Embedded Wallets
How to
Verify Login

Verify Login

API usage for verifying the login OTP for the user. login OTP is sent to the user's email.

Overview

This API endpoint allows you to verify the user login to using User’s email and otp verification.

  • HTTP Method: POST
  • Endpoint: /api/<VERSION>/auth/verify-otp

Request Body Parameters

  • verificationToken (required): verificationToken from Login endpoints.
  • otp(required): otp sent to the user's email.

Example Request Body

{
    "verificationToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjY0YjUxNGY0MzU4ZGVjY2FkYWY4MDA5MSIsImVtYWlsIjoiZGVuZGl0b3BydG1AZ21haWwuY29tIiwibmFtZSI6IkRlbmRpdG8gUHJhdGFtYSIsInJvbGUiOiJhZG1pbiIsInBvbGljeSI6IjY0OTE0YTY3Z...",
    "otp": "123456",
}

Request

Request Headers

  • x-client-secret (required): Client secret which was generated when register in Xellar Embedded Wallet API Service Dashboard.

Example Request Syntax

curl -X POST -H "Content-Type: application/json" -H "x-client-secret: $YOUR_CLIENT_SECRET" -d '{
    "verificationToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6I...",
    "otp": "123456",
}' <BASE_URL>/api/<VERSION>/auth/verify-otp

Response

The response will include a JSON object with the following properties:

  • status (number): The HTTP status code of the response (e.g., 200 for success).
  • message (string): A message providing additional information about the operation.
  • data (object): An object containing the accessToken, walletToken and isWalletCreated.
  • data.isWalletCreated (bool): A boolean value to determine whether the wallet is already created or not.
  • data.refreshToken (string): A string contains the refresh token which will be used for generating the new walletToken after every wallet operation executed.
  • data.walletToken (string): the wallet token access used to access the wallet operations.

Example Response

below is an example response if the users successfully verified the OTP but they have not created any wallet yet

{
    "status": 200,
    "message": "ok",
    "data": {
        "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6.....",
        "isWalletCreated": false
    }
}

below is an example response if the users successfully verified the OTP and they have already created their wallets

📝

This response only works on v2

{
    "status": 200,
    "message": "ok",
    "data": {
        "refreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6.....",
        "walletToken": "eyJhbfsf838JsjFyhsmmfjsHWEyuI1NasdaJ9.eyJpZCI6.....",
        "isWalletCreated": true
    }
}