> ## Documentation Index
> Fetch the complete documentation index at: https://docs.baanx.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Send OTP Code

> Send one-time password code to user's phone for two-factor authentication

## Overview

Send an OTP (one-time password) code to the user's registered phone number. This endpoint is called when:

1. `POST /v1/auth/login` returns `isOtpRequired: true`
2. User needs two-factor authentication for login
3. You need to resend an expired OTP code

The OTP code is typically 6 digits and expires after a few minutes.

## Request

### Body

<ParamField body="userId" type="string" required>
  User's unique identifier from login response

  **Format**: UUID

  **Example**: `b6b9168c-bb56-4c6a-9c0d-4650ea74f5f9`
</ParamField>

## Response

```json theme={null}
{
  "success": true
}
```

## Code Examples

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST "https://dev.api.baanx.com/v1/auth/login/otp" \
    -H "x-client-key: your-client-key" \
    -H "Content-Type: application/json" \
    -d '{"userId": "b6b9168c-bb56-4c6a-9c0d-4650ea74f5f9"}'
  ```

  ```javascript Complete OTP Flow theme={null}
  async function loginWithOTP(email, password) {
    // Step 1: Initial login attempt
    let response = await fetch('https://dev.api.baanx.com/v1/auth/login', {
      method: 'POST',
      headers: {
        'x-client-key': 'your-client-key',
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({ email, password })
    });

    let data = await response.json();

    // Step 2: If OTP required, send code
    if (data.isOtpRequired) {
      await fetch('https://dev.api.baanx.com/v1/auth/login/otp', {
        method: 'POST',
        headers: {
          'x-client-key': 'your-client-key',
          'Content-Type': 'application/json'
        },
        body: JSON.stringify({ userId: data.userId })
      });

      console.log(`OTP sent to ${data.phoneNumber}`);

      // Step 3: Get OTP from user and retry login
      const otpCode = await getOTPFromUser();

      response = await fetch('https://dev.api.baanx.com/v1/auth/login', {
        method: 'POST',
        headers: {
          'x-client-key': 'your-client-key',
          'Content-Type': 'application/json'
        },
        body: JSON.stringify({ email, password, otpCode })
      });

      data = await response.json();
    }

    return data.accessToken;
  }
  ```
</CodeGroup>

<Warning>
  OTP codes expire after a few minutes. Implement a "Resend Code" button that calls this endpoint again.
</Warning>