Authenticate a User given a method_id (the associated email_id or phone_id) and a code. This endpoint verifies that the code is valid, hasn't expired or been previously used, and any optional security settings such as IP match or user agent match are satisfied. A given method_id may only have a single active OTP code at any given time, if a User requests another OTP code before the first one has expired, the first one will be invalidated.
Authenticate one-time passcode
POST
https://test.stytch.com/v1/otps/authenticateBody parameters
method_id* string
code* string
options object
attributes object
session_custom_claims map<string, any>
session_duration_minutes int
session_jwt string
session_token string
Response fields
status_code int
request_id string
method_id string
user_id string
user object
email_id string
session_token string
session_jwt string
session object
reset_sessions boolean
const stytch = require('stytch');
const client = new stytch.Client({
project_id: 'PROJECT_ID',
secret: 'SECRET',
});
const params = {
method_id: "phone-number-test-d5a3b680-e8a3-40c0-b815-ab79986666d0",
code: "123456",
session_duration_minutes: 60,
};
client.otps.authenticate(params)
.then(resp => { console.log(resp) })
.catch(err => { console.log(err) });
RESPONSE
200
{
"status_code": 200,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
"user": {...},
"method_id": "phone-number-test-d5a3b680-e8a3-40c0-b815-ab79986666d0",
"reset_sessions": false,
"session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
"session_jwt": "eyJ...",
"session": "{...}"
}