authepy.

Core REST API Primitives

v1.2 API Core

Core REST API Reference

Base URL Endpoint https://api.authepy.com/api

POST /api/otp/request

Dispatch Verification Token

Generates a secure 6-digit numeric verification token, stores its encrypted hash state in volatile edge RAM cache blocks, and dispatches the raw challenge payload to the user's inbox. Public interfaces must strictly enforce payload boundaries to clear the edge gateway firewalls.

Request JSON Parameters

email Required string

The destination verification recipient email address. Payloads undergo strict internal RFC syntax parsing and automated mutation cleanup before validation filters evaluate execution conditions.

cURL Request
curl -X POST https://api.authepy.com/api/otp/request \
  -H "Authorization: Bearer rk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
  "email": "user@example.com"
}'
Success Response
{
  "success": true,
  "message": "Verification code sent successfully.",
  "data": {
    "requestId": "req_1234567890"
  }
}

POST /api/otp/verify

Verify Token Match

Submits an end-user code guess to execute a native cryptographic validation against the transient cache context. This endpoint operates under strict single-use parameters—any verification execution automatically clears the tracking token state from volatile memory to prevent authorization replay vectors.

Request JSON Parameters

requestId Required string

The tracking identifier sequence returned by the initial transaction initialization step.

userGuess Required string

The 6-digit verification code provided by the end-user. Strings are automatically sanitized and whitespace-trimmed prior to execution comparison.

cURL Verify Request
curl -X POST https://api.authepy.com/api/otp/verify \
  -H "Authorization: Bearer rk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
  "requestId": "req_1234567890",
  "userGuess": "123456"
}'
Success Response
{
  "success": true,
  "message": "OTP Verified successfully."
}

Global HTTP Error Matrix

Authepy processes edge exceptions natively via standard semantic HTTP response statuses. Ensure your application layers explicitly parse these schemas.

Status Code Perimeter Rationale & Validation Scenarios
400 Bad Request The payload format is structurally malformed, misses required variables, or contains an incorrect verification code token sequence.
401 Unauthorized Authorization authentication headers are absent, expired, or contain an invalid security credential signature layout hash.
402 Payment Required The tenant has reached the cumulative volumetric limit for their billable tier allocation window.
403 Forbidden Triggered by origin host validation domain mismatches, active IP security blocks, or temporary blacklisted burner networks.
413 Payload Too Large The raw incoming request body length explicitly breaks the edge network firewall boundary configuration.
429 Too Many Requests Velocity threshold boundaries are reached for either single destination targets or incoming source station footprints.
502 Bad Gateway The transaction processed perfectly but encountered downstream provider-level routing bottlenecks.