One-Time Passwords (OTP)

How to send a one time use code to a user's email or mobile phone number.

With the possession of a valid access token, it's possible to send a 6-digit numeric code, or a one-time password (OTP), to a user's email address or mobile phone number. That code can then be validated against that user's profile using the /otp/verify endpoint.

📘

About the env_id parameter

As with all Next Identity API calls, if your organization has a custom domain there is no need to pass an env_id.

OTP Send

The OTP code can be sent either via email or SMS. When using SMS, a message parameter can be included to define custom messaging. For example: Your one time use code is %code%. It is necessary to include the %code% in the message in order for the OTP code to be displayed.

curl --request POST \
     --url 'https://id.eu.nextreason.com/idp/v1/otp/send?env_id=ENVIRONMENT_ID' \
     --header 'Content-Type: application/json' \
     --data '
{
     "message": "Your one time use code is %code%",
     "client_id": "c8462jyq9dnupu2q4j7sfjzvn6c87j92",
     "redirect_uri": "https://localhost.com",
     "user_id": "+15417543010",
     "auth_type": "sms",
     "locale": "en-US"
}
'

For more information on the OTP Send endpoint, refer to the /otp/send section in the API Reference guide.

OTP Verify

With the possession of a valid access token it is possible to verify the 6 digit numeric code sent via OTP verify.

REQUEST
curl --request POST \
     --url 'https://id.eu.nextreason.com/idp/v1/otp/verify?env_id=ENVIRONMENT_ID' \
     --header 'Content-Type: application/json' \
     --data '
{
     "code": "151121",
     "client_id": "c8462jyq9dnupu2q4j7sfjzvn6c87j92",
     "user_id": "+15417543010",
     "auth_type": "sms",
     "locale": "en-US"
}
'

For more information on the OTP Verify endpoint, refer to the /otp/verify section in the API Reference guide.