One-Time-Password APIs
Overview
Using the One-Time-Password APIs requires a two-phase actions. First phase action is calling the API endpoint to initiate the process (sign-up, sign-in, etc.), and the second phase is to verify the received OTP code from the user.
Each first phase API endpoint, when successfully executed, will result in a code delivered to the user, either in email, voice call, or text message (SMS). Once executed, you app should wait on user's interaction to supply the delivered code, and then issue the verify API endpoint action (second phase action) to confirm the user's code and complete the action.
The OTP code can be delivered over email, voice call, or text message (SMS) - each has its own set of API endpoints.
Use Cases
- Sign up a new user
- Sign in an existing user
- Sign in with auto sign-up a new user if not exists
- Update user's email address
- Update user's phone number
Examples
Example - user sign-up over email
- Trigger the process with Sign-Up endpoint Once successfully completed - the OTP code will be delivered to the user's email
- Compete the process by verifying the code with Verify OTP Code endpoint When the code is received from the end user, use the Verify OTP code API to confirm it is the code. Once confirmed - the Verify command will return the user's Session and Refresh JWT
Note
This example applies also for "Sign in an existing user" and "Sign in with auto sign-up a new user if not exists" use cases, and for text message (SMS) channel, when using the relevant API endpoints.
Example - update user's phone number
- Trigger the process with the Update Phone Number endpoint Once successfully executed - the OTP will be delivered to the new phone number provided as parameter of the endpoint
- Complete the process by verifying the code with the Verify Code API endpoint. When the code is received from the user, use the Verify API to confirm it is valid. Once confirmed - the user's phone number will be updated, and from that point all OTP codes over text message (SMS) will be delivered to the new number.
Note
This example applies also for "Update user's email address" use case, when using the relevant API endpoints.