Verify OTP and return customer session

curl --request POST \
  --url https://api.zupy.com/api/v2/auth/verify-otp/ \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "identifier": "<string>",
  "otp_code": "<string>"
}
'

{
  "customer_id": "2awTHloSJX7kGGprFerOOsvABcd",
  "is_new": false,
  "otp_session": "abc123def456...",
  "full_name": "João Silva",
  "points_balance": 150,
  "tier": "silver"
}

POST

api

auth

verify-otp

Verify OTP and return customer session

curl --request POST \
  --url https://api.zupy.com/api/v2/auth/verify-otp/ \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "identifier": "<string>",
  "otp_code": "<string>"
}
'

{
  "customer_id": "2awTHloSJX7kGGprFerOOsvABcd",
  "is_new": false,
  "otp_session": "abc123def456...",
  "full_name": "João Silva",
  "points_balance": 150,
  "tier": "silver"
}

Authorizations

X-API-Key

string

header

required

Per-company partner API key (zupy_pk_…). Validated by Zupy against the company integration key hash (Story 14.x); send it on every request as the X-API-Key header. Scoped read-write to the owning company's data.

Headers

X-API-Key

string

required

Partner API key

Body

identifier

string

required

Phone (+5511...), email, or CPF

otp_code

string

required

6-digit OTP code

Response

customer_id

string

required

Customer ID (KSUID or user PK)

is_new

boolean

required

True if customer was just created

otp_session

string

required

Session token (30min TTL) for subsequent OTP-protected requests

full_name

string

required

Customer full name

points_balance

integer

required

Current points balance

tier

string | null

required

Loyalty tier

Request OTP for customer verification List companies