POST /auth/otp/verify

Verify the one-time code sent to the user’s email or phone and return a JWT. Passwordless flow — no password. Use the same identifier (email or phone) that was used in POST /auth/otp/send.

Endpoint

POST /api/v1/public/projects/:projectSlug/auth/otp/verify

Request Body

Field	Type	Required	Description
`email`	string	One of email/phone	Same email the OTP was sent to
`phone`	string	One of email/phone	Same phone the OTP was sent to (E.164, e.g. `+919876543210`)
`code`	string	✅	The 6-digit code received by the user

Example: Email OTP

{
  "email": "[email protected]",
  "code": "123456"
}

Example: Phone OTP

{
  "phone": "+919876543210",
  "code": "123456"
}

Response

Success (200 OK)

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": "user-uuid-here",
    "email": "[email protected]",
    "name": "Jane Doe"
  }
}

For phone-only users, email may be a placeholder value. Store the token for authenticated requests (e.g. GET /auth/me).

Error Responses

Status Code	Description
400	Invalid request (validation failed)
401	Code is wrong or expired
403	Email not verified (when project requires verification and user signed in via Email OTP)
500	Server error

POST /auth/otp/send - Send OTP to user
GET /auth/me - Get current user with the token

Try It Now

POSThttps://api.aerocall.app/api/v1/public/projects/your-project/auth/otp/verify

Project Slug

Request Body (JSON)

POST /otp/send GET /me