Verify OTP - Handa Uncle Platform

Verify OTP and return tokens

curl --request POST \
  --url https://handauncle-backend-prod-205012263523.asia-south1.run.app/api/v1/auth/verify-otp \
  --header 'Content-Type: application/json' \
  --header 'x-device-id: <x-device-id>' \
  --data '
{
  "phone": "9876543210",
  "otp": "123456"
}
'

{
  "data": {
    "accessToken": "<string>",
    "idToken": "<string>",
    "refreshToken": "<string>",
    "expiresIn": 123,
    "user": {
      "id": "<string>",
      "email": "jsmith@example.com",
      "name": "<string>",
      "picture": "<string>",
      "emailVerified": true,
      "phone": "<string>"
    }
  },
  "meta": {
    "timestamp": "2023-11-07T05:31:56Z",
    "requestId": "<string>"
  }
}

POST

api

auth

verify-otp

Verify OTP and return tokens

curl --request POST \
  --url https://handauncle-backend-prod-205012263523.asia-south1.run.app/api/v1/auth/verify-otp \
  --header 'Content-Type: application/json' \
  --header 'x-device-id: <x-device-id>' \
  --data '
{
  "phone": "9876543210",
  "otp": "123456"
}
'

{
  "data": {
    "accessToken": "<string>",
    "idToken": "<string>",
    "refreshToken": "<string>",
    "expiresIn": 123,
    "user": {
      "id": "<string>",
      "email": "jsmith@example.com",
      "name": "<string>",
      "picture": "<string>",
      "emailVerified": true,
      "phone": "<string>"
    }
  },
  "meta": {
    "timestamp": "2023-11-07T05:31:56Z",
    "requestId": "<string>"
  }
}

Validates the submitted OTP code, creates/updates the user in Auth0 and MongoDB, and returns Auth0 tokens so the client can treat OTP users like any other session.

Headers

Header	Required	Description
`x-device-id`	Yes	Unique device identifier
`x-platform`	No	Platform type: `ios`, `android`, or `web`

Request Body

{
  "phone": "+919876543210",
  "otp": "123456"
}

Response

{
  "success": true,
  "data": {
    "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
    "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refreshToken": "v1.MjAyNS0xMi0wMlQwODowMDowMC4wMDBa...",
    "expiresIn": 86400,
    "user": {
      "id": "auth0|692e9f465b1b4e6753627a4f",
      "phone": "+919876543210",
      "name": "HU Phone 3210",
      "phoneVerified": true,
      "email": "919876543210@sms.handauncle.app"
    }
  },
  "meta": {
    "timestamp": "2025-12-02T08:00:00.000Z",
    "request_id": "uuid"
  }
}

Error Codes

Status	Description
`400`	Invalid or expired OTP
`401`	Maximum verification attempts exceeded
`502`	Auth0 or Exotel service failure

Notes

The accessToken is an Auth0 JWT that can be used with all authenticated endpoints
The refreshToken can be used with /api/v1/auth/refresh to get new tokens
The synthetic email (phone@sms.handauncle.app) is used internally for Auth0 database connection

Headers

x-device-id

string

required

Unique identifier for the calling device or installation.

Minimum string length: 1

x-platform

enum<string>

Client platform (ios, android, web).

Available options:

ios,

android,

web

Body

application/json

phone

string

required

Phone number. Accepts 10-digit numbers (9876543210), numbers with country code (919876543210), or E.164 format (+919876543210). The +91 prefix is automatically added for 10-digit numbers.

Example:

"9876543210"

otp

string

required

6-digit verification code.

Pattern: ^\d{6}$

Example:

"123456"

Response

Tokens issued

success

enum<boolean>

required

Available options:

true

data

object

required

Show child attributes

Documentation Index

​Headers

​Request Body

​Response

​Error Codes

​Notes

Headers

Body

Response

Headers

Request Body

Response

Error Codes

Notes