# Route Spec

## Route ID
`auth-login-config`

## Endpoint
`GET /api/v1/auth/login-config`

## Human Description
Returns data needed to render the phone login screen: app logo URL, enabled login methods, OTP settings, and legal text references.

## Authentication
- Required: `no`
- Auth type: `none`
- Required roles/scopes: `none`

## Request
### Headers
- `Accept: application/json`
- `X-App-Platform: ios|android` (optional, for platform-specific copy/assets)
- `X-App-Version: <semver>` (optional)

### Query Parameters
- `locale` (`string`, optional, default `en`): language code for localized labels.

## Responses
### Success: `200 OK`
When returned:
- Login screen is available.

Body:
```json
{
  "success": true,
  "message": "Login config loaded",
  "data": {
    "logoUrl": "https://cdn.example.com/brand/logo.png",
    "enabledMethods": ["phone"],
    "otp": {
      "length": 4,
      "resendCooldownSeconds": 60
    },
    "terms": {
      "version": "2026-02-01",
      "url": "https://example.com/terms"
    },
    "privacyPolicy": {
      "version": "2026-02-01",
      "url": "https://example.com/privacy"
    }
  }
}
```

### Error: `503 Service Unavailable`
When returned:
- Login service is temporarily unavailable.

Body:
```json
{
  "success": false,
  "error": {
    "code": "LOGIN_CONFIG_UNAVAILABLE",
    "message": "Login configuration is temporarily unavailable.",
    "details": {}
  }
}
```

## Idempotency and Retries
- Idempotent: `yes`
- Retry guidance: safe to retry with exponential backoff.

## Data & Caching Dependencies
- **Spanner Tables:** `None`
- **Redis Cache:** `None`
- **GCS Storage:** `None`
- **Edge Cache (CDN):** `Yes (5 minutes)`

## Side Effects
- None (read-only endpoint).