Create standalone OTP
Send an OTP for step-up authentication or standalone verification. Can be initiated with a challenge token (step-up flow) or an identifier (standalone flow).
Note: When a request is blocked by fraud/antispam rules, the server
returns 204 No Content rather than a 4xx error, so callers cannot
distinguish a blocked attempt from a successful dispatch.
When the identifier is an email whose domain is bound to a SAML
connection with enforced login,
OTP creation is refused with the saml_login_required error (403) and the
flow must be restarted via the SAML initiate
endpoint.
Body
- Option 1
- Option 2
Either challenge_token or identifier must be provided. Use challenge_token for step-up flows, identifier for standalone OTP.
The challenge token from a step-up request.
"eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9..."
The verification target. Either a phone number or an email address.
PKCE code challenge (S256) for the standalone OTP login flow.
Only used with identifier; bound to the verification token so
that code_verifier can be replayed against
Finalize login.
Step-up flows ignore this field — they inherit PKCE from the
originating challenge token.
"E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM"
The identifier of the dispatch from the front-end SDK.
"123e4567-e89b-12d3-a456-426614174000"
The identifier of the login config to use.
"lcfg_01jqebhswje1ka1z7ahr9rfsgt"
Response
No Content