Loading...
Complete an OTP challenge by sending the verificationId returned from send-otp together with the user-entered code.
Complete an existing challenge by pairing the saved verificationId with the OTP code entered by the user.
| Header | Required | Description |
|---|---|---|
| X-SMX-API-Key | Yes | Project API key for the verification request. |
| Content-Type: application/json | Yes | Required for JSON request bodies. |
| Field | Type | Required | Description |
|---|---|---|---|
| verificationId | string | Yes | Challenge identifier returned by /v1/send-otp. |
| otp | string | Yes | The code entered by the user. |
1{2 "success": true,3 "data": {4 "verified": true5 }6}| Status | When | Codes |
|---|---|---|
| 200 | The OTP challenge was verified successfully. | — |
| 400 | The verificationId or otp could not complete the challenge. | MESSAGE_NOT_FOUND, OTP_INVALID, OTP_EXPIRED, OTP_ATTEMPTS_EXCEEDED, VALIDATION_FAILED |
| 401 | The API key header was missing or invalid. | API_KEY_MISSING, API_KEY_INVALID |
| 403 | The API key belongs to a project that is not active. | PROJECT_DISABLED |
Verify failures contain attempt count context inside the details object, allowing clients to show precise try counts.
1{2 "success": false,3 "origin": "api",4 "codes": ["OTP_INVALID"],5 "message": "Invalid OTP code",6 "details": {7 "remainingAttempts": 2,8 "maxAttempts": 59 }10}1{2 "success": false,3 "origin": "api",4 "codes": ["OTP_ATTEMPTS_EXCEEDED"],5 "message": "OTP attempts exceeded",6 "details": {7 "remainingAttempts": 0,8 "maxAttempts": 59 }10}The backend only guarantees details.remainingAttempts for verification-specific failures where attempt count still matters. Do not assume the field exists on expired, missing, or unrelated errors.