OTP Verification
OTP Verification can be initiated from the dashboard or programmatically via API.
For dashboard-initiated flows, users must already exist in your Scute app. For API flows, you can use the identifier parameter to create users automatically.
OTP Verification Types
OTP verification supports multiple channels:
- SMS OTP: Traditional SMS-based verification to user's phone number
- User Identifier OTP: Verification when changing user email/phone numbers (via email or SMS)
Dashboard-Initiated OTP Flow
-
Initiating Verification: OTP verification is primarily designed for dashboard (operator) initiated flows. After entering a reason and clicking the
Send OTP
button, the system sends an SMS message to the user's registered phone number. -
User Notification: When the VerificationRequest is created, the user receives an OTP code via SMS and the verification request status is set to "pending".
-
Verification Process: This flow is designed for scenarios where the operator is in direct communication with the user (typically on the phone). The user reads the OTP code they received, and the operator enters this code into the verification field in the dashboard.
-
Completion: Once the correct code is entered, the verification is completed, the status changes to "verified", and the operator can proceed with the authorized action.
API-Initiated OTP Flow
For programmatic verification flows, you can create OTP verification requests via API:
POST https://api.scute.io/v1/verify/:app_id/verifications
Authentication
Requires M2M (Machine-to-Machine) authentication:
# Get M2M token first
curl -X POST "https://api.scute.io/v1/auth/m2m/token" \
-H "Content-Type: application/json" \
-d '{"api_key": "your_api_key"}'
SMS OTP Example
const response = await fetch('https://api.scute.io/v1/verify/your-app-id/verifications', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-Authorization': 'your_m2m_access_token'
},
body: JSON.stringify({
identifier: '+1234567890',
channel: 'sms',
verification_type: 'standard',
reason: 'Phone number verification'
})
});
const data = await response.json();
console.log(data.verification_id); // Track verification status
Supported OTP Types:
- SMS OTP: Traditional SMS-based verification to phone numbers
- User identifier verification: Change email/phone with OTP verification
See User Identifier Verification for detailed examples of identifier change flows.