API ReferenceOne-Time Password (OTP)Email
POST
/v1/auth/otp/verify/email

Verify the validity of an OTP code sent via email

Verify that the OTP code entered by the end user matches the OTP code that was sent. The Verify OTP code endpoint completes the OTP via email flow for:

The response object includes the session JWT sessionJwt and refresh JWT refreshJwt when the endpoint completes successfully, and the end user will be signed in. For an update email flow, the new email address will replace the original email address.

See Also

  • See The User Object for further details on how to identify users and their contact information such as email address and phone number.

Endpoint Authentication

Use authorization bearer header with the following format:

Authorization: Bearer \<Project ID\>

Try it

/v1/auth/otp/verify/email

The Authorization access token

Authorization

Authorization
Required
Bearer <token>

In: header

Request Body

loginIdstring

codestring

Status codeDescription
200OK
curl -X POST "https://api.descope.com/v1/auth/otp/verify/email" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <Project ID>" \
  -d '{
  "loginId": "string",
  "code": "string"
}'

{
  "sessionJwt": "string",
  "refreshJwt": "string",
  "cookieDomain": "string",
  "cookiePath": "string",
  "cookieMaxAge": 0,
  "cookieExpiration": 0,
  "user": {
    "loginIds": [
      "string"
    ],
    "userId": "string",
    "name": "string",
    "email": "string",
    "phone": "string",
    "verifiedEmail": true,
    "verifiedPhone": true,
    "roleNames": [
      "string"
    ],
    "userTenants": [
      {
        "tenantId": "string",
        "roleNames": [
          "string"
        ],
        "tenantName": "string"
      }
    ],
    "status": "string",
    "externalIds": [
      "string"
    ],
    "picture": "string",
    "test": false,
    "customAttributes": {},
    "createdTime": 0,
    "TOTP": false,
    "SAML": false,
    "OAuth": {
      "property1": false,
      "property2": false
    },
    "webauthn": true,
    "password": true,
    "ssoAppIds": [
      "string"
    ],
    "givenName": "string",
    "middleName": "string",
    "familyName": "string",
    "editable": true
  },
  "firstSeen": true,
  "idpResponse": {
    "samlResponse": "string",
    "samlGeneratedUser": "string",
    "samlGeneratedRoles": "string",
    "oidcResponse": "string",
    "oidcGeneratedUser": "string",
    "oidcGeneratedRoles": "string",
    "idpGroups": [
      "string"
    ]
  },
  "sessionExpiration": 0
}

Was this helpful?

Previous

Sign-In with Auto Sign-up

Next

Update Email