Skip to content
Nhost Documentation
Support Dashboard

Verify email OTP

POST
/signin/otp/email/verify

Complete email OTP authentication by verifying the one-time password. Returns a session if validation is successful.

Request Body required

Section titled “Request Body required ”

OTP code and email address for verification

object
otp
required

One time password

string
email
required

A valid email

string format: email
Example
john.smith@nhost.io

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Magic link sent to user’s email successfully

object
session

User authentication session containing tokens and user information

object
accessToken
required

JWT token for authenticating API requests

string
Example
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
accessTokenExpiresIn
required

Expiration time of the access token in seconds

integer format: int64
Example
900
refreshTokenId
required

Identifier for the refresh token

string
/\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b/
Example
2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24
refreshToken
required

Token used to refresh the access token

string
/\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b/
Example
2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24
user

User profile and account information

object
avatarUrl
required

URL to the user’s profile picture

string
Example
https://myapp.com/avatars/user123.jpg
createdAt
required

Timestamp when the user account was created

string format: date-time
Example
2023-01-15T12:34:56Z
defaultRole
required

Default authorization role for the user

string
Example
user
displayName
required

User’s display name

string
Example
John Smith
email

User’s email address

string format: email
Example
john.smith@nhost.io
emailVerified
required

Whether the user’s email has been verified

boolean
Example
true
id
required

Unique identifier for the user

string
/\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b/
Example
2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24
isAnonymous
required

Whether this is an anonymous user account

boolean
locale
required

User’s preferred locale (language code)

string
>= 2 characters <= 3 characters
Example
en
metadata
required

Custom metadata associated with the user

object
key
additional properties
any
Example
{
  "firstName": "John",
  "lastName": "Smith"
}
phoneNumber

User’s phone number

string
Example
+12025550123
phoneNumberVerified
required

Whether the user’s phone number has been verified

boolean
roles
required

List of roles assigned to the user

Array<string>
Example
[
  "user",
  "customer"
]
activeMfaType

Active MFA type for the user

string
nullable

default

Section titled “default ”

An error occurred while processing the request

Standardized error response

object
status
required

HTTP status error code

integer
Example
400
message
required

Human-friendly error message

string
Example
Invalid email format
error
required

Error code identifying the specific application error

string
Allowed values: default-role-must-be-in-allowed-roles disabled-endpoint disabled-user email-already-in-use email-already-verified forbidden-anonymous internal-server-error invalid-email-password invalid-request locale-not-allowed password-too-short password-in-hibp-database redirectTo-not-allowed role-not-allowed signup-disabled unverified-user user-not-anonymous invalid-pat invalid-refresh-token invalid-ticket disabled-mfa-totp no-totp-secret invalid-totp mfa-type-not-found totp-already-active invalid-state oauth-token-echange-failed oauth-profile-fetch-failed oauth-provider-error invalid-otp cannot-send-sms provider-account-already-linked