> ## Documentation Index > Fetch the complete documentation index at: https://docs.prelude.so/llms.txt > Use this file to discover all available pages before exploring further. # Create standalone OTP > Send an OTP for step-up authentication or standalone verification. Can be initiated with a challenge token (step-up flow) or an identifier (standalone flow). ## OpenAPI ````yaml post /v1/session/otp openapi: 3.1.1 info: title: Prelude Session Frontend API version: 0.0.1 description: The Prelude Frontend API for Session Management contact: email: support@prelude.so servers: - url: https://{appId}.session.prelude.dev description: Production server variables: appId: default: changeme description: The appID security: [] tags: - name: Login OTP description: Login and step-up via OTP (phone or email) - name: Login Email Password description: Login via email and password - name: Login OAuth description: Login via OAuth providers - name: Login Finalize description: Finalize a login flow and create a session - name: Login Migration description: Migrate sessions from a legacy authentication system - name: Session description: Session refresh and revocation - name: Session Management description: Authenticated session and identifier management - name: Step-Up description: Step-up authentication flow - name: Well-Known description: Public key discovery endpoints - name: Password description: Password compliancy and change password paths: /v1/session/otp: post: tags: - Login OTP summary: Create standalone OTP description: >- Send an OTP for step-up authentication or standalone verification. Can be initiated with a challenge token (step-up flow) or an identifier (standalone flow). operationId: otpCreate requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/StepUpOTPCreateRequest' responses: '204': description: No Content headers: Set-Cookie: schema: type: string example: >- __verification-login_{app_id}=abcde12345; Path=/; HttpOnly; Secure; description: The verification token cookie '400': description: Bad Request content: application/json: schema: oneOf: - $ref: '#/components/schemas/BadRequestError' - $ref: '#/components/schemas/ExpiredChallengeTokenError' - $ref: '#/components/schemas/InvalidChallengeTokenError' - $ref: '#/components/schemas/TokenMismatchError' '403': description: Forbidden content: application/json: schema: oneOf: - $ref: '#/components/schemas/AuthBlockedError' '500': description: Internal Error content: application/json: schema: $ref: '#/components/schemas/InternalError' components: schemas: StepUpOTPCreateRequest: type: object description: >- Either `challenge_token` or `identifier` must be provided. Use `challenge_token` for step-up flows, `identifier` for standalone OTP. anyOf: - required: - challenge_token - required: - identifier properties: identifier: $ref: '#/components/schemas/Identifier' challenge_token: type: string description: The challenge token from a step-up request. examples: - eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9... dispatch_id: type: string description: The identifier of the dispatch from the front-end SDK. examples: - 123e4567-e89b-12d3-a456-426614174000 login_config_id: type: string description: The identifier of the login config to use. examples: - lcfg_01jqebhswje1ka1z7ahr9rfsgt BadRequestError: type: object properties: code: type: string enum: - bad_request type: type: string enum: - bad_request ExpiredChallengeTokenError: type: object properties: code: type: string enum: - expired_challenge_token type: type: string enum: - bad_request InvalidChallengeTokenError: type: object properties: code: type: string enum: - invalid_challenge_token type: type: string enum: - bad_request TokenMismatchError: type: object properties: code: type: string enum: - token_mismatch type: type: string enum: - bad_request AuthBlockedError: type: object properties: code: type: string enum: - auth_blocked type: type: string enum: - forbidden InternalError: type: object properties: code: type: string enum: - internal type: type: string enum: - internal Identifier: type: object description: The verification target. Either a phone number or an email address. properties: type: type: string enum: - phone_number - email_address description: The type of the target. examples: - phone_number value: type: string examples: - '+306912345678' description: An E.164 formatted phone number or an email address. required: - type - value ````