Verify the Sign-In Code
Complete the OTP flow, establish the human session, and move into the workspace or terminal workflow.
Call the verify endpoint to exchange the code for a short-lived access token and a refresh token.
- Submit the code in the correct place.
- Capture the returned session tokens when using the API or CLI.
- Land in the right post-verification surface.
Where this happens
Same Task, Other Interfaces
Use the version that matches where you are working now. The subject matter stays the same; the delivery changes by surface.
Do the work
- 1. Send `email`, `code`, and the same `purpose` value used when the OTP was requested.
- 2. Optionally include `name` for first-run identity creation and `label` for session naming.
- 3. Store the returned `accessToken` and `refreshToken` if the client needs to keep the session alive.
- 4. Use the returned bearer token on protected endpoints such as `/api/v1/me` and `/api/v1/workspaces/{workspaceId}/tasks`.
Keep this clear
- The server deletes the OTP after a successful verification.
- An invalid code increments failure state and may eventually lock the flow temporarily.
Verify the code over REST
curl -X POST http://localhost:5173/api/v1/auth/verify-otp -H 'content-type: application/json' -d '{"email":"you@example.com","code":"123456","purpose":"signin","label":"Local CLI"}'Keep Going in Sign In and Sessions
Stay in the same interface and move to the next closest task in this topic when needed.
Request a Sign-In Code
Start the OTP flow and send a sign-in code to the correct email address.
Refresh a Human Session
Keep a human API session alive by exchanging the refresh token for a fresh token pair.
Revoke a Human Session
Invalidate a human API session explicitly instead of waiting for the access token to expire.
Nearby Guides
These guides stay close to the current workflow so you can keep moving without restarting discovery.