POST /api/verify/check

Request body
Response (200)
Errors
Attestation lifetime

Verifies an OTP code for the identifier. For email, the code is checked against DO-local SQLite; for SMS, it is checked against Twilio Verify.

Request body

Field	Type	Required	Description
`identifier`	`string`	Yes	Email address or phone number
`channel`	`string`	Yes	`"email"` or `"sms"`
`code`	`string`	Yes	OTP code submitted by user

Response (200)

{
  "ok": true,
  "verified": true,
  "attestation": {
    "identifier": "alice@example.com",
    "channel": "email",
    "verified_at": "2024-01-01T00:00:00Z",
    "expires_at": "2024-01-01T00:05:00Z",
    "registrar": "did:new:0x...",
    "signature": "0x..."
  }
}

When verified is false, attestation is absent and a message field describes the failure reason.

Errors

Code	Condition	Description
`400`	`"Missing required fields: identifier, channel, code"`	Field absent
`400`	`"Invalid channel. Must be \"sms\" or \"email\""`	Unknown channel
`502`	`ok: false`	Upstream Twilio error

Attestation lifetime

The attestation is a signed JWT-like payload (HMAC-SHA256 keyed by ATTESTATION_SIGNING_KEY) that expires in 300 seconds (ATTESTATION_TTL_SECONDS). It is passed as attestation in the subsequent POST /api/dids call to prove ownership.

POST /api/verify/send GET /api/verify/status

⌘I

Overview

Static / CDN

Stateless

Global Lookups

Registration

Indexer

Payments

Inngest

Rate Limits

POST /api/verify/check

Request body

Response (200)

Errors

Attestation lifetime

Overview

Static / CDN

Stateless

Global Lookups

Registration

Indexer

Payments

Inngest

Rate Limits

Documentation Index

​Request body

​Response (200)

​Errors

​Attestation lifetime

Request body

Response (200)

Errors

Attestation lifetime