Verify OTP Code | API Reference | Descope Documentation

API Reference/One-Time Password (OTP)/Email

Authorization

AuthorizationRequiredBearer <token>

In: header

Request Body

application/jsonRequired

loginIdstring

codestring

curl -X POST "https://api.descope.com/v1/auth/otp/verify/email" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "loginId": "string",
    "code": "string"
  }'

OK

{
  "sessionJwt": "string",
  "refreshJwt": "string",
  "cookieDomain": "string",
  "cookiePath": "string",
  "cookieMaxAge": 0,
  "cookieExpiration": 0,
  "user": {
    "loginIds": [
      "string"
    ],
    "userId": "string",
    "name": "string",
    "email": "string",
    "phone": "string",
    "verifiedEmail": true,
    "verifiedPhone": true,
    "roleNames": [
      "string"
    ],
    "userTenants": [
      {
        "tenantId": "string",
        "roleNames": [
          "string"
        ],
        "tenantName": "string"
      }
    ],
    "status": "string",
    "externalIds": [
      "string"
    ],
    "picture": "string",
    "test": false,
    "customAttributes": {},
    "createdTime": 0,
    "TOTP": false,
    "SAML": false,
    "OAuth": {
      "property1": false,
      "property2": false
    },
    "webauthn": true,
    "password": true,
    "ssoAppIds": [
      "string"
    ],
    "givenName": "string",
    "middleName": "string",
    "familyName": "string",
    "editable": true,
    "SCIM": true
  },
  "firstSeen": true,
  "idpResponse": {
    "samlResponse": "string",
    "samlGeneratedUser": "string",
    "samlGeneratedRoles": "string",
    "oidcResponse": "string",
    "oidcGeneratedUser": "string",
    "oidcGeneratedRoles": "string",
    "idpGroups": [
      "string"
    ]
  },
  "sessionExpiration": 0
}

Was this helpful?

Sign-In with Auto Sign-up POST

### Sign-in end user (with automatic sign-up) by sending an OTP code via email Initiate a process that implements both sign-in and sign-up using a single endpoint. Descope will generate and deliver the One-Time Password (OTP) to the end user via email. If the email address is already registered (the end user exists) the user will be signed in. If the email address is not registered (the end user is not yet registered) the user will be signed up. Sending multiple OTP codes (for example, when an end user tries to sign-up/sign-in a second or third time) will invalidate any OTP code that has already been sent. This endpoint will return an empty response object when it completes successfully. ### Next Steps Verify the OTP code using the [Verify OTP Code](/api/otp/email/verify-otp) endpoint to complete the user sign-in process. After successfully verifying the code the end user will be signed-in. ### See Also - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email address and phone number. - See [User Login Options](/api/overview#user-login-options) for further details on loginOptions. - Use the [Sign-Up](/api/otp/email/sign-up) endpoint if you want a sign-up flow that will fail if the end user is already registered. - Use the [Sign-In](/api/otp/email/sign-in) endpoint if you want a sign-in flow that will fail if the end user isn't yet registered. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <Project ID>`

Update Email POST

### Update Email Address of Existing User Update the email of an existing end user by sending an OTP code to the new email address. After successfully verifying the code the new email address will be used to deliver new OTP messages via email. The bearer token requires both the ProjectId and refresh JWT in the format `<Project ID>:<JWT>`, and can therefore only be run for end users who are currently signed-in. This endpoint will return an empty response object when it completes successfully. Descope allows you to associating multiple login IDs for a user during API update calls. For details on how this feature works, please review the details [here](/manage/users#associating-multiple-login-ids-for-a-user). ### Next Steps Verify the OTP code using the [Verify OTP Code](/api/otp/email/verify-otp) endpoint to complete the update process. After successfully verifying the code the new email address will replace the original email address. ### See Also - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email address and phone number. - See the [Verify OTP Code](/api/otp/email/verify-otp) endpoint, which will return the Refresh Jwt needed. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <Project ID:Refresh JWT>`