middleware(['idempotency', 'throttle.actions:otp_request']); Route::post('/login', [AuthController::class, 'login']) ->middleware(['throttle.actions:login']); Route::post('/otp/verify', [AuthController::class, 'verifyOtp']) ->middleware(['throttle.actions:login']); // Authenticated Routes Route::middleware(['auth.jwt', 'audit'])->group(function () { Route::post('/pin/setup', [AuthController::class, 'setupPin']) ->middleware(['idempotency']); });