post-user

Verify Token

Verifies the OTP token that the user provides for authentication. In the API request, use the same values for phone_ext, phone, and/or email provided in the Send OTP API request to generate the OTP; otherwise, the Verify Token API request will fail.

For more information, see Advanced Authentication.

Headers
  • Accept
    Type: string
    required

    Advertises which content types the client is able to understand

  • Content-Type
    Type: string
    required

    Set this header to application/json

  • User-Agent
    Type: string
    required

    For details, see User Agent.

  • punchh-app-device-id
    Type: string
    required

    The app device ID helps Punchh identify each device so that certain rewards can be awarded individually to each device instead of per user. For example, the sign-up reward is given to each device ID to prevent fraudulent sign-ups so that a user cannot do repeated sign-ups from a single device to get rewards. It should not change even if the user resets a device. See the sample code to generate the punchh-app-device-id header.

  • client-type
    Type: string
    required

    Identifies the type of client making the request. Possible values: external_mobile_app – for mobile applications, online_ordering – for web-based online ordering platforms

Body
application/json
  • client
    Type: string
    required

    OAuth client ID provided by the business

  • code_verifier
    Type: string
    required

    A random string generated by the client application (e.g., a mobile app). See PKCE Flow for details.

  • email
    Type: string

    Email address of the user. Either email or phone is required.

  • phone_ext
    Type: string

    Country code of the user's phone number. It should be preceded by a +, i.e. +1 (Country code for the US and Canada).

  • phone_number
    Type: string

    Phone number of the user. Either emailor phone is required.

  • privacy_policy
    Type: boolean
    required

    Indicates whether the user has agreed to the business's privacy policy. Possible values: true, false. This parameter must be set to "true" for a successful API call. If the parameter is not specified or set to "false", the API returns a 422 error with the message: "Please agree on given privacy policy".

  • terms_and_conditions
    Type: boolean
    required

    Indicates whether the user has accepted the business’s terms and conditions. Possible values: true, false. This parameter must be set to "true" for a successful API call. If the parameter is not specified or set to "false", the API returns a 422 error with the message: "Please agree on given terms and conditions".

  • token
    Type: string
    required

    OTP token

Responses
  • 200
    Type: object
    • data
      Type: token
  • 400
    Type: object
    • errors
      Type: object
  • 412
    Type: object
    • errors
      Type: object
  • 422
    Type: object
    • errors
      Type: array string[]
  • 503
    Type: object
post/api2/password_less/verify
{
  "data": {
    "access_token": "string",
    "refresh_token": "string",
    "id_token": "string",
    "expires_in": 1,
    "token_type": "string"
  }
}

OK