API Reference/One-Time Password (OTP)/Text Message (SMS)
POST
/v1/auth/otp/signup/sms

Authorization

AuthorizationRequiredBearer <token>

In: header

Request Body

application/jsonRequired
phonestring
loginIdstring
userobject
providerIdstring
loginOptionsobject
curl -X POST "https://api.descope.com/v1/auth/otp/signup/sms" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "phone": "string",
    "loginId": "string",
    "user": {
      "username": "string",
      "name": "string",
      "email": "string",
      "icon": "string"
    },
    "providerId": "string",
    "loginOptions": {
      "customClaims": {},
      "templateOptions": {
        "property1": "string",
        "property2": "string"
      },
      "locale": "string",
      "pkceChallenge": "string"
    }
  }'

OK

{
  "maskedPhone": "string"
}

Was this helpful?

Update Email POST

### Update Email Address of Existing User Update the email of an existing end user by sending an OTP code to the new email address. After successfully verifying the code the new email address will be used to deliver new OTP messages via email. The bearer token requires both the ProjectId and refresh JWT in the format `<Project ID>:<JWT>`, and can therefore only be run for end users who are currently signed-in. This endpoint will return an empty response object when it completes successfully. Descope allows you to associating multiple login IDs for a user during API update calls. For details on how this feature works, please review the details [here](/manage/users#associating-multiple-login-ids-for-a-user). ### Next Steps Verify the OTP code using the [Verify OTP Code](/api/otp/email/verify-otp) endpoint to complete the update process. After successfully verifying the code the new email address will replace the original email address. ### See Also - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email address and phone number. - See the [Verify OTP Code](/api/otp/email/verify-otp) endpoint, which will return the Refresh Jwt needed. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <Project ID:Refresh JWT>`

Sign-In POST

### Sign-in existing end user by sending an OTP code via SMS Initiate a sign-in process by sending a One-Time Password (OTP) to an existing end user. Descope will generate and deliver the OTP code to the phone number specified. Sending multiple OTP codes (for example, when an end user tries to sign-in a second or third time) will invalidate any OTP code that has already been sent. This endpoint will return an empty response object when it completes successfully. The endpoint will return a failure code if the phone number is not yet registered. ### Next Steps Verify the OTP code using the [Verify OTP Code](/api/otp/sms/verify-otp) endpoint to complete the user sign-in process. After successfully verifying the code the end user will be signed-in. ### See Also - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email address and phone number. - See [User Login Options](/api/overview#user-login-options) for further details on loginOptions. - Use the [Sign-Up](/api/otp/sms/sign-up) endpoint to sign-up a new end user. - Use the [Sign-In with Auto Sign-up](/api/otp/sms/sign-in-auto-sign-up) endpoint to create a single sign-up and sign-in flow, which will create a new end user if they are not already registered. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <Project ID>`