POST /auth/otp/verify
Verify the one-time code sent to the user’s email (or SMS) and return the user object and a JWT. Use this after POST /auth/otp/send.
Endpoint
POST /api/v1/public/projects/:projectSlug/auth/otp/verifyRequest Parameters
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
projectSlug | string | ✅ | Your project’s unique slug |
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
email | string | ✅ | Same email the OTP was sent to |
code | string | ✅ | The one-time code received by the user |
Example Request Body
{
"email": "user@example.com",
"code": "123456"
}Response
Success (200 OK)
{
"user": {
"id": "user-uuid-here",
"email": "user@example.com",
"name": "Jane Doe",
"email_verified_at": "2026-02-10T10:00:00Z"
},
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}Store the token and use it for authenticated requests (e.g. GET /auth/me).
Error Responses
| Status Code | Error Code | Description |
|---|---|---|
| 400 | INVALID_REQUEST | Invalid email or code format |
| 401 | INVALID_OTP | Code is wrong or expired |
| 429 | RATE_LIMIT_EXCEEDED | Too many verify attempts |
| 500 | INTERNAL_SERVER_ERROR | Server error |
Available Hooks
- Event:
auth.otp.verify- When: After successful OTP verification
- Can do: Track OTP logins, trigger onboarding flows on first OTP login
Configure in Project → Hooks. Learn more about hooks →
Try It Now
POST
https://api.aerocall.app/api/v1/public/projects/your-project/auth/otp/verifyRelated Endpoints
- POST /auth/otp/send - Send OTP to user
- GET /auth/me - Get current user with the token