cURL
curl --request POST \ --url https://{subdomain}.auth.{region}.nhost.run/v1/signin/passwordless/sms/otp \ --header 'Content-Type: application/json' \ --data '{ "phoneNumber": "+123456789", "otp": "<string>" }'
{ "session": { "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", "accessTokenExpiresIn": 900, "refreshTokenId": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24", "refreshToken": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24", "user": { "avatarUrl": "https://myapp.com/avatars/user123.jpg", "createdAt": "2023-01-15T12:34:56Z", "defaultRole": "user", "displayName": "John Smith", "email": "john.smith@nhost.io", "emailVerified": true, "id": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24", "isAnonymous": false, "locale": "en", "metadata": { "firstName": "John", "lastName": "Smith" }, "phoneNumber": "+12025550123", "phoneNumberVerified": false, "roles": [ "user", "customer" ], "activeMfaType": "<string>" } }, "mfa": { "ticket": "mfaTotp:abc123def456" } }
Complete passwordless SMS authentication by verifying the one-time password. Returns a session if validation is successful.
Phone number and OTP code for SMS verification
Phone number of the user
"+123456789"
One-time password received by SMS
User successfully authenticated
User authentication session containing tokens and user information
Show child attributes
Challenge payload for multi-factor authentication
Was this page helpful?