POST /auth/otp/verify
Verify the one-time code sent to the user’s email or phone and return a JWT. Passwordless flow — no password. Use the same identifier (email or phone) that was used in POST /auth/otp/send.
Endpoint
Section titled “Endpoint”POST /v1/public/projects/:projectSlug/auth/otp/verifyRequest Body
Section titled “Request Body”| Field | Type | Required | Description |
|---|---|---|---|
email | string | One of email/phone | Same email the OTP was sent to |
phone | string | One of email/phone | Same phone the OTP was sent to (E.164, e.g. +919876543210) |
code | string | ✅ | The 6-digit code received by the user |
Example: Email OTP
Section titled “Example: Email OTP”{ "email": "user@example.com", "code": "123456"}Example: Phone OTP
Section titled “Example: Phone OTP”{ "phone": "+919876543210", "code": "123456"}Response
Section titled “Response”Success (200 OK)
Section titled “Success (200 OK)”{ "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", "user": { "id": "user-uuid-here", "email": "user@example.com", "name": "Jane Doe" }}For phone-only users, email may be a placeholder value. Store the token for authenticated requests (e.g. GET /auth/me).
Error Responses
Section titled “Error Responses”| Status Code | Description |
|---|---|
| 400 | Invalid request (validation failed) |
| 401 | Code is wrong or expired |
| 403 | Email not verified (when project requires verification and user signed in via Email OTP) |
| 500 | Server error |
Related Endpoints
Section titled “Related Endpoints”- POST /auth/otp/send - Send OTP to user
- GET /auth/me - Get current user with the token
Try It Now
Section titled “Try It Now”POST
https://api.aerostack.dev/v1/public/projects/your-project/auth/otp/verify