# Verify OTP Code > For the complete documentation index, see [llms.txt](/docs/llms.txt). POST https://api.g.alchemy.com/signer/v1/otp Verifies a one-time password (OTP) code sent to the user's email for authentication. This endpoint allows users to complete the authentication process by providing the OTP code they received, enabling secure access to their Smart Wallet functionalities. Reference: https://www.alchemy.com/docs/wallets/api-reference/signer/signer-api-endpoints/verify-otp ## Headers | Name | Type | Required | Description | |------|------|----------|-------------| | Authorization | string | Yes | Bearer token authentication. Use 'Bearer ' as the value. | ## Code Examples ### cURL ```bash curl --request POST \ --url https://api.g.alchemy.com/signer/v1/otp \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/json' \ --data '{ "otpCode": "string", "otpId": "string", "orgId": "string", "targetPublicKey": "string", "expirationSeconds": "string" }' ``` ### JavaScript ```javascript const options = { method: 'POST', headers: {'Content-Type': 'application/json', Authorization: 'Bearer '}, body: JSON.stringify({ otpCode: 'string', otpId: 'string', orgId: 'string', targetPublicKey: 'string', expirationSeconds: 'string' }) }; fetch('https://api.g.alchemy.com/signer/v1/otp', options) .then(res => res.json()) .then(res => console.log(res)) .catch(err => console.error(err)); ``` ### Python ```python import requests url = "https://api.g.alchemy.com/signer/v1/otp" payload = { "otpCode": "string", "otpId": "string", "orgId": "string", "targetPublicKey": "string", "expirationSeconds": "string" } headers = { "Content-Type": "application/json", "Authorization": "Bearer " } response = requests.post(url, json=payload, headers=headers) print(response.text) ``` ### Go ```go package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "https://api.g.alchemy.com/signer/v1/otp" payload := strings.NewReader("{\n \"otpCode\": \"string\",\n \"otpId\": \"string\",\n \"orgId\": \"string\",\n \"targetPublicKey\": \"string\",\n \"expirationSeconds\": \"string\"\n}") req, _ := http.NewRequest("POST", url, payload) req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer ") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := io.ReadAll(res.Body) fmt.Println(string(body)) } ``` ### Java ```java HttpResponse response = Unirest.post("https://api.g.alchemy.com/signer/v1/otp") .header("Content-Type", "application/json") .header("Authorization", "Bearer ") .body("{\n \"otpCode\": \"string\",\n \"otpId\": \"string\",\n \"orgId\": \"string\",\n \"targetPublicKey\": \"string\",\n \"expirationSeconds\": \"string\"\n}") .asString(); ``` ### C# ```csharp using RestSharp; var options = new RestClientOptions("https://api.g.alchemy.com/signer/v1/otp"); var client = new RestClient(options); var request = new RestRequest(""); request.AddHeader("Authorization", "Bearer "); request.AddJsonBody("{\n \"otpCode\": \"string\",\n \"otpId\": \"string\",\n \"orgId\": \"string\",\n \"targetPublicKey\": \"string\",\n \"expirationSeconds\": \"string\"\n}", false); var response = await client.PostAsync(request); Console.WriteLine("{0}", response.Content); ``` ## Operation Specification ```yaml path: /otp method: POST operation: summary: Verify OTP Code description: | Verifies a one-time password (OTP) code sent to the user's email for authentication. This endpoint allows users to complete the authentication process by providing the OTP code they received, enabling secure access to their Smart Wallet functionalities. security: - apiKey: [] x-readme: samples-languages: - javascript - curl - python - go requestBody: content: application/json: schema: type: object properties: otpCode: type: string description: The one-time password code sent to the user's email or phone number. This code is typically 6-8 digits long and expires after a short period. otpId: description: The OTP request identifier returned from the initial authentication request. This links the verification attempt to the original OTP generation. type: string orgId: type: string description: The organization ID associated with the user and application, enabling the management of Smart Wallets. targetPublicKey: type: string description: | Authentication of a client is done via an HPKE flow that allows the client and TEE to exchange an encrypted bundle without revealing it to a middleman (you, us, or Turnkey). The targetPublicKey is the public key that the client uses to decrypt the shared secret. See more in the [Turnkey Docs](https://docs.turnkey.com/embedded-wallets/sub-organization-auth). expirationSeconds: type: string description: | Specifies the duration of the login session in seconds. After this period, the user has to re-login to refresh their session. The default value is 900 seconds (15 minutes). required: - orgId - otpCode - otpId - targetPublicKey responses: '200': description: OTP verification successful. User is now authenticated. content: application/json: schema: type: object properties: credentialBundle: type: string description: An encrypted API key credential bundle that can be used for subsequent authenticated requests. This bundle contains the authentication credentials encrypted with the provided targetPublicKey and can be decrypted client-side for stamping requests. required: - credentialBundle '400': description: Invalid OTP code or expired OTP. content: application/json: schema: type: object properties: error: type: string description: Error message describing why the OTP verification failed. code: type: string description: Error code for programmatic handling of the error. '429': description: Too many OTP verification attempts. Please wait before trying again. content: application/json: schema: type: object properties: error: type: string description: Error message indicating rate limiting is in effect. retryAfter: type: integer description: Number of seconds to wait before making another verification attempt. operationId: verifyOtp ```