OTP Verification
OTP Verification flow assumes you have already synced or created your users with the Scute app you created, since the parameter only accepts a Scute user ID.
You can create a ScuteUser with the CreateScuteUserWithIdentifier endpoint.
Alternatively, you can skip this step and use the Temporary User endpoint.
OTP Verification Types
OTP verification supports multiple channels:
- SMS OTP: Traditional SMS-based verification to user's phone number
- Email OTP: OTP codes sent via email (for metafield and user identifier verification)
- Metafield OTP: Verification of custom user data fields
- User Identifier OTP: Verification when changing user email/phone numbers
Dashboard-Initiated OTP Flow
-
Initiating Verification: OTP verification is primarily designed for dashboard (operator) initiated flows. After entering a reason and clicking the
Send OTPbutton, the system sends an SMS message to the user's registered phone number.
-
User Notification: When the VerificationRequest is created, the user receives an OTP code via SMS and the verification request status is set to "pending".
-
Verification Process: This flow is designed for scenarios where the operator is in direct communication with the user (typically on the phone). The user reads the OTP code they received, and the operator enters this code into the verification field in the dashboard.
-
Completion: Once the correct code is entered, the verification is completed, the status changes to "verified", and the operator can proceed with the authorized action.
API-Initiated OTP Flow
For programmatic verification flows, you can create OTP verification requests via API:
POST https://api.scute.io/v1/verify/:app_id/verifications
This supports:
- Metafield verification: Verify custom user data
- User identifier verification: Change email/phone with verification
- SMS verification: Traditional SMS OTP to registered phone
See the specific guides for User Identifier Verification for detailed API usage.