Documentation · v1.1.0

Ship phone‑OTP login without the legwork.

One SDK per stack, one REST API, one drop-in dashboard. Drop QuickAuth into a new product in under five minutes — or swap in for your existing OTP / messaging provider without rewriting your flow.

30-second taste

The web SDK is the smallest surface — install, ask for consent, kick off an OTP. Pick the SDK page that matches your stack for everything else.

import { QuickAuth } from '@quickauth/web'

QuickAuth.init({ publicKey: 'qa_live_***' })
await QuickAuth.consent.set(true)

const { sessionId } = await QuickAuth.auth.startOTP({
  phone: '+919876543210',
  channel: 'auto',
})

const { verified, requestId } = await QuickAuth.auth.verifyOTP({
  sessionId,
  code: '123456',
})
// forward requestId to YOUR backend → confirms server-to-server,
// mints your session JWT against your user table.

Start with your stack

Server-side

Your mobile and web apps never embed client_secret. Your backend mints short-lived sessionTokens on demand — same pattern Twilio Verify and Stripe use for mobile SDKs.

Sandbox vs live keys

Every account ships with both a qa_test_*** and a qa_live_*** key. Test keys never bill, never send real SMS — they return a fixed OTP 123456 for any phone number so you can wire your UI without burning credits.

Concepts that matter

  • Channel routing. Pass channel: 'auto' and we try WhatsApp first on numbers that have it, fall back to SMS otherwise. Voice fallback opt-in.
  • Consent gating. The SDKs refuse to send identifiable fields until you call consent.set(true). DPDP and GDPR safe out of the box.
  • Attribution. Every SDK captures launch source (UTMs, qa_clid, install referrer) and tracks conversions — so the same install that issued the OTP also closes the marketing loop.

Need a hand?

Open an issue on any of the SDK repos under github.com/quickauthin or drop a note via the contact form.