Verify generic OTP

curl --request POST \
  --url https://api.turnkey.com/public/v1/submit/verify_otp \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header "X-Stamp: <string> (see Authorizations)" \
  --data '{
    "type": "ACTIVITY_TYPE_VERIFY_OTP",
    "timestampMs": "<string> (e.g. 1746736509954)",
    "organizationId": "<string> (Your Organization ID)",
    "parameters": {
        "otpId": "<string>",
        "otpCode": "<string>",
        "expirationSeconds": "<string>",
        "publicKey": "<string>"
    }
}'

{
  "activity": {
    "id": "<activity-id>",
    "status": "ACTIVITY_STATUS_COMPLETED",
    "type": "ACTIVITY_TYPE_VERIFY_OTP",
    "organizationId": "<organization-id>",
    "timestampMs": "<timestamp> (e.g. 1746736509954)",
    "result": {
      "activity": {
        "id": "<string>",
        "organizationId": "<string>",
        "status": "<string>",
        "type": "<string>",
        "intent": {
          "verifyOtpIntent": {
            "otpId": "<string>",
            "otpCode": "<string>",
            "expirationSeconds": "<string>",
            "publicKey": "<string>"
          }
        },
        "result": {
          "verifyOtpResult": {
            "verificationToken": "<string>"
          }
        },
        "votes": "<array>",
        "fingerprint": "<string>",
        "canApprove": "<boolean>",
        "canReject": "<boolean>",
        "createdAt": "<string>",
        "updatedAt": "<string>"
      }
    }
  }
}

POST

public

submit

verify_otp

Authorizations

API Key
WebAuthn (Passkey)

X-Stamp

string

required

Cryptographically signed (stamped) request to be passed in as a header. For more info, see here.

Body

type

enum<string>

required

Enum options: ACTIVITY_TYPE_VERIFY_OTP

timestampMs

string

required

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId

string

required

Unique identifier for a given Organization.

parameters

object

required

The parameters object containing the specific intent data for this activity.

Show details

parameters.otpId

string

required

ID representing the result of an init OTP activity.

parameters.otpCode

string

required

OTP sent out to a user’s contact (email or SMS)

parameters.expirationSeconds

string

Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours)

parameters.publicKey

string

Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature

generateAppProofs

boolean

Enable to have your activity generate and return App Proofs, enabling verifiability.

Response

A successful response returns the following fields:

activity

object

required

The activity object containing type, intent, and result

Show activity details

activity.id

string

required

Unique identifier for a given Activity object.

activity.organizationId

string

required

Unique identifier for a given Organization.

activity.status

string

required

The activity status

activity.type

string

required

The activity type

activity.intent

object

required

The intent of the activity

Show intent details

activity.intent.verifyOtpIntent

object

required

The verifyOtpIntent object

Show verifyOtpIntent details

activity.intent.verifyOtpIntent.otpId

string

required

ID representing the result of an init OTP activity.

activity.intent.verifyOtpIntent.otpCode

string

required

OTP sent out to a user’s contact (email or SMS)

activity.intent.verifyOtpIntent.expirationSeconds

string

Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours)

activity.intent.verifyOtpIntent.publicKey

string

Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature

activity.result

object

required

The result of the activity

Show result details

activity.result.verifyOtpResult

object

required

The verifyOtpResult object

Show verifyOtpResult details

activity.result.verifyOtpResult.verificationToken

string

required

Signed JWT containing a unique id, expiry, verification type, contact. Verification status of a user is updated when the token is consumed (in OTP_LOGIN requests)

activity.votes

array

required

A list of objects representing a particular User’s approval or rejection of a Consensus request, including all relevant metadata.

activity.fingerprint

string

required

An artifact verifying a User’s action.

activity.canApprove

boolean

required

Whether the activity can be approved.

activity.canReject

boolean

required

Whether the activity can be rejected.

activity.createdAt

string

required

The creation timestamp.

activity.updatedAt

string

required

The last update timestamp.

curl --request POST \
  --url https://api.turnkey.com/public/v1/submit/verify_otp \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header "X-Stamp: <string> (see Authorizations)" \
  --data '{
    "type": "ACTIVITY_TYPE_VERIFY_OTP",
    "timestampMs": "<string> (e.g. 1746736509954)",
    "organizationId": "<string> (Your Organization ID)",
    "parameters": {
        "otpId": "<string>",
        "otpCode": "<string>",
        "expirationSeconds": "<string>",
        "publicKey": "<string>"
    }
}'

{
  "activity": {
    "id": "<activity-id>",
    "status": "ACTIVITY_STATUS_COMPLETED",
    "type": "ACTIVITY_TYPE_VERIFY_OTP",
    "organizationId": "<organization-id>",
    "timestampMs": "<timestamp> (e.g. 1746736509954)",
    "result": {
      "activity": {
        "id": "<string>",
        "organizationId": "<string>",
        "status": "<string>",
        "type": "<string>",
        "intent": {
          "verifyOtpIntent": {
            "otpId": "<string>",
            "otpCode": "<string>",
            "expirationSeconds": "<string>",
            "publicKey": "<string>"
          }
        },
        "result": {
          "verifyOtpResult": {
            "verificationToken": "<string>"
          }
        },
        "votes": "<array>",
        "fingerprint": "<string>",
        "canApprove": "<boolean>",
        "canReject": "<boolean>",
        "createdAt": "<string>",
        "updatedAt": "<string>"
      }
    }
  }
}

Update wallet Overview

⌘I

Activities

Queries

Verify generic OTP

Authorizations

Body

Response