Skip to main content
POST
/
v1
/
authentication
/
bot
/
send-code
curl -X POST https://portal-api.7331.org/v1/authentication/bot/send-code \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your-bot-api-key" \
  -d '{
    "platform": "discord",
    "platform_user_id": "123456789012345678",
    "platform_username": "niels",
    "platform_avatar_url": "https://cdn.discordapp.com/avatars/123456789012345678/abc.png"
  }'

{
  "code": "Vy8nFKq2",
  "expires_at": "2026-03-31T16:03:16.763528Z"
}

Documentation Index

Fetch the complete documentation index at: https://docs.7331.org/llms.txt

Use this file to discover all available pages before exploring further.

Quick login for returning users. The bot generates a login code directly and DMs it to the user, who enters it on the frontend. Only works for existing users. New signups must use the web-initiated flow. The bot’s /otp command tries quick login first, then falls back to checking for a pending web code.
  1. User types /login in Discord or Telegram
  2. Bot calls this endpoint with the user’s platform identity
  3. Bot receives the code and DMs it to the user
  4. User visits the frontend, clicks “I already have a code”, enters the code
  5. User verifies the code via POST /v1/authentication/verify
If a code already exists for this platform identity (e.g. user spammed /login), the same code is returned with the remaining TTL. No duplicate codes are created.
X-API-Key
string
required
Bot API key.
platform
string
required
Platform identifier (e.g. discord, telegram).
platform_user_id
string
required
Platform-specific user ID to generate the login code for.
platform_username
string
required
User’s current username on the platform.
platform_avatar_url
string
required
User’s current avatar URL on the platform.

Response

code
string
The generated login code. null if code generation failed.
expires_at
string
ISO 8601 UTC timestamp for when the code expires. null if no code.
curl -X POST https://portal-api.7331.org/v1/authentication/bot/send-code \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your-bot-api-key" \
  -d '{
    "platform": "discord",
    "platform_user_id": "123456789012345678",
    "platform_username": "niels",
    "platform_avatar_url": "https://cdn.discordapp.com/avatars/123456789012345678/abc.png"
  }'

{
  "code": "Vy8nFKq2",
  "expires_at": "2026-03-31T16:03:16.763528Z"
}
Bot-initiated codes do not use IP binding. Security relies on: bot API key authentication, the 8-character random code with 10-minute TTL, and platform DM delivery ensuring only the correct user receives the code.
After 5 consecutive bot logins without a web login, this endpoint returns 403 with "Web login required". The counter resets when the user completes a web-initiated login via POST /v1/authentication/verify. Configurable via BOT_LOGIN_WEB_REQUIRED_EVERY.