Verify one-time token

POST /api/one-time-tokens/verify
O auth2

Verify a one-time token associated with an email address. If the token is valid and not expired, it will be marked as consumed.

application/json

Body Required

  • token string Required

    The one-time token to verify.

    Minimum length is 1, maximum length is 256.

  • email string Required

    The email address associated with the one-time token.

    Minimum length is 1, maximum length is 128.

Responses

  • 200 application/json

    The one-time token was verified successfully.

    Hide response attributes Show response attributes object
    • tenantId string Required

      Maximum length is 21.

    • id string Required

      Minimum length is 1, maximum length is 21.

    • email string Required

      Minimum length is 1, maximum length is 128.

    • token string Required

      Minimum length is 1, maximum length is 256.

    • context object Required

      Additional properties are allowed.

      Hide context attribute Show context attribute object
    • status string Required

      Values are active, consumed, revoked, or expired.

    • createdAt number Required
    • expiresAt number Required
  • 400

    The token has been consumed or is expired, or the email does not match.

  • 401

    Unauthorized

  • 403

    Forbidden

  • 404

    The one-time token was not found or is not active.

POST /api/one-time-tokens/verify 
curl \
 --request POST https://[tenant_id].logto.app/api/one-time-tokens/verify \
 --header "Authorization: Bearer $ACCESS_TOKEN" \
 --header "Content-Type: application/json" \
 --data '{"token":"string","email":"string"}'
Request examples 
{
  "token": "string",
  "email": "string"
}
Response examples (200) 
{
  "tenantId": "string",
  "id": "string",
  "email": "string",
  "token": "string",
  "context": {
    "jitOrganizationIds": [
      "string"
    ]
  },
  "status": "active",
  "createdAt": 42.0,
  "expiresAt": 42.0
}