The service uses JSON Web Tokens (JWT) for secure authentication:
Access Token: Valid for 1 hour, used for API requests
Refresh Token: Valid for 24 hours, used to obtain new access tokens
Algorithm: HS256
Format: Bearer token in Authorization header
One-Time Passwords (OTP) are used for:
Email verification during signup
Passwordless login
Password reset
Email change verification
OTP Length: 6 digits
OTP Validity: 3 minutes
Rate Limiting: 3 requests per 30 seconds
Minimum length: 8 characters
Must contain letters and numbers
Cannot be too common
Cannot be similar to user attributes
EVM wallet address
Message used for signing transaction
Signature generated using the wallet address and the message
Last updated 6 months ago
