# Sign In with Email/Phone Number

> **Concepts:** Learn about how [**Sign in with Email/Phone Number**](https://docs.cotter.app/features/verify-email-phone) works.

## Overview

Verifying email and phone number in your mobile app using our iOS SDK consists of the following steps: 

1. Import Cotter
2. Call Cotter's Login function
3. Receive user's email or phone number, and whether or not it's verified

## What you're building

![Cotter's iOS SDK](https://107069962-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M0QGDMRD8y_Kd-BpOvT%2F-M35aTPJkb7SxI2LkoSY%2F-M35bY9Zdu6RH-CxKHWp%2Fimage.png?alt=media\&token=97ae334f-a1ca-4ac7-9358-ca40cc2e2970)

## Steps

1. [Import Cotter as dependency](#step-1-import-cotter-as-dependency)
2. [Initialize Cotter with your API Key](#step-2-initialize-cotter-with-your-api-key)
3. [Call Cotter's Login Function](#step-3-call-cotters-login-function)
4. [Receive Token](#step-4-receive-token)

### Step 1. Import Cotter as dependency

We use Cocoapods as our SDK host. If you're using Cocoapods, add this to your Podfile

```
pod 'Cotter'
```

Then simply run `pod install`

### Step 2. Initialize Cotter with your API Key

You will have to do `import Cotter` on the file that will use Cotter. Then do initialization as follows

```swift
import Cotter

...

let cotter = Cotter(
    apiSecretKey: <your-api-secret-key>,
    apiKeyID: <your-api-key-id>,
    cotterURL: "https://www.cotter.app/api/v0",
    userID: <your-user-id>, // user's id that will be created later
    configuration: <your-cotter-config>
)
```

example:

```swift
import Cotter

...

let cotter = Cotter(
    apiSecretKey: "<API_SECRET_KEY>",
    apiKeyID: "<API_KEY_ID>",
    cotterURL: "https://www.cotter.app/api/v0",
    userID: "hello@example.com",
    configuration: [:]
  );
```

### Step 3. Call Cotter's login function

```swift
cotter.startPasswordlessLogin(
            parentView: <your-view-controller>,
            input: <your-input-text>,
            identifierField: <identifier>,
            type: <PHONE-or-EMAIL>,
            directLogin: <true-or-false>,
            cb: <your-callback>
        )
```

example:

```swift
@available(iOS 12.0, *)
class LoginViewController: UIViewController {
    @IBOutlet weak var loginButton: UIButton!
    @IBOutlet weak var phoneInput: UITextField!

    ...

    @IBAction func login(_ sender: Any) {
        // get the text input
        let textInput = self.phoneInput.text ?? ""

        func authCb(accessToken: String, error: Error?) -> Void{
            guard let error = error else {
                print("error logging in!")
                return
            }

            // error handling
            print("success!")
        }

        let cotter = Cotter(
          apiSecretKey: "<API_SECRET_KEY>",
          apiKeyID: "<API_KEY_ID>",
          cotterURL: "https://www.cotter.app/api/v0",
          userID: "hello@example.com",
          configuration: [:]
        );

        cotter.startPasswordlessLogin(
            parentView: self,
            input: textInput,
            identifierField: "phone",
            type: "PHONE",
            directLogin: true,
            cb: authCb
        )
    }
}
```

To login and enter email or phone number in Cotter's window, simply set the directLogin to false and set the input to empty string

```swift
cotter.startPasswordlessLogin(
    parentView: self,
    input: "",
    identifierField: "phone",
    type: "PHONE",
    directLogin: false,
    cb: authCb
)
```

{% hint style="info" %}
To send code/link via SMS or WhatsApp, you'll need to add some balance to you project in the [Dashboard](https://dev.cotter.app/).
{% endhint %}

### Step 4: Receive Token

The token will be received in the callback function. The token will be in the form as the following:

```javascript
"token": {
  "identifier": "+12345678910",
  "identifier_type": "PHONE",
  "receiver": "<your API_KEY_ID>",
  "expire_at": "1584687591",
  "signature": "G8dOKR6qLj+GiB0pD2aggVVdYddFoyy..."
}
```

The token contains the user's phone number, your API\_KEY\_ID in the receiver field, and a signature to ensure this is from Cotter. The token tells you that this identifier is verified.&#x20;

{% hint style="success" %}
You should include this JSON Object into your call to your backend for **Login** or **Registration**. Your backend should then verify that the [signature of the token](#step-5-validating-token) is valid.
{% endhint %}

## Validating Cotter's Access Token&#x20;

Checkout how to verify the OAuth Tokens from Cotter here:

{% content-ref url="../../getting-access-token/verifying-jwt-tokens" %}
[verifying-jwt-tokens](https://docs.cotter.app/getting-access-token/verifying-jwt-tokens)
{% endcontent-ref %}

## 🎉 You're done!

## Securing your Project

Since you'll be using your API Key from a front-end website or mobile app, your `API_KEY_ID` is exposed to anyone inspecting your code. Here are some ways to prevent abuse:

* [Only allow your website/app to use your API Key](https://docs.cotter.app/protecting-your-account/only-allow-your-website-app-to-use-your-api-key)
* [Rate Limit the number of authentication requests](https://docs.cotter.app/protecting-your-account/rate-limit)
* [Enable reCAPTCHA to prevent automated abuse](https://docs.cotter.app/protecting-your-account/enable-recaptcha-to-protect-against-automated-abuse)