Verify Email OTP

Verify an email OTP code and receive authentication tokens.

This endpoint is used when the OTP feature is enabled (feature flag: otp). After calling the passwordless authentication endpoint, users receive an OTP code via email along with an otp_session_id in the API response. Submit both here to obtain access tokens.

Prerequisites

OTP feature must be enabled (feature flag: otp)

Must have called /v2/users/passwordless-auth endpoint first

Where to get the otp_session_id:
When you call the passwordless authentication endpoint with OTP enabled, the response includes:

{
  "success": true,
  "message": "Login email sent",
  "data": {
    "created": false,
    "otp_session_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
  }
}

Use this otp_session_id along with the OTP code from the email.

Request Body

otp_session_id (UUID): The session ID returned from the passwordless authentication API response

code (string): The 6-character alphanumeric OTP code from the email

Authorization

Required: No

Returns

JSON Response: Contains both the Authentication App access token and the Ejento access token upon successful verification.

Security Notes

OTP codes expire after 10 minutes

Limited number of verification attempts allowed

Each OTP code can only be used once

Current Version

2.0.0

curl --location -g --request POST 'https:///auth-service/api/v2/users/verify-otp' \ --header 'Content-Type: application/json' \ --data-raw '{ "code": "AB2CD3", "otp_session_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6" }'

{ "success": true, "message": "OTP verified successfully", "data": { "access_token": "<jwt-access-token>", "ejento_access_token": "<ejento-token>", "token_type": "bearer" } }

Request

Responses