# Authentication

Operations related to user signup initiation and login.

## Register or Check User Existence

 - [POST /auth/signup](https://docs.cybersign.gt/openapi/authentication/authsignup.md): Attempts to register a new user with the provided email. If the user already exists, it returns a 200 OK. If the user is successfully created, it returns a 201 Created. Both responses return the user's email.

## Initiate Login (Send Email OTP)

 - [POST /auth/login](https://docs.cybersign.gt/openapi/authentication/authlogininitiate.md): Initiates the login process for a given email by sending an OTP via email. Returns a session identifier required for the confirmation step. Responds with 200 OK even if the email is not registered to prevent user enumeration.

## Confirm Login (Verify Email OTP)

 - [POST /auth/login-confirmation](https://docs.cybersign.gt/openapi/authentication/authloginconfirm.md): Confirms the login attempt by verifying the provided email OTP against the session identifier returned by /auth/login. On success, returns standard OAuth2 tokens (for subsequent API calls) and onboarding status/details if applicable.