> ## Documentation Index
> Fetch the complete documentation index at: https://docs.streambird.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Verify OTP (One-time passcode)

> Verify an OTP (one-time passcode) against a method ID (email, phone number) to authenticate the user. This endpoints verifies that the OTP sent in is valid for the given method ID.
## Returns

A successful response returns an object with `method_id`, `method_type`, and verified `user_id` properties.



## OpenAPI

````yaml post /v1/auth/otps/verify
openapi: 3.1.0
info:
  title: MoonKey Auth API
  description: >-
    Explore all the details of MoonKey Auth API. All of our APIs are RESTful and
    accept and return JSON.
  version: v1
servers:
  - url: https://api.moonkey.fun
    description: Production
    variables: {}
security:
  - Authorization: []
tags:
  - name: Users
    description: User management API
  - name: Magic Links
    description: ''
  - name: OTPs
    description: >-
      Send OTP (One-time passcodes) by all the supported delivery methods such
      as SMS, email.
  - name: OAuth
    description: ''
  - name: Wallets Login
    description: ''
  - name: Managed Wallets
    description: ''
  - name: Wallet Import
    description: >-
      Import existing wallets into the platform using secure HPKE encryption.
      This flow ensures raw entropy (seed phrases or private keys) never touches
      the server in plaintext.
externalDocs:
  url: ''
  description: ''
paths:
  /v1/auth/otps/verify:
    post:
      tags:
        - OTPs
      summary: Verify OTP (One-time passcode)
      description: >-
        Verify an OTP (one-time passcode) against a method ID (email, phone
        number) to authenticate the user. This endpoints verifies that the OTP
        sent in is valid for the given method ID.

        ## Returns


        A successful response returns an object with `method_id`, `method_type`,
        and verified `user_id` properties.
      operationId: VerifyOtp
      parameters: []
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/VerifyOtpRequest'
            examples:
              VerifyOtpReq:
                value:
                  method_id: pn_24oXBLRv6BoHXbNZoTAZkAFlRsy
                  otp: '829994'
                  session_expires_in: 100
                  device_fingerprint:
                    ip: 123.2.1.1
      responses:
        '200':
          description: Verify OTP (One-time passcode) response
          content:
            application/json:
              schema:
                description: ''
                type: object
                properties:
                  method_id:
                    type: string
                    minLength: 1
                    description: Method ID of the phone number or email.
                  method_type:
                    type: string
                    minLength: 1
                    description: 'Method Type. Possible values: email, phone_number.'
                  user_id:
                    type: string
                    minLength: 1
                    description: User ID of the verified user.
                  session_token:
                    type: string
                  session_jwt:
                    type: string
                  session:
                    $ref: '#/components/schemas/Session'
                required:
                  - method_id
                  - method_type
                  - user_id
              examples:
                VerifyOtpResp:
                  value:
                    method_id: pn_24oXBLRv6BoHXbNZoTAZkAFlRsy
                    method_type: phone_number
                    user_id: user_24wFP9pDa9YiMJLun94iKykoZs2
                    session_token: >-
                      7hssInGtOjKGUh8w7T4NjgLIKKSw6UdZ8uOduBYmJzrtfV6GrNtaUYoGehRS6jBh
                    session:
                      id: sess_24tZ6tlJ7CxlTwB6Zoj6SHQ9vU3
                      user_id: user_24wFP9pDa9YiMJLun94iKykoZs2
                      session_token: >-
                        7hssInGtOjKGUh8w7T4NjgLIKKSw6UdZ8uOduBYmJzrtfV6GrNtaUYoGehRS6jBh
                      started_at: 1643496805
                      expires_at: 1643502805
                      last_active_at: 1643496805
                      factors:
                        - delivery_channel: sms
                          type: otp
                          method:
                            method_id: pn_24oXBLRv6BoHXbNZoTAZkAFlRsy
                            method_type: phone_number
                            phone_number_id: pn_24oXBLRv6BoHXbNZoTAZkAFlRsy
                            phone_number: '+14152222222'
                            last_verified_at: 1643496805
                      device_fingerprint:
                        user_agent: ''
                        ip: 123.2.1.1
                      updated_at: 1643496805
                      created_at: 1643496805
components:
  schemas:
    VerifyOtpRequest:
      description: ''
      type: object
      properties:
        method_id:
          type: string
          minLength: 1
          description: >-
            Method ID to verify the OTP against. This can either be the
            `phone_number_id` or `email_id` returned by the send or login or
            create endpoints.
        otp:
          type: string
          minLength: 1
          description: OTP received by the User.
        device_fingerprint:
          type: object
          description: >-
            Device fingerprinting metadata for fraud detection during OTP code
            verification step. This is useful to ensure that the user who
            originated the request matches the user that verifies the token.
            Verification requirements can be enabled by matching fields in the
            `device_fingerprint` such as IP, User Agent or the combination of
            them (more fraud detection features **coming soon**!) 
          properties:
            ip:
              type: string
              description: IP of the user originating the request.
            user_agent:
              type: string
              description: User Agent of the browser originating the request.
        session_expires_in:
          type: number
          description: >-
            `Optional` Extend the session expiration time to N minutes from now,
            must be between 5 to 525600 minutes (365 days). This parameter will
            create a new session if there is no existing session along with a
            `session_token` and `session_jwt`. However, if a valid
            `session_token` or `session_jwt` is sent in, it will extend that
            session by the minutes specified. If not sent in, no session will be
            created by default.
        session_token:
          type: string
          description: '`Optional` Unique session token to verify.'
        session_jwt:
          type: string
          description: '`Optional` Unique Session JWT to verify.'
      required:
        - method_id
        - otp
    Session:
      description: ''
      type: object
      x-examples:
        Session:
          id: sess_24tZ6tlJ7CxlTwB6Zoj6SHQ9vU3
          user_id: user_24wFP9pDa9YiMJLun94iKykoZs2
          session_token: 7hssInGtOjKGUh8w7T4NjgLIKKSw6UdZ8uOduBYmJzrtfV6GrNtaUYoGehRS6jBh
          started_at: 1643496805
          expires_at: 1643502805
          last_active_at: 1643496805
          factors:
            - delivery_channel: sms
              type: otp
              method:
                method_id: pn_24oXBLRv6BoHXbNZoTAZkAFlRsy
                method_type: phone_number
                phone_number_id: pn_24oXBLRv6BoHXbNZoTAZkAFlRsy
                phone_number: '+14152222222'
                last_verified_at: 1643496805
          device_fingerprint:
            user_agent: ''
            ip: 123.2.1.1
          updated_at: 1643496805
          created_at: 1643496805
      title: Session
      properties:
        id:
          type: string
          minLength: 1
        user_id:
          type: string
          minLength: 1
        session_token:
          type: string
          minLength: 1
        started_at:
          type: number
        expires_at:
          type: number
        last_active_at:
          type: number
        factors:
          type: array
          uniqueItems: true
          minItems: 1
          items:
            type: object
            properties:
              delivery_channel:
                type: string
                minLength: 1
                description: >-
                  Delivery channel for this factor. Possible values: sms, email,
                  totp_authenticator, totp_recovery_code, google_oauth,
                  apple_oauth, microsoft_oauth, discord_oauth, okta_oauth,
                  github_oauth, slack_oauth, facebook_oauth,
                  webauthn_credential, eth_wallet, sol_wallet.
              type:
                type: string
                minLength: 1
                description: >-
                  Authentication type of factor. Possible values: otp, oauth,
                  wallet, totp, webauthn.
              method:
                type: object
                required:
                  - method_id
                  - method_type
                  - last_verified_at
                properties:
                  id:
                    type: string
                  method_id:
                    type: string
                    minLength: 1
                  method_type:
                    type: string
                    minLength: 1
                    description: >-
                      Identifier method type. Possible values: email, wallet,
                      phone_number, webauthn.
                  last_verified_at:
                    type: number
                  phone_number_id:
                    type: string
                    minLength: 1
                  phone_number:
                    type: string
                    minLength: 1
                  email_id:
                    type: string
                  email:
                    type: string
                  wallet_type:
                    type: string
                  wallet_id:
                    type: string
                  wallet_public_address:
                    type: string
                  totp_id:
                    type: string
                  webauthn_credential_id:
                    type: string
                  provider_subject:
                    type: string
            required:
              - delivery_channel
              - type
              - method
        device_fingerprint:
          type: object
          required:
            - user_agent
            - ip
          properties:
            user_agent:
              type: string
            ip:
              type: string
              minLength: 1
        updated_at:
          type: number
        created_at:
          type: number
      required:
        - id
        - user_id
        - session_token
        - started_at
        - expires_at
        - last_active_at
        - factors
        - device_fingerprint
        - updated_at
        - created_at
  securitySchemes:
    Authorization:
      type: http
      scheme: bearer
      description: >-
        Auth Platform API includes all the Auth related features. All Users,
        Phone Numbers, Emails, and OTPs are associated with an `App` as the
        container.


        Endpoints only accept App's `Secret API keys` other than certain
        endpoints that are used client side or via SDK that accept the
        `public_token`.


        ## Authentication using App Api Key


        ## Header:


        ```

        Authorization: Bearer {api_key}

        ```


        ## Authenticated Request


        ```curl

        curl \
          -X GET https://api.moonkey.fun/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2 \
          -H "Authorization: Bearer sk_test_pRqweh3wvWmJAAVYv7Z0T5iPLzFM4ql0muoyQcjOxGeN3p1r"
        ```

````