social-app/docs/protocols/routes.md

# Auth Routes Protocol Notes

## POST `/api/v1/auth/verifications`

- `invite_code` is optional.
- Recommended format is fixed `4` chars and pattern `^[ABCDEFGHJKMNPQRSTUVWXYZ23456789]{4}$`.
- Backend normalizes invite codes to uppercase and validates in service logic.
- Invalid invite code values are ignored (treated as empty), and signup verification email flow still continues.

## Verification Token Input Convention

- Verification token for signup/recovery uses fixed `6` digits.
- Client UI should use fixed-length segmented input to reduce mistyped values.