Send a Direct Auth email code.
curl --request POST \ --url https://auth.example.com/api/v1/auth/direct/email-code/send \ --header 'Content-Type: application/json' \ --data '{ "client_id": "client_123", "email": "[email protected]", "code_challenge": "rfc7636-code-challenge", "code_challenge_method": "S256", "channel": "browser" }'Creates an email-code challenge for Direct Auth after validating the client, channel, origin, and requested email identifier. For an eligible explicit email-verification Flow, a valid Email Verification Protocol presentation completes verification without sending a code; missing, unsupported, or invalid presentations use the normal mail-OTP response.
Request Body required
Section titled “Request Body required ”object
object
Browser-provided Email Verification Protocol SD-JWT presentation. It is accepted only with the matching challenge and runtime interaction.
Challenge identifier returned by the runtime email-verification endpoint.
Runtime Flow interaction to bind to either OTP or protocol verification.
Example
{ "client_id": "client_123", "code_challenge": "rfc7636-code-challenge", "code_challenge_method": "S256", "channel": "browser"}Responses
Section titled “ Responses ”Successful JSON response.
object
object
Example
{ "attempt_id": "attempt_123", "expires_in": 300,}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}