API Reference/One-Time Password (OTP)/Email
POST
/v1/auth/otp/update/email

Authorization

AuthorizationRequiredBearer <token>

In: header

Request Body

application/jsonRequired
loginIdstring
emailstring
addToLoginIDsboolean
Default: false
onMergeUseExistingboolean
Default: false
providerIdstring
templateOptionsobject
localestring
curl -X POST "https://api.descope.com/v1/auth/otp/update/email" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "loginId": "string",
    "email": "string",
    "addToLoginIDs": false,
    "onMergeUseExisting": false,
    "providerId": "string",
    "templateOptions": {
      "property1": "string",
      "property2": "string"
    },
    "locale": "string"
  }'

OK

{
  "maskedEmail": "string"
}

Was this helpful?

Verify OTP Code POST

### Verify the validity of an OTP code sent via email Verify that the OTP code entered by the end user matches the OTP code that was sent. The Verify OTP code endpoint completes the OTP via email flow for: - [Sign-Up](/api/otp/email/sign-up) - [Sign-In](/api/otp/email/sign-in) - [Sign-In with Auto Sign-up](/api/otp/email/sign-in-auto-sign-up) - [Update Email](/api/otp/email/update-email) The response object includes the session JWT `sessionJwt` and refresh JWT `refreshJwt` when the endpoint completes successfully, and the end user will be signed in. For an update email flow, the new email address will replace the original email address. ### See Also - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email address and phone number. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <Project ID>`

Sign-Up POST

### Sign-up new end user by sending an OTP code via SMS Initiate a sign-up process by sending a One-Time Password (OTP) to a new end user. Descope will generate and deliver the OTP code via SMS to the phone number specified. Sending multiple OTP codes (for example, when an end user tries to sign-up a second or third time) will invalidate any OTP code that has already been sent. This endpoint will return an empty response object when it completes successfully. The endpoint will return a failure code if the phone number is already registered. ### Next Steps Verify the OTP code using the [Verify OTP Code](/api/otp/sms/verify-otp) endpoint to complete the user sign-up process. After successfully verifying the OTP code the end user will be signed-in. ### See Also - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email address and phone number. - Use the [Sign-In](/api/otp/sms/sign-in) endpoint to sign-in an existing end user. - Use the [Sign-In with Auto Sign-up](/api/otp/sms/sign-in-auto-sign-up) endpoint to create a single sign-up and sign-in flow, which will create a new end user if they are not already registered. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <Project ID>`