Skip to content
autom8y

Lookup Businesses By Email

POST
/auth/businesses-by-email

Look up businesses associated with an email address.

This endpoint supports the email-first login flow where users enter their email, then select from their associated businesses before entering password.

Security measures:

  • Returns empty list for non-existent emails (prevents enumeration)
  • Rate limited to 10 requests per minute per IP
  • Timing-safe responses to prevent timing-based enumeration

Traces to: FR-LOGIN-003, ADR-AUTH-LOGIN-001, TDD-AUTH-LOGIN-UI-001

Args: request: Business lookup request with email http_request: HTTP request object (for rate limiting) db: Database session

Returns: List of businesses associated with the email (empty if not found)

Raises: 429: Rate limit exceeded

Request Body required

Section titled “Request Body required ”
BusinessLookupRequest

Request schema for looking up businesses by email.

object
email
required
Email

Email address to look up

string format: email

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Successful Response

BusinessLookupResponse

Response schema for business lookup.

Returns empty list for non-existent emails (prevents enumeration).

object
businesses
Businesses

Businesses associated with email (empty if not found)

Array<object>
BusinessInfo

Business information in lookup responses.

object
id
required
Id

Business UUID

string
name
required
Name

Business display name

string

422

Section titled “422 ”

Validation Error

HTTPValidationError
object
detail
Detail
Array<object>
ValidationError
object
loc
required
Location
Array
msg
required
Message
string
type
required
Error Type
string
input
Input
ctx
Context
object

429

Section titled “429 ”

Too Many Requests

ErrorResponse

Error response.

object
error
required
Error

Error code

string
message
required
Message

Error message

string