Skip to content

POST /auth/otp/verify

Verify the one-time code sent to the user’s email or phone and return a JWT. Passwordless flow — no password. Use the same identifier (email or phone) that was used in POST /auth/otp/send.

POST /v1/public/projects/:projectSlug/auth/otp/verify
FieldTypeRequiredDescription
emailstringOne of email/phoneSame email the OTP was sent to
phonestringOne of email/phoneSame phone the OTP was sent to (E.164, e.g. +919876543210)
codestringThe 6-digit code received by the user
{
"email": "user@example.com",
"code": "123456"
}
{
"phone": "+919876543210",
"code": "123456"
}
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": "user-uuid-here",
"email": "user@example.com",
"name": "Jane Doe"
}
}

For phone-only users, email may be a placeholder value. Store the token for authenticated requests (e.g. GET /auth/me).

Status CodeDescription
400Invalid request (validation failed)
401Code is wrong or expired
403Email not verified (when project requires verification and user signed in via Email OTP)
500Server error
POSThttps://api.aerostack.dev/v1/public/projects/your-project/auth/otp/verify