POST
/v1/auth/otp/signup-in/sms

Sign-in end user (with automatic sign-up) by sending an OTP code via SMS

Initiate a process that implements both sign-in and sign-up using a single endpoint. Descope will generate and deliver the One-Time Password (OTP) to the end user via SMS. If the phone number is already registered (the end user exists) the user will be signed in. If the phone number is not registered (the end user is not yet registered) the user will be signed up. Sending multiple OTP codes (for example, when an end user tries to sign-up/sign-in a second or third time) will invalidate any OTP code that has already been sent.

This endpoint will return an empty response object when it completes successfully.

Next Steps

Verify the OTP code using the Verify OTP Code endpoint to complete the user sign-in process. After successfully verifying the code the end user will be signed-in.

See Also

  • See The User Object for further details on how to identify users and their contact information such as email address and phone number.
  • See User Login Options for further details on loginOptions.
  • Use the Sign-Up endpoint if you want a sign-up flow that will fail if the end user is already registered.
  • Use the Sign-In endpoint if you want a sign-in flow that will fail if the end user isn't yet registered.

Endpoint Authentication

Use authorization bearer header with the following format:

Authorization: Bearer \<Project ID\>

Try it

/v1/auth/otp/signup-in/sms

The Authorization access token

Authorization

Authorization
Required
Bearer <token>

In: header

Request Body

loginIdstring

loginOptionsobject

providerIdstring

ssoAppIdstring

Status codeDescription
200OK
curl -X POST "https://api.descope.com/v1/auth/otp/signup-in/sms" \
  -d '{
  "loginId": "string",
  "loginOptions": {
    "stepup": false,
    "customClaims": {},
    "mfa": false,
    "ssoAppId": "string",
    "templateOptions": {
      "property1": "string",
      "property2": "string"
    },
    "locale": "string",
    "pkceChallenge": "string"
  },
  "providerId": "string",
  "ssoAppId": "string"
}'

{
  "maskedPhone": "string"
}

Was this helpful?