Skip to content

Instantly share code, notes, and snippets.

@redwan-faris-aswar

redwan-faris-aswar/phone-otp.md

Created June 5, 2025 11:49
Show Gist options
  • Save redwan-faris-aswar/049ced994534839b4d6155034181c0b9 to your computer and use it in GitHub Desktop.
Save redwan-faris-aswar/049ced994534839b4d6155034181c0b9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
phone-otp.md

Aswar Academy Registration System

Overview

The Aswar Academy Registration System provides a secure phone-based registration process with OTP (One-Time Password) verification via WhatsApp.

Authentication Endpoints

1. Registration

Endpoint: POST /api/auth/register

Register a new user with the following required information:

{
    "full_name": "User Name",
    "phone_number": "1234567890",
    "country_code": "+1",
    "password": "password123",
    "password_confirmation": "password123",
    "city": "city_name",
    "g_recaptcha_response": "recaptcha_token"
}

Optional fields:

  • image (File: jpeg, png, jpg, max: 2048KB)
  • email (String, unique)
  • birth_date (Date)
  • address (String, max: 255)
  • facebook_url (URL)
  • linkedin_url (URL)
  • skills (Array)
  • languages (Array)
  • work_experiences (Array)
  • eductions (Array)

Response:

{
    "message": "Registration initiated. Please verify your phone number with the code sent via WhatsApp."
}

2. Verify OTP

Endpoint: POST /api/auth/verify

Verify the OTP sent to WhatsApp:

{
    "phone_number": "1234567890",
    "otp": "123456",
    "g_recaptcha_response": "recaptcha_token"
}

Success Response:

{
    "user": {
        // User details
    },
    "token": "access_token",
    "message": "Registration completed successfully"
}

3. Resend OTP

Endpoint: POST /api/auth/resend-otp

Request a new OTP if the previous one expired or wasn't received:

{
    "phone_number": "1234567890"
}

Success Response:

{
    "message": "New verification code has been sent to your WhatsApp."
}

Error Responses

Registration Errors

  • Invalid input data: 400 Bad Request
  • Server error: 500 Internal Server Error

OTP Verification Errors

  • Invalid or expired OTP: 400 Bad Request
  • Missing registration data: 400 Bad Request
  • Server error: 500 Internal Server Error

Resend OTP Errors

  • No pending registration: 400 Bad Request
  • Server error: 500 Internal Server Error

Important Notes

  1. OTP Expiry

    • OTP codes are valid for 10 minutes
    • After expiry, use the resend OTP endpoint

  2. WhatsApp Verification

    • Make sure the phone number is active on WhatsApp
    • Check WhatsApp for the verification code

  3. Security Features

    • Rate limiting on all endpoints
    • reCAPTCHA verification
    • Secure password requirements
    • Phone number uniqueness check

Development Setup

  1. Environment Requirements

    • PHP >= 8.0
    • Redis server
    • Laravel framework
    • WhatsApp API integration

  2. Configuration

    • Set up Redis connection
    • Configure WhatsApp API credentials
    • Set up reCAPTCHA keys

Testing

To test the registration flow:

  1. Start with registration endpoint
  2. Check WhatsApp for OTP
  3. Verify with received OTP
  4. (Optional) Test OTP resend if needed

Support

For any issues or questions, please contact the development team or create an issue in the repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment