Verify Token

Verifies the OTP token that the user provides for authentication. In the API request, use the same values for phone_ext, phone, and/or email provided in the Send OTP API request to generate the OTP; otherwise, the Verify Token API request will fail.

For more information, see Advanced Authentication.

Headers

Accept
Type: string
required

Advertises which content types the client is able to understand
Content-Type
Type: string
required

Set this header to application/json
User-Agent
Type: string
required

For details, see User Agent.
punchh-app-device-id
Type: string
required

The app device ID helps Punchh identify each device so that certain rewards can be awarded individually to each device instead of per user. For example, the sign-up reward is given to each device ID to prevent fraudulent sign-ups so that a user cannot do repeated sign-ups from a single device to get rewards. It should not change even if the user resets a device. See the sample code to generate the punchh-app-device-id header.
client-type
Type: string
required

Identifies the type of client making the request. Possible values: external_mobile_app – for mobile applications, online_ordering – for web-based online ordering platforms

Body·

required

application/json

client
Type: string
required

OAuth client ID provided by the business. Required to identify the client application for token verification.
code_verifier
Type: string
required

A random string generated by the client application (e.g., a mobile app). See PKCE Flow for details.
privacy_policy
Type: boolean
required

Indicates whether the user has agreed to the business's privacy policy. Possible values: true, false. This parameter must be set to "true" for a successful API call. If the parameter is not specified or set to "false", the API returns a 422 error with the message: "Please agree on given privacy policy".
terms_and_conditions
Type: boolean
required

Indicates whether the user has accepted the business's terms and conditions. Possible values: true, false. This parameter must be set to "true" for a successful API call. If the parameter is not specified or set to "false", the API returns a 422 error with the message: "Please agree on given terms and conditions".
token
Type: string
required

OTP token
email
Type: string

Email address of the user. Either email or phone is required.
phone_ext
Type: string

Country code of the user's phone number. It should be preceded by a +, i.e. +1 (Country code for the US and Canada).
phone_number
Type: string

Phone number of the user. Either emailor phone is required.

Responses

application/json
application/json
application/json
application/json
application/json

post/api2/password_less/verify

curl https://SERVER_NAME_GOES_HERE/api2/password_less/verify \
  --request POST \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header 'User-Agent: Punchh/OnlineOrder/1.0/Web/BrowserVersion/OS_Type' \
  --header 'punchh-app-device-id: ' \
  --header 'client-type: ' \
  --data '{
  "client": "CLIENT_GOES_HERE",
  "token": "TOKEN_GOES_HERE",
  "phone_ext": "+1",
  "phone_number": "2125554626",
  "code_verifier": "CODE_VERIFIER_GOES_HERE",
  "terms_and_conditions": true,
  "privacy_policy": true
}'

Show Schema

{
  "data": {
    "access_token": "ACCESS_TOKEN_GOES_HERE",
    "token_type": "Bearer",
    "refresh_token": "REFRESH_TOKEN_GOES_HERE",
    "expires_in": 1800
  }
}