> ## Documentation Index
> Fetch the complete documentation index at: https://docs.launchtoday.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Email Sign-in with OTP

> Set up passwordless email authentication using one-time passwords (OTP)

## Overview

Email sign-in is fully wired with Better Auth and Resend. Users enter their
email, receive a 6-digit one-time password (OTP), and verify it in-app to create
a session.

Resend is the email delivery service used by the boilerplate to send OTP codes.
OTP is a short, time-limited code that lets users sign in without a password.
The API generates the code, sends it via Resend, and verifies it when the user
enters it on mobile.

## Prerequisites

* A Resend account
* A Resend API key
* Backend environment configured

<Tip>
  Start with [Backend Authentication Setup](/authentication/backend-setup) so
  your API and env file are in place.
</Tip>

## How OTP works

1. The user enters their email in the app.
2. The API generates an OTP and sends it via Resend.
3. The user enters the OTP, and the API verifies it.
4. Better Auth creates the session and the app becomes authenticated.

## Where it is configured

The boilerplate already includes the email OTP wiring:

* Backend auth service and Resend send logic:
  `apps/api/src/services/auth.ts`
* Better Auth request handling:
  `apps/api/src/routes/auth/auth.ts`
* Mobile screens for email input and OTP verification:
  `apps/mobile/app/auth/email-signin.tsx`,
  `apps/mobile/app/auth/verify-email-otp.tsx`
* Session handling on mobile:
  `apps/mobile/lib/auth/session-context.tsx`

## Setup steps

### Step 1: Create a Resend API key

Sign in to [Resend](https://resend.com/), then create an API key from
the [API Keys](https://resend.com/api-keys) page.

### Step 2: Add the API key to your backend env

Copy `apps/api/example.env` to `apps/api/.env` if you have not already, then set
`RESEND_API_KEY` to your Resend API key.

Restart the API after updating backend environment values.

### Step 3: Verify your sending domain (production)

For production email delivery, verify your domain in
[Resend Domains](https://resend.com/domains) and follow their DNS instructions.

The sender address is defined in `apps/api/src/services/auth.ts`. Update it to
use an address on your verified domain.

### Step 4: Test email sign-in

Open the app, enter an email address, and request a code. You should receive an
OTP email and be able to complete the sign-in flow.

## Notes

* If you are not receiving emails in development, confirm your Resend API key
  and check spam folders.
* If OTP verification fails, confirm the API is running and reachable from the
  device, and restart it after env changes.
