Body

codeCode

Length6 <= length <= 6

emailEmail

Formatemail

tenant_slugTenant Slug

Length1 <= length <= 100

Response Body

curl -X POST "https://loading/v1/customer-auth/verify" \
  -H "Content-Type: application/json" \
  -d '{
    "code": "string",
    "email": "user@example.com",
    "tenant_slug": "string"
  }'

curl -X POST "https://loading/v1/customer-auth/verify" \  -H "Content-Type: application/json" \  -d '{    "code": "string",    "email": "user@example.com",    "tenant_slug": "string"  }'

{
  "access_token": "string",
  "customer_id": "160c0c4b-9966-4dc1-a916-8407eb10d74e",
  "expires_in": 3600,
  "refresh_token": "string",
  "tenant_id": "34f5c98e-f430-457b-a812-92637d0c6fd0",
  "token_type": "bearer"
}

{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string"
    }
  ]
}

Customer auth

200

422

204

422

200

422

200

422

200

422