B2B Saas Authentication

/

API reference

/

Email one-time passcodes (OTP)

/

Organization

/

Authenticate OTP

Authenticate One-time Passcode (OTP)

POSThttps://test.stytch.com/v1/b2b/otps/email/authenticate

Authenticate a Member with a one-time passcode (OTP). This endpoint requires an OTP that is not expired or previously used. OTPs have a default expiry of 10 minutes. If the Member’s status is pending or invited, they will be updated to active. Provide the session_duration_minutes parameter to set the lifetime of the session. If the session_duration_minutes parameter is not specified, a Stytch session will be created with a 60 minute duration.

If the Member is required to complete MFA to log in to the Organization, the returned value of member_authenticated will be false, and an intermediate_session_token will be returned. The intermediate_session_token can be passed into the OTP SMS Authenticate endpoint, TOTP Authenticate endpoint, or Recovery Codes Recover endpoint to complete the MFA step and acquire a full member session. The intermediate_session_token can also be used with the Exchange Intermediate Session endpoint or the Create Organization via Discovery endpoint to join a different Organization or create a new one. The session_duration_minutes and session_custom_claims parameters will be ignored.

If a valid session_token or session_jwt is passed in, the Member will not be required to complete an MFA step.

Body parameters

organization_id*string
email_address*string
code*string
session_tokenstring
session_jwtstring
intermediate_session_tokenstring
session_duration_minutesint
session_custom_claimsmap<string, any>
localestring

Response fields

request_idstring
status_codeint
member_idstring
method_idstring
member_sessionobject
session_tokenstring
session_jwtstring
intermediate_session_tokenstring
member_authenticatedboolean
mfa_requiredobject
organization_idstring
memberobject
organizationobject
curl --request POST \
  --url https://test.stytch.com/v1/b2b/otps/email/authenticate \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "organization_id": "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
    "email_address": "sandbox@stytch.com",
    "code": "123456"
  }'

RESPONSE

200
{
  "status_code": 200,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "method_id": "member-email-test-1dd089b3-8904-47ef-b943-987968e549d4",
  "member_id": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
  "organization_id": "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
  "reset_sessions": false,
  "session_jwt": "example_jwt",
  "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
  "intermediate_session_token": "",
  "member_authenticated": true,
  "mfa_required": null,
  "primary_required": null,
  "member_session": {...},
  "member": {...},
  "organization": {...}
}