コンテンツにスキップ

Send a Direct Auth email code.

POST
/api/v1/auth/direct/email-code/send
Code sample: Shell / cURL
curl --request POST \
--url https://auth.example.com/api/v1/auth/direct/email-code/send \
--header 'Content-Type: application/json' \
--data '{ "client_id": "client_123", "email": "[email protected]", "code_challenge": "rfc7636-code-challenge", "code_challenge_method": "S256", "channel": "browser" }'

Creates an email-code challenge for Direct Auth after validating the client, channel, origin, and requested email identifier. For an eligible explicit email-verification Flow, a valid Email Verification Protocol presentation completes verification without sending a code; missing, unsupported, or invalid presentations use the normal mail-OTP response.

Media type application/json
object
client_id
required
string
email
required
string format: email
code_challenge
required
string
code_challenge_method
required
string
Allowed values: S256
channel
required
string
Allowed values: browser native
scope
string
locale
string
invite_token
string
authorization_challenge_id
string
display_name
string
custom_fields
object
key
additional properties
human_verification_response
string
email_verification_token

Browser-provided Email Verification Protocol SD-JWT presentation. It is accepted only with the matching challenge and runtime interaction.

string
email_verification_challenge_id

Challenge identifier returned by the runtime email-verification endpoint.

string
runtime_interaction_id

Runtime Flow interaction to bind to either OTP or protocol verification.

string
Example
{
"client_id": "client_123",
"email": "[email protected]",
"code_challenge": "rfc7636-code-challenge",
"code_challenge_method": "S256",
"channel": "browser"
}

Successful JSON response.

Media type application/json
One of:
object
attempt_id
required
string
expires_in
required
integer
masked_email
required
string
Example
{
"attempt_id": "attempt_123",
"expires_in": 300,
"masked_email": "u***[email protected]"
}

Error response.

Media type application/json
object
error
string
error_description
string
message
string
webauthn_signal

Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.

object
unknown_credential
boolean
key
additional properties
Example generated
{
"error": "example",
"error_description": "example",
"message": "example",
"webauthn_signal": {
"unknown_credential": true
}
}

Error response.

Media type application/json
object
error
string
error_description
string
message
string
webauthn_signal

Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.

object
unknown_credential
boolean
key
additional properties
Example generated
{
"error": "example",
"error_description": "example",
"message": "example",
"webauthn_signal": {
"unknown_credential": true
}
}

Error response.

Media type application/json
object
error
string
error_description
string
message
string
webauthn_signal

Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.

object
unknown_credential
boolean
key
additional properties
Example generated
{
"error": "example",
"error_description": "example",
"message": "example",
"webauthn_signal": {
"unknown_credential": true
}
}