Send a One-Time Passcode (OTP) to a Member's phone number.
If the Member already has a phone number, the mfa_phone_number field is not needed; the endpoint will send an OTP to the number associated with the Member. If the Member does not have a phone number, the endpoint will send an OTP to the mfa_phone_number provided and link the mfa_phone_number with the Member.
An error will be thrown if the Member already has a phone number and the provided mfa_phone_number does not match the existing one.
Note that sending another OTP code before the first has expired will invalidate the first code.
If a Member has a phone number and is enrolled in MFA, then after a successful primary authentication event (e.g. email magic link or SSO login is complete), an SMS OTP will automatically be sent to their phone number. In that case, this endpoint should only be used for subsequent authentication events, such as prompting a Member for an OTP again after a period of inactivity.
Cost to send SMS OTP
Before configuring SMS or WhatsApp OTPs, please review how Stytch bills the costs of international OTPs and understand how to protect your app against toll fraud.