This endpoint verifies an SMS or email code for new and returning buyers. It will return either an anonymous or buyer JWT.
A buyer is looked up using the phone/email provided in the request to
POST /api/auth/send-code. If a buyer successfully found, that buyer is logged in, and a buyer JWT is returned. If the buyer is not found, an anonymous JWT is returned to the user which can be used to create a new buyer. There are a few notable exceptions for which an anonymous JWT may be returned even if the buyer is found
If the buyer is found, the phone/email provided in the request to
POST /api/auth/send-codeis matched against what's on the buyer. If there is a mismatch, and the buyer has not yet provided tenant-specific PII information (name/IIN/DOB), an anonymous JWT will be returned.
If the email provided in the request to
POST /api/auth/send-codedoes not match what is found on the buyer, and the PII information provided as credentials to this endpoint also don't match what is found on the buyer, an anonymous JWT will be returned.