API Reference

Verify an SMS OTP

Call the /verify API with the below body parameters to ensure that the SMS OTP has been verified in-order to authenticate the user.

Call

curl --request POST
  --url https://api.ezid.io/verify/otp \
  --header 'Content-Type: application/json' \
  --data {
   client_id: "ezid_client_id",
   client_secret: "ezid_client_secret",
   otp: "6",
   login_id: "557637a8-3840-4c8b-2849-009e8d4d0af",
}
const fetch = (...args) => import('node-fetch').then(({default: fetch}) => fetch(...args));');

let url = 'https://api.ezid.io/send/otp';

let options = {
  method: 'POST',
  headers: {'Content-Type': 'application/json'},
  body: {
   client_id: "ezid_client_id",
   client_secret: "ezid_client_secret",
   otp: "6",
   login_id: "557637a8-3840-4c8b-2849-009e8d4d0af",
	}
};

fetch(url, options)
  .then(res => res.json())
  .then(json => console.log(json))
  .catch(err => console.error('error:' + err));
AttributesDefinition
client_id* Your companies unique ID, provided by EZiD
client_secret*You companies unique secret, provided by EZiD
otp* OTP received by the user
login_idHow you choose to send the OTP to your user.

Note: Currently, we only have phone available. Whats app and Email OTPs are coming soon.

Responses:

{
  access_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzYWF0dmlrcnVkcmFwYXRuYUBnbWFpbC5jb20uZXppZC5pby83ZWM2MDJlNGQyZGIxMzQ3OTVhMzRjMDM4MDlmNzNlNiIsImlzcyI6Imh0dHBzOi8vZXppZC5pbyIsImF6cCI6IjdlYzYwMmU0ZDJkYjEzNDc5NWEzNGMwMzgwOWY3M2U2Iiwic2NvcGUiOiJvcGVuaW2gYWxsb3c6aW52aXRlIiwiY3VzdG9tX2NsYWltcyI6eyJyb2xlIjoicmVhZC1vbmx5LXVzZXIiLCJ0ZXN0IjoiZnJvbSBzZW5kIGVuZHBvaW50In0sImlhdCI6MTY0NTYwNzcyNSwiZXhwIjoxNjQ1NjQzNzI1fQ.Ucgo3lV6yGyB3odZPf8sgojGah9xsEO-EzNbNFoAAxVOwl-naS--ZN4mm9B8sZgAi-WIJOGC7LJFPhHI2ZwTp0oucIEljh_MT6GLWK8V7SJLgQP1XWgIZfpqqa0S0ppVKbh8VqN5DInsXgWUDI5GbVvEmmpFcPh58JsZAMjKcmo5CYF-epbWqlmxc8GnUFBAsIN2CHwWLEKm6AA_F9CTKWqHO94Qj5cno2FWEELT_3NYcP0vEV9VS-HIhjz-TA0D0MJ0Ujxy5ygzFmt08BJZbqk9zm2ujc-dB28IE_av1dubb-w03nYyvD-8eNaC8_veJrJ149dRpltlJeW0ZffHnGBr9fKlkDisToPfNZItP2vTk0wZTuDcjGU9LQETfZeqN9y8q9HKRSnO6mk0InwePAxpMFFefH0k1nL5ApisUSHFPwDfsf5RtQxT6irlLKvY0y0aCtS-KiGL8Pm1Uj4B1jwwhk9uTwzLVW_kynaQ8iYXY8jnDqjOSVIvVHWwM8_bqBx_xodpdJfaSUMeCZhwj0LeoCVE6Cl6XxRn_g2MKXbha9WXFFjOausleJlsUlM1dPty-Kblj1Uu4g-ktzoEhN3ZyeWIxifNGQqAudnsXYwUA-4byXmy7gc_HQqyXEmoH_9OjY7sy8LQ5QIKvDMf3Hzn0zdx779qiQWFdOv2dj8",
  id_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzYWF0dmlrcnVkcmFwYXRuYUBnbWFpbC5jb20uZXppZC5pby83ZWM2MDJlNGQyZGIxMzQ3OTVhMzRjMDM4MDlmNzNlNiIsImlzcyI6Imh0dHBzOi8vZXppZC5pbyIsImVtYWlsIjoic2FhdHZpa3J1ZHJhcGF0bmFAZ21haWwuY29tIiwicHJveHlfZW1haWwiOiJzYWF3dmlrcnVkcmFwYXRuYUBnbWFpbC5jb20iLCJub25jZSI6IjRkY2YzMjgyLTliNzYtNGMzZi04OWM3LWJmY2JiMGQxYzg0YiIsImlhdCI6MTY0NTYwNzcyNSwiZXhwIjoxNjQ1NjQzNzI1fQ.e5sKc91l4rowqHSEgPDnrh5HGjggWvnYm1YKsxWzJFDG6DGAfmjdiUlZFbhXqKDaipvCd3jmhV63S5RSa7wFHhFpxn_k6baeRrEs_LZOdk7mc--hJWsQaX_CGpZ_CnaaQxh0M-CqWgnTnMdIHpwSKL59lvjpiNZ68PyvPiK4x37bRpKBQiiekqpqrhJ5wbjdGKkdIaOoS7dwHGNPsQcvWKN3GjcamxI9j-tpnff3Rj1It7ZtqITIvg9nIDNKtk--FSPPBbt_Jk0ksMZjstfjcsnbiW-cJW8E4HEhfbL2qUmgqPQMVYrmq-pTuXYq04nfru_o_cTeVGX-DN5aQcsqM6cQImJ5bBRqqGKTV0NhiFSIpFig7KUI9BMbi6vpDGFeYJNSIALTvrzHi4hB99LOv6shXY5lsHrDi2WJUESWzuBmODoUbBZDTo__4JtliLaY-uOu67lLG4iaX4kbD-tranDOE5QrWPiDe3NoKxam1l_5_2h3zRyPMLAIi-qScVA_s0_rAYYBih5QdgHnidOgHesv_DmP7SQt549TaYNxjOGAGq0K_yLkPpHRj3iTi8Zp_pSE1S-Qn7IAZ3WdcnoXz1QVprMlBAKhpaQ531Hh6HHltJrHy83axRXabTb-LhctXq5YQ8zbTBfw7e_DbYSaGc-_3LA-YELcr4cYucbHvC0",
  refresh_token: "1814084e-18a2-4e9c-bee8-71a8720c8863",

}
{
  error: "otp invalid",
}
AttributesDefinition
access_tokenThis is the access token of the user. It is a token that contains private information about the user and their access rights. This should be stored securely such that it is not exposed.
id_tokenThis is the ID token of the user. It is a token that contains their number amongst other details. This should be stored by the front-end of your application, and validated when the user tries to access protected resources
refresh_tokenThis is a refresh token that can be used when calling the/refresh endpoint to generate a new ID and access token.

The refresh_token returned as a part of the response should be saved. This token will be required when making the /refresh API call to ensure users remain logged in and not be signed out of the platform.