You can allow users from a selected domain or you can configure your API to allow only valid users.

Once the API returns userExists":"true" for the requested id, e.g. for email "id":"james@gmail.com" or for phone "id":"9196576XXXX". If the user exists he will be allowed to Login to your application.

[{"emailID":"james@gmail.com","userExists":"true","additionalInfo":{"group":"core","role":"admin"},"id":"james@gmail.com"},