# Authenticate with Mobile OTP

If the user is not logged in, you must verify their identity using a one-time password (OTP). Once verified, you can authenticate the user and obtain a token.

## Send OTP verification Code

<mark style="color:green;">`POST`</mark> `/api.moojo.id/send-verification-code`

**Headers**

| Name         | Value                               |
| ------------ | ----------------------------------- |
| Content-Type | `application/json`                  |
| x-api-key    | `Your API KEY as provided by Moojo` |

**Body**

| Name          | Type   | Description                    |
| ------------- | ------ | ------------------------------ |
| `phoneNumber` | string | The mobile number of the user. |

**Request example**

{% tabs %}
{% tab title="Body" %}
{% code overflow="wrap" %}

```json
{
    "phoneNumber": "+1(555)987-6543"
}
```

{% endcode %}
{% endtab %}
{% endtabs %}

**Response example**

{% tabs %}
{% tab title="200" %}

```json
{
    "status": "success",
    "traceId": "40a906a6-6b44-481a-98ca-a73655fee0e2",
    "data": {
        "verificationId": "23bf767fe5472279ce72a01d110bf84b75d5e7480d7a04d0000000"
    }
}
```

{% endtab %}
{% endtabs %}

After the user receives the verification code, use the OTP authentication endpoint as outlined below:

## Authenticate a user with OTP

<mark style="color:green;">`POST`</mark> `/api.moojo.id/user/authenticate`

If the user is already authenticated in your agent or application, you can use their JWT to authenticate them with **moojoᴵᴰ** as well. This ensures that the user is seamlessly connected to their universal identity, along with any previously collected data.

**Headers**

| Name         | Value                               |
| ------------ | ----------------------------------- |
| Content-Type | `application/json`                  |
| x-api-key    | `Your API KEY as provided by Moojo` |

**Body**

| Name               | Type   | Description                                                                                                                                              |
| ------------------ | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `idType`           | string | <p>Specifies the type of identity being used for the OTP. Currently, only mobile SMS is supported.<br><br>use "<strong>smsVerificationCode</strong>"</p> |
| `phoneNumber`      | String | The mobile number of the user.                                                                                                                           |
| `verificationCode` | String | The verification code as received by the user                                                                                                            |

**Request example**

{% tabs %}
{% tab title="Body" %}
{% code overflow="wrap" %}

```json
{
    "idType": "smsVerificationCode",
    "phoneNumber": "+1(555)987-6543",
    "verificationCode": "133575"
}
```

{% endcode %}
{% endtab %}
{% endtabs %}

**Response example**

{% tabs %}
{% tab title="200" %}

```json
{
    "status": "success",
    "traceId": "ce194afc-fe80-4cf9-a174-3e3256760ec8",
    "data": {
        "token":"6c0350a00925b9bbd3408a4e382c2790aa92accff189e7735fdf2a3d4dc67b08",
        "expiresAtIso8601":"2025-02-16T15:12:52.555Z",
        "publicUserId":"a6e8f837-2f6b-478c-a007-82989d000000",
        "publicKey":"0x0288f8935f7669832d4f5ae90c43d550e80f93420da7178019f89e0b00dfb0a000"
    }
}
```

{% endtab %}
{% endtabs %}

Upon successful authentication, a **valid token** is issued with a **2-hour expiration** period. \
This token can be used for any user-related API calls.