# Sign In with Email/Phone Number > **Concepts:** Learn about how [**Sign in with Email/Phone Number**](https://docs.cotter.app/features/verify-email-phone) works. ## Overview Verifying email and phone number in your mobile app using our iOS SDK consists of the following steps: 1. Import Cotter 2. Call Cotter's Login function 3. Receive user's email or phone number, and whether or not it's verified ## What you're building ![Cotter's iOS SDK](https://107069962-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M0QGDMRD8y_Kd-BpOvT%2F-M35aTPJkb7SxI2LkoSY%2F-M35bY9Zdu6RH-CxKHWp%2Fimage.png?alt=media\&token=97ae334f-a1ca-4ac7-9358-ca40cc2e2970) ## Steps 1. [Import Cotter as dependency](#step-1-import-cotter-as-dependency) 2. [Initialize Cotter with your API Key](#step-2-initialize-cotter-with-your-api-key) 3. [Call Cotter's Login Function](#step-3-call-cotters-login-function) 4. [Receive Token](#step-4-receive-token) ### Step 1. Import Cotter as dependency We use Cocoapods as our SDK host. If you're using Cocoapods, add this to your Podfile ``` pod 'Cotter' ``` Then simply run `pod install` ### Step 2. Initialize Cotter with your API Key You will have to do `import Cotter` on the file that will use Cotter. Then do initialization as follows ```swift import Cotter ... let cotter = Cotter( apiSecretKey: , apiKeyID: , cotterURL: "https://www.cotter.app/api/v0", userID: , // user's id that will be created later configuration: ) ``` example: ```swift import Cotter ... let cotter = Cotter( apiSecretKey: "", apiKeyID: "", cotterURL: "https://www.cotter.app/api/v0", userID: "hello@example.com", configuration: [:] ); ``` ### Step 3. Call Cotter's login function ```swift cotter.startPasswordlessLogin( parentView: , input: , identifierField: , type: , directLogin: , cb: ) ``` example: ```swift @available(iOS 12.0, *) class LoginViewController: UIViewController { @IBOutlet weak var loginButton: UIButton! @IBOutlet weak var phoneInput: UITextField! ... @IBAction func login(_ sender: Any) { // get the text input let textInput = self.phoneInput.text ?? "" func authCb(accessToken: String, error: Error?) -> Void{ guard let error = error else { print("error logging in!") return } // error handling print("success!") } let cotter = Cotter( apiSecretKey: "", apiKeyID: "", cotterURL: "https://www.cotter.app/api/v0", userID: "hello@example.com", configuration: [:] ); cotter.startPasswordlessLogin( parentView: self, input: textInput, identifierField: "phone", type: "PHONE", directLogin: true, cb: authCb ) } } ``` To login and enter email or phone number in Cotter's window, simply set the directLogin to false and set the input to empty string ```swift cotter.startPasswordlessLogin( parentView: self, input: "", identifierField: "phone", type: "PHONE", directLogin: false, cb: authCb ) ``` {% hint style="info" %} To send code/link via SMS or WhatsApp, you'll need to add some balance to you project in the [Dashboard](https://dev.cotter.app/). {% endhint %} ### Step 4: Receive Token The token will be received in the callback function. The token will be in the form as the following: ```javascript "token": { "identifier": "+12345678910", "identifier_type": "PHONE", "receiver": "", "expire_at": "1584687591", "signature": "G8dOKR6qLj+GiB0pD2aggVVdYddFoyy..." } ``` The token contains the user's phone number, your API\_KEY\_ID in the receiver field, and a signature to ensure this is from Cotter. The token tells you that this identifier is verified. {% hint style="success" %} You should include this JSON Object into your call to your backend for **Login** or **Registration**. Your backend should then verify that the [signature of the token](#step-5-validating-token) is valid. {% endhint %} ## Validating Cotter's Access Token Checkout how to verify the OAuth Tokens from Cotter here: {% content-ref url="../../getting-access-token/verifying-jwt-tokens" %} [verifying-jwt-tokens](https://docs.cotter.app/getting-access-token/verifying-jwt-tokens) {% endcontent-ref %} ## 🎉 You're done! ## Securing your Project Since you'll be using your API Key from a front-end website or mobile app, your `API_KEY_ID` is exposed to anyone inspecting your code. Here are some ways to prevent abuse: * [Only allow your website/app to use your API Key](https://docs.cotter.app/protecting-your-account/only-allow-your-website-app-to-use-your-api-key) * [Rate Limit the number of authentication requests](https://docs.cotter.app/protecting-your-account/rate-limit) * [Enable reCAPTCHA to prevent automated abuse](https://docs.cotter.app/protecting-your-account/enable-recaptcha-to-protect-against-automated-abuse) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cotter.app/sdk-reference/ios/ios-sdk-verify-email-phone.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.