Verify Password Reset OTP (v1)
Method & Path
POST /api/v1/password-reset/verify-otp
Description
Verify the OTP code sent via SMS for password reset. This must be called before resetting the password.
Authentication
None: This is a public endpoint (no authentication required).
Headers
Content-Type: application/json
Request Body
{
"email": "owner@example.com",
"otpCode": "123456"
}
Request Body Schema
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Workspace owner email address |
otpCode | string | Yes | 6-digit OTP code sent via SMS (exactly 6 characters) |
Response 200 OK
{
"message": "OTP code verified successfully. You can now reset your password."
}
Response Fields
message(string): Success message
Common Errors
400 Bad Request: Invalid OTP code format (must be exactly 6 digits)
401 Unauthorized: Invalid or expired OTP code
404 Not Found: Workspace not found or password reset not requested
422 Unprocessable Entity: Validation error
500 Internal Server Error: Server error occurred while processing the request
Notes
- OTP code must be verified before calling the reset endpoint
- OTP code expires after 10 minutes
- OTP can only be used once
- After successful verification, you can proceed to reset the password