Skip to main content
POST
/
public
/
v1
/
submit
/
verify_otp

Authorizations

X-Stamp
string
required
Cryptographically signed (stamped) request to be passed in as a header. For more info, see here.

Body

type
enum<string>
required
Enum options: ACTIVITY_TYPE_VERIFY_OTP
timestampMs
string
required
Timestamp (in milliseconds) of the request, used to verify liveness of user requests.
organizationId
string
required
Unique identifier for a given Organization.
parameters
object
required

The parameters object containing the specific intent data for this activity.

generateAppProofs
boolean
Enable to have your activity generate and return App Proofs, enabling verifiability.

Response

A successful response returns the following fields:
activity
object
required
The activity object containing type, intent, and result
curl --request POST \
  --url https://api.turnkey.com/public/v1/submit/verify_otp \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header "X-Stamp: <string> (see Authorizations)" \
  --data '{
    "type": "ACTIVITY_TYPE_VERIFY_OTP",
    "timestampMs": "<string> (e.g. 1746736509954)",
    "organizationId": "<string> (Your Organization ID)",
    "parameters": {
        "otpId": "<string>",
        "otpCode": "<string>",
        "expirationSeconds": "<string>",
        "publicKey": "<string>"
    }
}'
import { Turnkey } from "@turnkey/sdk-server";

const turnkeyClient = new Turnkey({
  apiBaseUrl: "https://api.turnkey.com",
  apiPublicKey: process.env.API_PUBLIC_KEY!,
  apiPrivateKey: process.env.API_PRIVATE_KEY!,
  defaultOrganizationId: process.env.ORGANIZATION_ID!,
});

const response = await turnkeyClient.apiClient().verifyOtp({
  otpId: "<string> (ID representing the result of an init OTP activity.)",
  otpCode: "<string> (OTP sent out to a user's contact (email or SMS))",
  expirationSeconds: "<string> (Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours))",
  publicKey: "<string> (Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature)"
});
{
  "activity": {
    "id": "<activity-id>",
    "status": "ACTIVITY_STATUS_COMPLETED",
    "type": "ACTIVITY_TYPE_VERIFY_OTP",
    "organizationId": "<organization-id>",
    "timestampMs": "<timestamp> (e.g. 1746736509954)",
    "result": {
      "activity": {
        "id": "<string>",
        "organizationId": "<string>",
        "status": "<string>",
        "type": "<string>",
        "intent": {
          "verifyOtpIntent": {
            "otpId": "<string>",
            "otpCode": "<string>",
            "expirationSeconds": "<string>",
            "publicKey": "<string>"
          }
        },
        "result": {
          "verifyOtpResult": {
            "verificationToken": "<string>"
          }
        },
        "votes": "<array>",
        "fingerprint": "<string>",
        "canApprove": "<boolean>",
        "canReject": "<boolean>",
        "createdAt": "<string>",
        "updatedAt": "<string>"
      }
    }
  }
}