One-Time-Password APIs

Overview

The One-Time-Password APIs require two phases. The first phase calls the API endpoint to initiate the process (sign-up, sign-in, etc.), and the second phase verifies the OTP code received by the user.

Each first-phase endpoint, on success, delivers a code to the user via email, voice call, or text message (SMS). Your app should then wait for the user to supply the code and call the verify endpoint (second phase) to confirm it and complete the action.

The OTP code can be delivered over email, voice call, or text message (SMS) — each has its own set of API endpoints.

Use Cases

  1. Sign up a new user (Email, SMS, Phone)
  2. Sign in an existing user
  3. Sign in with auto sign-up if the user does not exist
  4. Update user's email address
  5. Update user's phone number

Examples

Example - user sign-up over email

  1. Trigger the process with the Sign-Up endpoint. On success, the OTP code is delivered to the user's email.
  2. Complete the process by verifying the code with the Verify OTP Code endpoint. Once confirmed, the endpoint returns the user's session and refresh JWTs.

Note

This example also applies to the "Sign in an existing user" and "Sign in with auto sign-up" use cases, and to the text message (SMS) channel, when using the relevant API endpoints.

Example - update user's phone number

  1. Trigger the process with the Update Phone Number endpoint. On success, the OTP is delivered to the new phone number.
  2. Complete the process by verifying the code with the Verify Code API endpoint. Once confirmed, the user's phone number is updated, and all future OTP codes over SMS are delivered to the new number.

Note

This example also applies to the "Update user's email address" use case, when using the relevant API endpoints.

Was this helpful?

On this page