Authentication API reference - totp authenticate

Authenticate TOTP

POSThttps://test.stytch.com/v1/totps/authenticate

Authenticate a TOTP code entered by a user.

Body parameters

user_id* string

totp_code* string

session_custom_claims map<string, any>

session_duration_minutes int

session_jwt string

session_token string

Response fields

status_code int

request_id string

totp_id string

session object

session_jwt string

session_token string

user object

user_id string

curl --request POST \
  --url https://test.stytch.com/v1/totps/authenticate \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
    "totp_code": "576831"
  }'

RESPONSE

{
  "status_code": 200,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "totp_id": "totp-test-41920359-8bbb-4fe8-8fa3-aaa83f35f02c",
  "session": null,
  "session_jwt": "",
  "session_token": "",
  "user": {...},
  "user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6"
}

Common Error Types

expired_totp
invalid_totp_code
recovery_code_used_as_totp_code
totp_code_already_authenticated