Skip to main content
Verifies an OTP code for the identifier. For email, the code is checked against DO-local SQLite; for SMS, it is checked against Twilio Verify.

Request body

Response (200)

When verified is false, attestation is absent and a message field describes the failure reason.

Errors

Attestation lifetime

The attestation is a signed JWT-like payload (HMAC-SHA256 keyed by ATTESTATION_SIGNING_KEY) that expires in 300 seconds (ATTESTATION_TTL_SECONDS). It is passed as attestation in the subsequent POST /api/dids call to prove ownership.