π± Phone Number β Verify Code API #
Gateway Path: /User/phone-number/verify
Service: Authentication & Authorization
Method: POST
Auth: Bearer token in Authorization
header
1) π Overview & Purpose #
Validates a one-time SMS code and marks the userβs phone number as verified.
This enables features that require a verified phone
2) π Endpoint Definition #
HTTP: POST /User/phone-number/verify
Headers #
-
Authorization: Bearer <token>
β valid access token -
Content-Type: application/json
Request Body (example) #
Fields #
-
id (integer, required, int32) β User identifier. Range:
1..2147483647
-
code (string, required) β Non-empty SMS verification code
3) π‘ Responses #
β 3.1 Success β 200 OK #
Phone marked as verified.
Body: none (the service may optionally return a minimal confirmation object).
β οΈ 3.2 Validation Error β 400 Bad Request #
Typical cases:
-
Missing/empty
code
-
Incorrect/expired
code
β 3.3 Server Error β 500 Internal Server Error #
Unexpected failure.
Body: usually empty (use traceId
/logs for diagnostics).
4) π‘ Validation Rules #
-
id: required; integer in
1..2147483647
-
code: required; non-empty; must match the latest issued code; not expired/used
-
Throttling: repeated failures may be temporarily blocked per policy
5) π» Examples #
5.1 cURL #
5.2 C# (.NET) #
6) π Sequence #
-
Client β API Gateway:
POST /User/phone-number/verify
(Bearer, JSON body) -
Gateway β Auth: Validate token
-
Gateway β Verification Service: Validate code (match + TTL + attempt count)
-
Verification Service β User Store: Mark phone as verified
-
Gateway β Client:
200 OK
(or400/500
on error)