Authentication Guide

RYVL uses a phone-based authentication system with OTP (One-Time Password) verification.

Authentication Flow

Request Login Code: Send phone number to receive OTP
Verify Code: Submit OTP to authenticate
Complete Profile: Set username and user info
Matrix Integration: Automatic Matrix account creation

Token Management

The API uses Laravel Sanctum for authentication. After successful login, you'll receive a bearer token that must be included in all authenticated requests.

Header Format

Authorization: Bearer YOUR_TOKEN_HERE

Session Management

Tokens are valid for the session duration
Use /api/auth/logout to invalidate tokens
Matrix sessions are managed separately but synchronized

Required Headers

For all API requests:

Accept: application/json
Content-Type: application/json

Error Responses

Authentication errors return HTTP 401 with:

json

{
  "message": "Unauthenticated."
}

Authentication Guide ​

Authentication Flow ​

Token Management ​

Header Format ​

Session Management ​

Required Headers ​