Authenticate with OTP code and create a session.

curl --request POST \
  --url https://api.example.com/v1/submit/otp-auth \
  --header 'Content-Type: application/json' \
  --header 'X-Pubkey: <x-pubkey>' \
  --header 'X-Pubkey, X-Timestamp, X-Signature: <api-key>' \
  --header 'X-Signature: <x-signature>' \
  --header 'X-Timestamp: <x-timestamp>' \
  --data '
{
  "accountId": "550e8400-e29b-41d4-a716-446655440000",
  "userId": "550e8400-e29b-41d4-a716-446655440000",
  "otpId": "otp_a1b2c3d4567890abcdef",
  "otpCode": "123456789"
}
'

{
  "session": "<string>",
  "sessionId": "550e8400-e29b-41d4-a716-446655440000",
  "expiresAt": "2026-02-05T12:00:00Z"
}

POST

submit

otp-auth

Authenticate with OTP code and create a session.

curl --request POST \
  --url https://api.example.com/v1/submit/otp-auth \
  --header 'Content-Type: application/json' \
  --header 'X-Pubkey: <x-pubkey>' \
  --header 'X-Pubkey, X-Timestamp, X-Signature: <api-key>' \
  --header 'X-Signature: <x-signature>' \
  --header 'X-Timestamp: <x-timestamp>' \
  --data '
{
  "accountId": "550e8400-e29b-41d4-a716-446655440000",
  "userId": "550e8400-e29b-41d4-a716-446655440000",
  "otpId": "otp_a1b2c3d4567890abcdef",
  "otpCode": "123456789"
}
'

{
  "session": "<string>",
  "sessionId": "550e8400-e29b-41d4-a716-446655440000",
  "expiresAt": "2026-02-05T12:00:00Z"
}

Authorizations

X-Pubkey, X-Timestamp, X-Signature

string

header

required

Headers

X-Pubkey

string

required

Integrator's ECDSA public key (P-256 curve, compressed SEC1 format). Example: 0x038fedef7c12f93bbf342ad8943b7a825a3b41f61c9dc118b2c718efebabbf62fd

X-Timestamp

string

required

Unix timestamp in seconds (UTC). Must be within tolerance window (1 minute) to prevent replay attacks. Example: 1760375826

X-Signature

string

required

ECDSA signature (DER-encoded, hex with 0x prefix). Signs the message: {timestamp}{METHOD}{path_and_query}{json_body}. Example: 0x3045022100...

Body

application/json

Authenticate with OTP code

Request to authenticate with OTP code

accountId

string<uuid>

required

A UUID string

Example:

"550e8400-e29b-41d4-a716-446655440000"

userId

string<uuid>

required

A UUID string

Example:

"550e8400-e29b-41d4-a716-446655440000"

otpId

string

required

The OTP ID returned by init-otp

Example:

"otp_a1b2c3d4567890abcdef"

otpCode

string

required

The OTP code received by email

Example:

"123456789"

Response

OTP authentication successful

Response from OTP authentication

session

string

required

Session metadata

sessionId

string<uuid>

required

A UUID string

Example:

"550e8400-e29b-41d4-a716-446655440000"

expiresAt

string

required

Session expiration timestamp (ISO 8601)

Example:

"2026-02-05T12:00:00Z"

Initialize OTP for a user (email)Create authenticators (passkeys) for a user (OTP auth).

Integrator API

API endpoints

Authenticate with OTP code and create a session.

Authorizations

Headers

Body

Response