Verify - Deriv Core API

Allows users to verify their email or phone number using a one-time password (OTP) received via email or SMS. Upon successful verification, the API generates an access token that users can use for authentication in subsequent requests.

curl --location --request POST 'https://api-core.deriv.com/v1/verify' \ --header 'x-client-id: {{RL_EXCLUSION_KEY}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "token": "123456", "type": "email", "email": "Ca**************@******.com" }'

{ "data": [ { "access_token": "eyJhbGciOiJIUzI****************************************************************************************************************************************************************************************************************************************I1cGEOaZ13to", "token_type": "bearer", "expires_in": 604800, "expires_at": 1732505323, "refresh_token": "-N1Egwc3********************5jMDwA", "user": { "id": "a74a57ee-*****-****-****-86022****7026", "aud": "authenticated", "role": "authenticated", "email": "mo******************@********.com", "email_confirmed_at": "2024-11-18T03:28:43.696546Z", "phone": "", "confirmation_sent_at": "2024-11-18T03:25:32.373435Z", "confirmed_at": "2024-11-18T03:28:43.696546Z", "last_sign_in_at": "2024-11-18T03:28:43.703608Z", "app_metadata": { "provider": "email", "providers": [ "email" ] }, "user_metadata": { "email": "mo******************@********.com", "email_verified": false, "phone_verified": false, "sub": "a74a57ee-*****-****-****-86022****7026" }, "identities": [ { "identity_id": "0a478d07-****-*****-****-b373****ae5", "id": "a74a57ee-*****-****-****-86022****7026", "user_id": "a74a57ee-*****-****-****-86022****7026", "identity_data": { "email": "mo******************@********.com", "email_verified": false, "phone_verified": false, "sub": "a74a57ee-*****-****-****-86022****7026" }, "provider": "email", "last_sign_in_at": "2024-11-18T03:25:32.36801Z", "created_at": "2024-11-18T03:25:32.36807Z", "updated_at": "2024-11-18T03:25:32.36807Z", "email": "mo******************@********.com" } ], "created_at": "2024-11-18T03:25:32.359527Z", "updated_at": "2024-11-18T03:28:43.859926Z", "is_anonymous": false } } ], "meta": { "endpoint": "/verify", "method": "POST", "timing": 419 } }

Request

Header Params

x-client-id

string

optional

Optional only required for internal systems referrence.

Default:

Body Params application/json

token

string

required

The 6-digit OTP received via email or SMS.

type

enum<string>

required

Specifies the verification method used. Possible values:

"email": Verify using an email OTP.

"phone": Verify using an SMS OTP.

Allowed values:

emailphone

Example:

string

optional

A valid email address. Required only if type is "email". Do not provide phone if this is used

Example:

user@example.com

phone

string

optional

A valid phone number. Required only if type is "phone". Do not provide email if this is used.

Example:

+1234567890

Examples

Responses

🟢200Success

application/json

Body

data

array [object {6}]

optional

An array containing the authentication information for the user.

access_token

string

optional

The access token used for authenticated requests to the API.

token_type

string

optional

The type of the token provided, typically 'bearer'.

expires_in

integer

optional

The number of seconds after which the access token will expire.

expires_at

integer

optional

The timestamp (in Unix format) when the access token will expire.

refresh_token

string

optional

The refresh token used to obtain a new access token once the current one expires.

user

object

optional

An object containing the details of the authenticated user.