Login with OTP

curl --request POST \
  --url https://api.turnkey.com/public/v1/submit/otp_login \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header "X-Stamp: <YOUR_API_KEY.YOUR_API_SECRET>" \
  --data '{
    "type": "ACTIVITY_TYPE_OTP_LOGIN",
    "timestampMs": "<string> (e.g. 1746736509954)",
    "organizationId": "<string> (Your Organization ID)",
    "parameters": {
        "verificationToken": "<string>",
        "publicKey": "<string>",
        "expirationSeconds": "<string>",
        "invalidateExisting": true
    }
}'

{
  "activity": {
    "id": "<activity-id>",
    "status": "ACTIVITY_STATUS_COMPLETED",
    "type": "ACTIVITY_TYPE_OTP_LOGIN",
    "organizationId": "<organization-id>",
    "timestampMs": "<timestamp> (e.g. 1746736509954)",
    "result": {
      "activity": {
        "type": "<string>",
        "intent": {
          "otpLoginIntent": {
            "verificationToken": "<string>",
            "publicKey": "<string>",
            "expirationSeconds": "<string>",
            "invalidateExisting": true
          }
        },
        "result": {
          "otpLoginResult": {
            "session": "<string>"
          }
        }
      }
    }
  }
}

POST

public

submit

otp_login

Authorizations

API Key
Webauthn (Passkey)

X-Stamp

string

header

required

Body

type

enum<string>

required

Enum options: ACTIVITY_TYPE_OTP_LOGIN

timestampMs

string

required

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId

string

required

Unique identifier for a given Organization.

parameters

object

required

parameters field

Show details

parameters.verificationToken

string

required

Signed JWT containing a unique id, expiry, verification type, contact

parameters.publicKey

string

required

Client-side public key generated by the user, which will be conditionally added to org data based on the validity of the verification token

parameters.expirationSeconds

string

Expiration window (in seconds) indicating how long the Session is valid for. If not provided, a default of 15 minutes will be used.

parameters.invalidateExisting

boolean

Invalidate all other previously generated Login API keys

Response

A successful response returns the following fields:

activity

object

required

The activity object containing type, intent, and result

Show activity details

activity.type

string

required

The activity type

activity.intent

object

required

The intent of the activity

Show intent details

activity.intent.otpLoginIntent

object

required

The otpLoginIntent object

Show otpLoginIntent details

activity.intent.otpLoginIntent.verificationToken

string

required

Signed JWT containing a unique id, expiry, verification type, contact

activity.intent.otpLoginIntent.publicKey

string

required

Client-side public key generated by the user, which will be conditionally added to org data based on the validity of the verification token

activity.intent.otpLoginIntent.expirationSeconds

string

Expiration window (in seconds) indicating how long the Session is valid for. If not provided, a default of 15 minutes will be used.

activity.intent.otpLoginIntent.invalidateExisting

boolean

Invalidate all other previously generated Login API keys

activity.result

object

required

The result of the activity

Show result details

activity.result.otpLoginResult

object

required

The otpLoginResult object

Show otpLoginResult details

activity.result.otpLoginResult.session

string

required

Signed JWT containing an expiry, public key, session type, user id, and organization id

curl --request POST \
  --url https://api.turnkey.com/public/v1/submit/otp_login \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header "X-Stamp: <YOUR_API_KEY.YOUR_API_SECRET>" \
  --data '{
    "type": "ACTIVITY_TYPE_OTP_LOGIN",
    "timestampMs": "<string> (e.g. 1746736509954)",
    "organizationId": "<string> (Your Organization ID)",
    "parameters": {
        "verificationToken": "<string>",
        "publicKey": "<string>",
        "expirationSeconds": "<string>",
        "invalidateExisting": true
    }
}'

{
  "activity": {
    "id": "<activity-id>",
    "status": "ACTIVITY_STATUS_COMPLETED",
    "type": "ACTIVITY_TYPE_OTP_LOGIN",
    "organizationId": "<organization-id>",
    "timestampMs": "<timestamp> (e.g. 1746736509954)",
    "result": {
      "activity": {
        "type": "<string>",
        "intent": {
          "otpLoginIntent": {
            "verificationToken": "<string>",
            "publicKey": "<string>",
            "expirationSeconds": "<string>",
            "invalidateExisting": true
          }
        },
        "result": {
          "otpLoginResult": {
            "session": "<string>"
          }
        }
      }
    }
  }
}

⌘I

Activities

Queries

Authorizations

Body

Response