# Verify OTP (One-time passcode) **POST /v1/auth/otps/verify** Verify an OTP (one-time passcode) against a method ID (email, phone number) to authenticate the user. This endpoints verifies that the OTP sent in is valid for the given method ID. ## HTTP Request `POST /v1/auth/otps/verify` ## Returns A successful response returns an object with `method_id`, `method_type`, and verified `user_id` properties. ## Servers - Production: https://api.moonkey.fun (Production) ## Authentication methods - Authorization ## Parameters ## Body parameters Content-type: application/json - **method_id** (string) Method ID to verify the OTP against. This can either be the `phone_number_id` or `email_id` returned by the send or login or create endpoints. - **otp** (string) OTP received by the User. - **device_fingerprint** (object) Device fingerprinting metadata for fraud detection during OTP code verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled by matching fields in the `device_fingerprint` such as IP, User Agent or the combination of them (more fraud detection features **coming soon**!) - **session_expires_in** (number) `Optional` Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). This parameter will create a new session if there is no existing session along with a `session_token` and `session_jwt`. However, if a valid `session_token` or `session_jwt` is sent in, it will extend that session by the minutes specified. If not sent in, no session will be created by default. - **session_token** (string) `Optional` Unique session token to verify. - **session_jwt** (string) `Optional` Unique Session JWT to verify. ## Responses ### 200: #### Body Parameters: application/json (object) - **method_id** (string) Method ID of the phone number or email. - **method_type** (string) Method Type. Possible values: email, phone_number. - **user_id** (string) User ID of the verified user. - **session_token** (string) - **session_jwt** (string) - **session** (object) [Powered by Bump.sh](https://bump.sh)