You can restrict the users who can login to your application
You can allow users from a selected domain or you can configure your API to allow only valid users.
Once the API returns userExists":"true" for the requested id, e.g. for email "id":"[email protected]" or for phone "id":"9196576XXXX". If the user exists he will be allowed to Login to your application.