Skip to content
My Docs

Verify OTP code that sent to user's email or phone number.

POST
/otp/verification

After verifying OTP code, user will get request_id that is required to do some activities like: reset password, change phone, etc.

Flow:

  1. Validate request.
    - otpType, otpCode and identifier are required.
    - otpType should be a valid one(change_phone/reset_password).
    - identifier should be a valid email or phone number.
  2. Validate based on otpType
    - reset_password: query user by identifier, user should exists and have valid user status(not blocked/paused).
    - change_phone: query user by identifier, user should not exists. if exist error phone already registered.
  3. Get OTP code from cache. (cache set in POST /otp)
  4. Validate OTP code from request should be the same as the one in cache.
  5. Generate requestToken(jwt) and return to user.
  6. Delete OTP code from cache.
  7. requestToken will be used on other APIs:
    - PATCH /users/password
    - PATCH /users/phone

Authorizations

Section titled “Authorizations ”

Request Body

Section titled “Request Body ”

VerifyOTPRequest

object
identifier

Email or phone number

string
+6282243350992
otpCode

OTP Code

string
22222
otpType

Reset_password | change_phone

string
Allowed values: login reset_password change_phone sign_up payment_method_add payment_method_select payment_method_delete 
reset_password

Responses

Section titled “ Responses ”

200

Section titled “200 ”

OK

object
data
object
requestToken

Request token

string

400

Section titled “400 ”

Bad request

object
error
string
some meaningful error message

500

Section titled “500 ”

Internal server error

object
error
string
some meaningful error message