POST
/otp/verifyVerify OTP
Validates the submitted OTP against the Redis hash. Consumes OTP on success.
Max 3 failed attempts before max_attempts (429).
Not rate-limited by OTP send middleware; subject to global rate limit only.
operationId: otpVerify
Related documentation
Request
Requires appId and apiKey in the JSON body.
Schemas: Verify SMS OTP, Verify email OTP
Verify SMS OTP
json
{
"appId": "enandi-app",
"apiKey": "your-secret-key",
"phone": "919876543210",
"otp": "123456"
}Verify email OTP
json
{
"appId": "enandi-app",
"apiKey": "your-secret-key",
"email": "user@example.com",
"otp": "123456"
}Responses
200OTP verified
400Invalid input, contact, app id, or OTP format
401OTP mismatch
403Invalid credentials
404No active OTP (includes expired — service returns not_found)
429Too many failed attempts or global rate limit
500Internal error