Skip to main content
POST
/
v1
/
auth
/
verify-otp
Verify OTP code
curl --request POST \
  --url https://api.tybritelabs.com/v1/auth/verify-otp \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "jane.doe@example.com",
  "token": "123456"
}
'
{
  "message": "OTP verified successfully",
  "user": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "email": "jsmith@example.com",
    "email_confirmed": true,
    "created_at": "2023-11-07T05:31:56Z"
  },
  "customer": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "name": "<string>",
    "email": "jsmith@example.com",
    "phone": "<string>",
    "address": "<string>",
    "join_date": "2023-12-25",
    "total_purchases": 123,
    "last_purchase": "2023-11-07T05:31:56Z",
    "created_at": "2023-11-07T05:31:56Z",
    "updated_at": "2023-11-07T05:31:56Z",
    "store_metrics": {
      "total_purchases": 123,
      "total_spent": 123,
      "first_purchase_date": "<string>",
      "last_purchase_date": "<string>",
      "status": "<string>",
      "preferred_store": "<string>"
    }
  },
  "session": {
    "access_token": "<string>",
    "refresh_token": "<string>",
    "expires_in": 123,
    "expires_at": 123
  }
}

Documentation Index

Fetch the complete documentation index at: https://docs.tybritelabs.com/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

API Key Authentication

Use your API key in the Authorization header:

Authorization: Bearer tybrite_sk_live_YOUR_KEY

Key Types:

Secret Keys (Server-Side Only):

  • Format: tybrite_sk_live_* (production) or tybrite_sk_test_* (sandbox)
  • Full read/write access to all endpoints
  • ⚠️ NEVER expose in client-side code or public repositories
  • Required for: write operations, authentication, payment verification, AI recommendations

Publishable Keys (Client-Safe):

  • Format: tybrite_pk_live_* (production) or tybrite_pk_test_* (sandbox)
  • Read-only access (GET requests only, plus POST semantic search)
  • ✅ Safe for client-side JavaScript, mobile apps, and public code
  • Allowed for: browsing products, search, CMS content, pricing queries

Endpoint-Specific Requirements:

  • Authentication endpoints (/v1/auth/*): Secret key required
  • Payment verification (POST /v1/payments/verify): Secret key required
  • AI Recommendations (POST /v1/recommendations): Secret key required
  • Semantic Search (POST /v1/search): Both key types allowed (read-only operation)
  • All write operations: Secret key required
  • All read operations: Both key types allowed

Using a publishable key for restricted operations returns 403 Forbidden.

Body

application/json
email
string<email>
required

Customer email address

Example:

"jane.doe@example.com"

token
string
required

6-digit OTP code

Example:

"123456"

Response

OTP verified successfully

message
string

Success message

Example:

"OTP verified successfully"

user
object
customer
object
session
object