Ship phone‑OTP login without the legwork.
One SDK per stack, one REST API, one drop-in dashboard. Drop QuickAuth into a new product in under five minutes — or swap in for your existing OTP / messaging provider without rewriting your flow.
30-second taste
The web SDK is the smallest surface — install, ask for consent, kick off an OTP. Pick the SDK page that matches your stack for everything else.
import { QuickAuth } from '@quickauth/web'
QuickAuth.init({ publicKey: 'qa_live_***' })
await QuickAuth.consent.set(true)
const { sessionId } = await QuickAuth.auth.startOTP({
phone: '+919876543210',
channel: 'auto',
})
const { verified, requestId } = await QuickAuth.auth.verifyOTP({
sessionId,
code: '123456',
})
// forward requestId to YOUR backend → confirms server-to-server,
// mints your session JWT against your user table.Start with your stack
@quickauth/web
React, Vue, vanilla — anything that runs JavaScript. WebOTP API for SMS auto-fill.
npm install @quickauth/webReact Native@quickauth/react-native
Native SMS Retriever on Android, system one-time-code on iOS. Pre-built UI included.
npm install @quickauth/react-nativeiOS · SwiftQuickAuthIn
SwiftUI + UIKit components, SPM and CocoaPods. Pure Swift, no third-party deps.
pod 'QuickAuthIn', '~> 1.1.0'Android · Kotlinin.quickauth:sdk
Jetpack Compose components, SMS Retriever auto-fill (no permission prompt).
implementation('in.quickauth:sdk:1.1.0')Flutter · Dartquickauth
iOS + Android native bridges, Material widgets. Single Dart package.
flutter pub add quickauth5 minutesQuickstart guide
Pick your stack and follow a focused install → initialize → first OTP walkthrough.
Server-side
Your mobile and web apps never embed client_secret. Your backend mints short-lived sessionTokens on demand — same pattern Twilio Verify and Stripe use for mobile SDKs.
Backend integration
The sessionToken pattern, mint-token endpoint examples for Node, Python, PHP, and Go.
RESTAuth API reference
Every OTP endpoint, every parameter, every response shape — with copy-pasteable curl.
WhatsAppWhatsApp Business API
Create templates, send single messages and bulk campaigns, reply in the 24h window, read number health.
Sandbox vs live keys
Every account ships with both a qa_test_*** and a qa_live_*** key. Test keys never bill, never send real SMS — they return a fixed OTP 123456 for any phone number so you can wire your UI without burning credits.
Concepts that matter
- Channel routing. Pass
channel: 'auto'and we try WhatsApp first on numbers that have it, fall back to SMS otherwise. Voice fallback opt-in. - Consent gating. The SDKs refuse to send identifiable fields until you call
consent.set(true). DPDP and GDPR safe out of the box. - Attribution. Every SDK captures launch source (UTMs,
qa_clid, install referrer) and tracks conversions — so the same install that issued the OTP also closes the marketing loop.
Need a hand?
Open an issue on any of the SDK repos under github.com/quickauthin or drop a note via the contact form.