View Categories

Verify the phone number

3 min read

Table of Contents

Phone Number — Verify Code API #

Gateway Path: /User/phone-number/verify
Service: Authentication & Authorization
Method: POST
Auth: Bearer token in Authorization header

1) Overview & Purpose #

Validates a one-time SMS code and marks the user’s phone number as verified.
This enables features that require a verified phone

2) Endpoint Definition #

HTTP: POST /User/phone-number/verify

Headers #

  • Authorization: Bearer <token> — valid access token

  • Content-Type: application/json

Request Body (example) #

Copy Code 


{
    "id": 2025,
    "code": "714982"
}

Fields #

  • id (integer, required, int32) — User identifier. Range: 1..2147483647

  • code (string, required) — Non-empty SMS verification code

3) Responses #

3.1 Success — 200 OK #

Phone marked as verified.
Body: none (the service may optionally return a minimal confirmation object).

3.2 Validation Error — 400 Bad Request #

Typical cases:

  • Missing/empty code

    Copy Code 
    

    {
    "errors": {
        "Code": [
            "The Code field is required."
        ]
    },
    "title": "One or more validation errors occurred.",
    "status": 400,
    "type": "https://tools.ietf.org/html/rfc7231#section-6.5.1",
    "traceId": "00-...-..."
}

  • Incorrect/expired code

    Copy Code 
    

    {
    "errors": {
        "Error": [
            "Invalid code."
        ]
    },
    "title": "Bad Request",
    "status": 400,
    "type": "https://tools.ietf.org/html/rfc7231#section-6.5.1",
    "traceId": "00-...-..."
}

3.3 Server Error — 500 Internal Server Error #

Unexpected failure.
Body: usually empty (use traceId/logs for diagnostics).

4) Validation Rules #

  • id: required; integer in 1..2147483647

  • code: required; non-empty; must match the latest issued code; not expired/used

  • Throttling: repeated failures may be temporarily blocked per policy

5) Examples #

5.1 cURL #

Copy Code 


curl -X POST "https://api-test.10npay.com/User/phone-number/verify"  -H "Authorization: Bearer <YOUR_SECRET_TOKEN>"  -H "Content-Type: application/json"  -d '{"id":2025,"code":"714982"}' -i

5.2 C# (.NET) #

Copy Code 


using System.Net.Http; using System.Net.Http.Headers; var req = new HttpRequestMessage(HttpMethod.Post, "https://api-test.10npay.com/User/phone-number/verify"); req.Headers.Authorization = new AuthenticationHeaderValue("Bearer", "<YOUR_SECRET_TOKEN>"); req.Content = new StringContent("{"id":2025,"code":"714982"}"); req.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json"); using var http = new HttpClient(); using var res = await http.SendAsync(req); res.EnsureSuccessStatusCode(); // 200 OK on success
5.3 JavaScript (fetch)
Copy Code 


await fetch("https://api-test.10npay.com/User/phone-number/verify", { method: "POST", headers: { Authorization: "Bearer <YOUR_SECRET_TOKEN>", "Content-Type": "application/json" }, body: JSON.stringify({ id: 2025, code: "714982" }) }); // Expect 200 OK

6) Sequence #

  1. Client → API Gateway: POST /User/phone-number/verify (Bearer, JSON body)

  2. Gateway → Auth: Validate token

  3. Gateway → Verification Service: Validate code (match + TTL + attempt count)

  4. Verification Service → User Store: Mark phone as verified

  5. Gateway → Client: 200 OK (or 400/500 on error)

What are your Feelings