Skip to main content

OTP Verification

info

OTP Verification can be initiated from the dashboard or programmatically via API.

For dashboard-initiated flows, users must already exist in your Scute app. For API flows, you can use the identifier parameter to create users automatically.

OTP Verification Types

OTP verification supports multiple channels:

  • SMS OTP: Traditional SMS-based verification to user's phone number
  • User Identifier OTP: Verification when changing user email/phone numbers (via email or SMS)

Dashboard-Initiated OTP Flow

  1. Initiating Verification: OTP verification is primarily designed for dashboard (operator) initiated flows. After entering a reason and clicking the Send OTP button, the system sends an SMS message to the user's registered phone number.

    Verification modal
  2. User Notification: When the VerificationRequest is created, the user receives an OTP code via SMS and the verification request status is set to "pending".

    OTP verification dashboard
  3. Verification Process: This flow is designed for scenarios where the operator is in direct communication with the user (typically on the phone). The user reads the OTP code they received, and the operator enters this code into the verification field in the dashboard.

  4. Completion: Once the correct code is entered, the verification is completed, the status changes to "verified", and the operator can proceed with the authorized action.

API-Initiated OTP Flow

For programmatic verification flows, you can create OTP verification requests via API:

POST https://api.scute.io/v1/verify/:app_id/verifications

Authentication

Requires M2M (Machine-to-Machine) authentication:

# Get M2M token first
curl -X POST "https://api.scute.io/v1/auth/m2m/token" \
-H "Content-Type: application/json" \
-d '{"api_key": "your_api_key"}'

SMS OTP Example

const response = await fetch('https://api.scute.io/v1/verify/your-app-id/verifications', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-Authorization': 'your_m2m_access_token'
},
body: JSON.stringify({
identifier: '+1234567890',
channel: 'sms',
verification_type: 'standard',
reason: 'Phone number verification'
})
});

const data = await response.json();
console.log(data.verification_id); // Track verification status

Supported OTP Types:

  • SMS OTP: Traditional SMS-based verification to phone numbers
  • User identifier verification: Change email/phone with OTP verification

See User Identifier Verification for detailed examples of identifier change flows.