Verify OTP Code

Verifies a one-time password (OTP) code sent to the user’s email for authentication. This endpoint allows users to complete the authentication process by providing the OTP code they received, enabling secure access to their Smart Wallet functionalities.

Request

This endpoint expects an object.

otpCodestringRequired

The one-time password code sent to the user’s email or phone number. This code is typically 6-8 digits long and expires after a short period.

otpIdstringRequired

The OTP request identifier returned from the initial authentication request. This links the verification attempt to the original OTP generation.

orgIdstringRequired

The organization ID associated with the user and application, enabling the management of Smart Wallets.

targetPublicKeystringRequired

Authentication of a client is done via an HPKE flow that allows the client and TEE to exchange an encrypted bundle without revealing it to a middleman (you, us, or Turnkey). The targetPublicKey is the public key that the client uses to decrypt the shared secret.

See more in the Turnkey Docs.

expirationSecondsstringOptional

Specifies the duration of the login session in seconds. After this period, the user has to re-login to refresh their session. The default value is 900 seconds (15 minutes).

Response

OTP verification successful. User is now authenticated.

credentialBundlestring

An encrypted API key credential bundle that can be used for subsequent authenticated requests. This bundle contains the authentication credentials encrypted with the provided targetPublicKey and can be decrypted client-side for stamping requests.

1	curl -X POST https://api.g.alchemy.com/signer/v1/otp \
2	-H "Authorization: <apiKey>" \
3	-H "Content-Type: application/json" \
4	-d '{
5	"otpCode": "foo",
6	"otpId": "foo",
7	"orgId": "foo",
8	"targetPublicKey": "foo"
9	}'

Headers

Request

Response

Errors