Verify an SMS OTP
Call the /verify
API with the below body parameters to ensure that the SMS OTP has been verified in-order to authenticate the user.
Call
curl --request POST
--url https://api.ezid.io/verify/otp \
--header 'Content-Type: application/json' \
--data {
client_id: "ezid_client_id",
client_secret: "ezid_client_secret",
otp: "6",
login_id: "557637a8-3840-4c8b-2849-009e8d4d0af",
}
const fetch = (...args) => import('node-fetch').then(({default: fetch}) => fetch(...args));');
let url = 'https://api.ezid.io/send/otp';
let options = {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: {
client_id: "ezid_client_id",
client_secret: "ezid_client_secret",
otp: "6",
login_id: "557637a8-3840-4c8b-2849-009e8d4d0af",
}
};
fetch(url, options)
.then(res => res.json())
.then(json => console.log(json))
.catch(err => console.error('error:' + err));
Attributes | Definition |
---|---|
client_id* | Your companies unique ID, provided by EZiD |
client_secret* | You companies unique secret, provided by EZiD |
otp* | OTP received by the user |
login_id | How you choose to send the OTP to your user. Note: Currently, we only have phone available. Whats app and Email OTPs are coming soon. |
Responses:
{
access_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzYWF0dmlrcnVkcmFwYXRuYUBnbWFpbC5jb20uZXppZC5pby83ZWM2MDJlNGQyZGIxMzQ3OTVhMzRjMDM4MDlmNzNlNiIsImlzcyI6Imh0dHBzOi8vZXppZC5pbyIsImF6cCI6IjdlYzYwMmU0ZDJkYjEzNDc5NWEzNGMwMzgwOWY3M2U2Iiwic2NvcGUiOiJvcGVuaW2gYWxsb3c6aW52aXRlIiwiY3VzdG9tX2NsYWltcyI6eyJyb2xlIjoicmVhZC1vbmx5LXVzZXIiLCJ0ZXN0IjoiZnJvbSBzZW5kIGVuZHBvaW50In0sImlhdCI6MTY0NTYwNzcyNSwiZXhwIjoxNjQ1NjQzNzI1fQ.Ucgo3lV6yGyB3odZPf8sgojGah9xsEO-EzNbNFoAAxVOwl-naS--ZN4mm9B8sZgAi-WIJOGC7LJFPhHI2ZwTp0oucIEljh_MT6GLWK8V7SJLgQP1XWgIZfpqqa0S0ppVKbh8VqN5DInsXgWUDI5GbVvEmmpFcPh58JsZAMjKcmo5CYF-epbWqlmxc8GnUFBAsIN2CHwWLEKm6AA_F9CTKWqHO94Qj5cno2FWEELT_3NYcP0vEV9VS-HIhjz-TA0D0MJ0Ujxy5ygzFmt08BJZbqk9zm2ujc-dB28IE_av1dubb-w03nYyvD-8eNaC8_veJrJ149dRpltlJeW0ZffHnGBr9fKlkDisToPfNZItP2vTk0wZTuDcjGU9LQETfZeqN9y8q9HKRSnO6mk0InwePAxpMFFefH0k1nL5ApisUSHFPwDfsf5RtQxT6irlLKvY0y0aCtS-KiGL8Pm1Uj4B1jwwhk9uTwzLVW_kynaQ8iYXY8jnDqjOSVIvVHWwM8_bqBx_xodpdJfaSUMeCZhwj0LeoCVE6Cl6XxRn_g2MKXbha9WXFFjOausleJlsUlM1dPty-Kblj1Uu4g-ktzoEhN3ZyeWIxifNGQqAudnsXYwUA-4byXmy7gc_HQqyXEmoH_9OjY7sy8LQ5QIKvDMf3Hzn0zdx779qiQWFdOv2dj8",
id_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzYWF0dmlrcnVkcmFwYXRuYUBnbWFpbC5jb20uZXppZC5pby83ZWM2MDJlNGQyZGIxMzQ3OTVhMzRjMDM4MDlmNzNlNiIsImlzcyI6Imh0dHBzOi8vZXppZC5pbyIsImVtYWlsIjoic2FhdHZpa3J1ZHJhcGF0bmFAZ21haWwuY29tIiwicHJveHlfZW1haWwiOiJzYWF3dmlrcnVkcmFwYXRuYUBnbWFpbC5jb20iLCJub25jZSI6IjRkY2YzMjgyLTliNzYtNGMzZi04OWM3LWJmY2JiMGQxYzg0YiIsImlhdCI6MTY0NTYwNzcyNSwiZXhwIjoxNjQ1NjQzNzI1fQ.e5sKc91l4rowqHSEgPDnrh5HGjggWvnYm1YKsxWzJFDG6DGAfmjdiUlZFbhXqKDaipvCd3jmhV63S5RSa7wFHhFpxn_k6baeRrEs_LZOdk7mc--hJWsQaX_CGpZ_CnaaQxh0M-CqWgnTnMdIHpwSKL59lvjpiNZ68PyvPiK4x37bRpKBQiiekqpqrhJ5wbjdGKkdIaOoS7dwHGNPsQcvWKN3GjcamxI9j-tpnff3Rj1It7ZtqITIvg9nIDNKtk--FSPPBbt_Jk0ksMZjstfjcsnbiW-cJW8E4HEhfbL2qUmgqPQMVYrmq-pTuXYq04nfru_o_cTeVGX-DN5aQcsqM6cQImJ5bBRqqGKTV0NhiFSIpFig7KUI9BMbi6vpDGFeYJNSIALTvrzHi4hB99LOv6shXY5lsHrDi2WJUESWzuBmODoUbBZDTo__4JtliLaY-uOu67lLG4iaX4kbD-tranDOE5QrWPiDe3NoKxam1l_5_2h3zRyPMLAIi-qScVA_s0_rAYYBih5QdgHnidOgHesv_DmP7SQt549TaYNxjOGAGq0K_yLkPpHRj3iTi8Zp_pSE1S-Qn7IAZ3WdcnoXz1QVprMlBAKhpaQ531Hh6HHltJrHy83axRXabTb-LhctXq5YQ8zbTBfw7e_DbYSaGc-_3LA-YELcr4cYucbHvC0",
refresh_token: "1814084e-18a2-4e9c-bee8-71a8720c8863",
}
{
error: "otp invalid",
}
Attributes | Definition |
---|---|
access_token | This is the access token of the user. It is a token that contains private information about the user and their access rights. This should be stored securely such that it is not exposed. |
id_token | This is the ID token of the user. It is a token that contains their number amongst other details. This should be stored by the front-end of your application, and validated when the user tries to access protected resources |
refresh_token | This is a refresh token that can be used when calling the/refresh endpoint to generate a new ID and access token. |
The refresh_token
returned as a part of the response should be saved. This token will be required when making the /refresh
API call to ensure users remain logged in and not be signed out of the platform.